tbroyer
commented
3 weeks ago Out of curiosity, what tool will flag the plugin for having no license?
Open yogurtearl opened 3 weeks ago
tbroyer
commented
3 weeks ago Out of curiosity, what tool will flag the plugin for having no license?
yogurtearl
commented
3 weeks ago Out of curiosity, what tool will flag the plugin for having no license?
any/all? depending on how the tool is configured, these OSS tools generally assume it is copyrighted and proprietary with no license granted for use.
some possible examples:
tbroyer
commented
3 weeks ago Do they really check build dependencies by default? (the first one doesn't at least) And is that really a global problem or more one for very strict environments? (or are you building and distributing a plugin that has this plugin as a dependency?)
(I mean, I'll do it as it should be easy, but am trying to understand the full story)
yogurtearl
commented
3 weeks ago The OSS license compliance solutions that operate at the repo proxy level will block unlicensed deps.
i.e. if you have a OSS compliance solution on an internal maven-proxy.mycorp.com it will block unknown licenses, denylist licenses and artifacts with no license.
The internal proxy doesn't know if the dep was a build dep or a production dep.
tbroyer
commented
6 days ago Fyi, plugin marker artifacts won't have license information no matter what projects do, until Gradle fixes https://github.com/gradle/plugin-portal-requests/issues/212
JakeWharton
commented
6 days ago That's only true for those which are published to the portal. Ones on standard places like Maven central contain them like any other artifact.
Add license info to all the poms published by this repo.
e.g. (and an any other publish poms)
See https://maven.apache.org/pom.html#Licenses
Else this gets flagged for having no license.