Thank you Vladimir. This problem affects Maven core binary package, as you already reported.
For the source release we do not have a real problem as we did not copy/paste Jsoup code. For binary release (that actually is not part of the official VOTE), the jar we are deploying to Maven central, I think we can only bundle the LICENSE file of Jsoup inside the jar such LICENSE file includes the NOTICE we are talking about. This is really some task we should document in maven shade plugin website, or at least mention that whoever embeds another library to handle this kind of problem I wonder if we could enhance the pom in the future to report machiene readable statements like 'the artifact will include a binary copy of this other third party pom' (I apologize, I don't want to pollute the vote thread, but this is somehow related) Enrico Il mer 6 nov 2019, 00:38 Tibor Digana <[email protected]> ha scritto: > The MIT license can be included in the project > https://www.apache.org/legal/resolved.html > Are we talking about the file /META-INF/DEPENDENCIES in JAR? > > On Tue, Nov 5, 2019 at 8:10 PM Vladimir Sitnikov < > [email protected]> wrote: > > > > Staging repo: > > > https://repository.apache.org/content/repositories/maven-1535/ > > > > -1 since > > > > > https://repository.apache.org/content/repositories/maven-1535/org/apache/maven/wagon/wagon-http/3.3.4/wagon-http-3.3.4-shaded.jar > > violates licensing terms for the third-party code. > > One of the violations is org.jsoup:jsoup. > > > > I know releases may not be vetoed ( > > https://www.apache.org/foundation/voting.html#ReleaseVotes ) > > However, there's > > > > > http://www.apache.org/legal/release-policy.html#licensing > > >Every ASF release MUST comply with ASF licensing policy. This > requirement > > is of utmost importance > > > > Vladimir > > >
