Il giorno mer 6 nov 2019 alle ore 09:03 Vladimir Sitnikov < [email protected]> ha scritto:
> Enrico>(I apologize, I don't want to pollute the vote thread, but this is > somehow > related) > > I've altered the subject. > > Enrico> For binary release (that actually is not part of the official VOTE) > > I'm not a lawyer, but: > > > http://www.apache.org/legal/release-policy.html#what > > WHAT IS A RELEASE? > > Releases are, by definition, anything that is published beyond the group > that owns it > > > > > http://www.apache.org/legal/release-policy.html#what-must-every-release-contain > > Every ASF release must comply with ASF licensing policy > > release-policy.html does not make a distinction between "part of the > official vote" and "not a part of the official vote". > It just stays "whatever is released must comply with ASF licensing policy". > Totally agree > > In other words, the VOTE thread looks to me like "we are about to release > Apache Maven Wagon, please check the artifacts". > -shaded artifact is a part of the release (because it is "anything that is > published beyond the group that owns it"), > and -shaded does not comply with jsoup's license ==> I suggest that there's > an "utmost importance" issue with the artifacts. > > >I wonder if we could enhance the pom in the future to report machiene > >readable statements like 'the artifact will include a binary copy of this > >other third party pom' > > That would be nice. I'm not sure everything comes from a pom though. > For instance, -shaded, -sources, -javadoc and other "classifier-based > artifacts" miss their respective poms. > However, they all might re-distribute different third-party dependencies. > Yes, it is not so simply as I said. > > Then people do not always consume artifacts as jar/pom files. > For instance, apache-maven-3.6.2-bin.zip does not have a pom file. > > In my opinion, the licensing conditions should be embedded into each > archive if that is possible. > I think this is the only viable option nowadays > > There's spdx.org effort, however, I don't think it is ready for use. > > Vladimir > Thanks Enrico
