+1 (non binding) from me in the current form. I have tested on Linux (Fedora 30) + jdk8 (1.8.0_222, vendor: AdoptOpenJDK)
The licensing issue can be addressed in a new release, we have ideas and we are working on it. In my opinion it is not good to block this release. Wagon Http is used and distributed directly in Maven Core and we can fix LICENSE/NOTICE files in the zip/tars of Maven Core in 3.6.3 or even 3.6.4 Enrico Il giorno mer 6 nov 2019 alle ore 07:48 Enrico Olivelli <[email protected]> ha scritto: > Thank you Vladimir. > This problem affects Maven core binary package, as you already reported. > > For the source release we do not have a real problem as we did not > copy/paste Jsoup code. > > For binary release (that actually is not part of the official VOTE), the > jar we are deploying to Maven central, I think we can only bundle the > LICENSE file of Jsoup inside the jar such LICENSE file includes the NOTICE > we are talking about. > > This is really some task we should document in maven shade plugin website, > or at least mention that whoever embeds another library to handle this kind > of problem > > I wonder if we could enhance the pom in the future to report machiene > readable statements like 'the artifact will include a binary copy of this > other third party pom' > (I apologize, I don't want to pollute the vote thread, but this is somehow > related) > Enrico > > Il mer 6 nov 2019, 00:38 Tibor Digana <[email protected]> ha scritto: > >> The MIT license can be included in the project >> https://www.apache.org/legal/resolved.html >> Are we talking about the file /META-INF/DEPENDENCIES in JAR? >> >> On Tue, Nov 5, 2019 at 8:10 PM Vladimir Sitnikov < >> [email protected]> wrote: >> >> > > Staging repo: >> > > https://repository.apache.org/content/repositories/maven-1535/ >> > >> > -1 since >> > >> > >> https://repository.apache.org/content/repositories/maven-1535/org/apache/maven/wagon/wagon-http/3.3.4/wagon-http-3.3.4-shaded.jar >> > violates licensing terms for the third-party code. >> > One of the violations is org.jsoup:jsoup. >> > >> > I know releases may not be vetoed ( >> > https://www.apache.org/foundation/voting.html#ReleaseVotes ) >> > However, there's >> > >> > > http://www.apache.org/legal/release-policy.html#licensing >> > >Every ASF release MUST comply with ASF licensing policy. This >> requirement >> > is of utmost importance >> > >> > Vladimir >> > >> >
