[ http://jira.codehaus.org/browse/MNG-671?page=comments#action_71127 ] Brett Porter commented on MNG-671: ----------------------------------
thanks for this. It is looking quite good! Here is my feedback on the patches: - maven-settings cannot be made to depend on maven-project (it's a circular dependency). It already depends on maven-model, and AFAICT that is sufficient for the patch. - rather than "licenseApprovals" I'd probably name it "approvedLicenses". - the ASLv2 should be in the list of approved licenses by default - we should have a setting that turns off these prompts altogether (or perhaps we should just have a more generous set of defaults) - we perhaps should have an "unapproved licenses" setting as well for those that are fobidden. - maven-artifact-manager can't depend on maven-project (again, circular). I don't see where in the patch this is necessary either. - I actually saw this as a function of the resolver (as each dependency is downloaded, the license is checked), rather than the installer. Do you think it is necessary to validate on the project currently being built? If so, it may be better to just check in the project loader itself. - regardless, I think this code should be a separate plexus component (ie, its own class with an interface) - instead of instantiating the prompter with "new DefaultPrompter()", it should be a plexus requirement (a field of the class using it, wired up using META-INF/plexus/components.xml - you should see existing examples in that file) - I think " if ( !settings.isInteractiveMode() ) return;" should instead fail, but only if the license check would have. Of course, it gets more complicated the more we delve into it - for example, it might be ok to run a plugin with a certain license, but not use a dependency. For now, I'd be restricting this to dependency checks. On your questions: - for accessing the maven project and settings - it depends on when and where it was used. I believe we will need to expand the resolver API to accomodate this functionality if that is where it is done (Though I think the project is already available there) - persisting settings via the writer is correct, but the tricky thing is determining the correct place to write it (there are two places settings are read from, and it can be modified by a command line parameter. I'd be modifying the one in the user home directory, or the command line if it was sent. I'm not sure how to programmatically determine that without digging into it at this point I'm going to post this for discussion on the [EMAIL PROTECTED] list. > implement a license clickthrough > -------------------------------- > > Key: MNG-671 > URL: http://jira.codehaus.org/browse/MNG-671 > Project: Maven 2 > Issue Type: New Feature > Reporter: Brett Porter > Fix For: 2.1 > > Attachments: maven-artifact-manager-patch.txt, > maven-settings-patch.txt > > > we need some basic license acceptance policy for downloadable artifacts. For > now, this can just be a Y/N that is saved forever. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
