如何将许可证元数据添加到 Maven 依赖项?
当我向我的 Maven 项目添加依赖项时,我喜欢添加一些注释来表明它是什么,以及它是在什么许可证下发布的,例如:
<!-- XML parser -->
<!-- Apache License, Version 2.0 -->
<dependency>
<groupId>xerces</groupId>
<artifactId>xercesImpl</artifactId>
<version>2.9.1</version>
<scope>compile</scope>
</dependency>
我主要关心的是能够检查(目前手动)许可证所有这些都彼此兼容。 pom.xml 文档 指出:
请注意,项目应仅列出可能直接应用于该项目的许可证,而不列出应用于该项目依赖项的许可证。
有没有更好的方法来捕获这些元数据?也许有一种方法可以“覆盖”依赖项 POM 中缺少的
When I add a dependency to my maven projects, I like to add some comments to indicate what it is, and what license it's released under, for example:
<!-- XML parser -->
<!-- Apache License, Version 2.0 -->
<dependency>
<groupId>xerces</groupId>
<artifactId>xercesImpl</artifactId>
<version>2.9.1</version>
<scope>compile</scope>
</dependency>
My main concern is being able to check (manually, for now) that the licenses are all compatible with one another. The pom.xml documentation states:
Note that a project should list only licenses that may apply directly to this project, and not list licenses that apply to this project's dependencies.
Is there a better way to capture this metadata? Maybe a way to "override" the <licenses> information from a dependency's POM if it's missing?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
首先,你不能覆盖 pom 的许可证部分,因为它不是继承的 。其次,您可以使用 Maven-Licenses-Verifier-Plugin (可通过 Maven Central 获得)它将为您处理这种情况,此外您还可以生成有关该情况的报告(示例)。
First of all you can't overwrite the licenses part of a pom, cause it's not inherited. Secondly you can automatically check the licenses of your dependencies using the Maven-Licenses-Verifier-Plugin (available via Maven Central) which will handle such a situation for you and furthermore you can generate a report about that (Example).
如果我理解正确的话, Maven 远程资源插件 和 License Maven Plugin 声称是能够做到这一点。
我今天一直在使用 License Maven 插件,按照他们的说明,我可以生成一份许可证报告,指示缺少哪些许可证。然后我可以添加缺少的许可证并获取有关项目中所有许可证的报告。然而,我确实希望在生成站点时可以使用此信息,但是缺少第三方依赖项的许可证信息。能够添加新许可证的 URL 或依赖项本身的 URL(此信息也包含在站点报告中)也很有用。
我查看了 khmarbaise 编写的用于验证是否项目中使用了依赖项,但这无助于解决缺少许可证的问题。
If I understand correctly, the Maven Remote Resources Plugin and the License Maven Plugin claim to be able to do this.
I have been working with the License Maven Plugin today and following their instructions I can generate a license report that indicates which licenses are missing. Then I can add the missing licenses and get a report on all the licenses in the project. However really I would like this information to be available when I generate the site, but there the license information for the third party dependencies is missing. It would also be useful to be able to add URLs for new licenses or URLs for the dependencies themselves (this information is also included in the site report).
I took a look at the plugin khmarbaise wrote for verifying if the dependencies used in a project but this does not help solve the problem of missing licenses.