Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Licensing Situation #574

Open
javahippie opened this issue Nov 7, 2024 · 4 comments
Open

Licensing Situation #574

javahippie opened this issue Nov 7, 2024 · 4 comments

Comments

@javahippie
Copy link

Hi,

I'm wondering about the license of the modules in this repository. The LICENSE file in the project root seems to be related to a BSD License, although it is not explicitly called that.

Some files in the repository are additonally licensed under Apache 2.0 license via source headers, e.g. hyperjaxb/ejb/schemas/customizations/src/main/resources/config/maven-checks.xml or hyperjaxb/src/main/resources/config/maven-checks.xml
@rdmueller
Copy link
Collaborator

aren't both licences quite open and free? I'm sure it would have been in Alexey's interest for everyone to be able to use this software however they wanted.

@mattrpav
Copy link
Collaborator

mattrpav commented Nov 7, 2024

@javahippie are you requesting all licenses used to be listed in the LICENSE file?

@javahippie
Copy link
Author

javahippie commented Nov 7, 2024
edited
Loading

@rdmueller Yes, both licenses are pretty permissable :)

@mattrpav Thanks for the question, I realized I should have put more time into writing this issue, let me try again:

The LICENSE Text in the repository does not seem to adhere to (or explicitly mention) a standard license, although it seems to be a part of the FreeBSD license.

In the Maven central repo the license is listed as "BSD-Style License", and when using license scanning tools like trivy on a Java project, the license is mentioned as "Non Standard", which would be flagged by most licensing tools. While checking for source headers I saw these files mentioned under Apache License 2.0, which is not noted in the packaged artefacts and cannot be caught by license scanners.

As both licenses are pretty open, as @rdmueller already mentioned, this should not be a big issue, but if we wanted to include an SBOM or a similar list of dependencies with versions, we might not necessarily tell the whole truth, if I interpret the handling of OSS licenses correctly

@mattrpav
Copy link
Collaborator

mattrpav commented Nov 7, 2024
edited
Loading

@javahippie that makes sense. This code base has been heavily modified and refactored since the new maintainers have taken over. I believe it is reasonable that we now have forked work and level-setting the license across the repo would be a good housekeeping item. I've kicked up a conversation with the maintainers and we'll make a task to level licensing notice and headers across the code base.

dev task: #575

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mattrpav @rdmueller @javahippie