Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add LICENSE and NOTICE to binary distribution #874

Closed
b-abel opened this issue Oct 14, 2024 · 4 comments
Closed

Add LICENSE and NOTICE to binary distribution #874

b-abel opened this issue Oct 14, 2024 · 4 comments
Assignees
@odrotbohm
Labels
in: infrastructure Build / CI / Release type: improvement Minor improvements
Milestone
1.3 RC1

Comments

@b-abel
Copy link

b-abel commented Oct 14, 2024

The license file does not contain the Copyright owner (and years). It only contains the placeholder Copyright [yyyy] [name of copyright owner]. This causes compliance check tools (e.g. https://www.mend.io) to fail.
@odrotbohm
Copy link
Member

I see Framework, Boot and Security use a slightly different placeholder (Copyright {yyyy} {name of copyright owner}). Does the tool bark on that as well? I'm unsure about the request in general, as even projects of the Apache foundation itself use these placeholders? Maybe it's rather something to report to the tool vendor?

@odrotbohm odrotbohm self-assigned this Oct 14, 2024
@odrotbohm odrotbohm added in: infrastructure Build / CI / Release meta: waiting for feedback Waiting for feedback of the original reporter labels Oct 14, 2024
@b-abel
Copy link
Author

b-abel commented Oct 14, 2024

Hi @odrotbohm , thank you for looking at the issue. It is not clear to me how the tool acquires its information. For Spring Boot it contains copyright information and references the file https://github.com/spring-projects/spring-boot/blob/fadd05412e0c16493430978a72ca2f44b232d68f/buildSrc/src/main/resources/NOTICE.txt
But this is a completely different approach to checking the license file. There is different information for the Spring framework. It looks like the data was entered manually.
I'm not sure how to proceed with this. On the one hand, my naive understanding of the Apache 2.0 license template is that the copyright should be added to the license file. On the other hand, I see that no one seems to be doing this.

@odrotbohm
Copy link
Member

I am assuming the scanner is rather looking at the binaries included in your project, and we don't ship LICENSE and NOTICE with those. How quickly could you provide feedback on this? I'm going to add the files, and they'll be available in the 1.3 snapshots shortly.

@odrotbohm odrotbohm changed the title Missing Copyright in License Add LICENSE and NOTICE to binary distribution Oct 14, 2024
@odrotbohm odrotbohm added the type: improvement Minor improvements label Oct 14, 2024
@odrotbohm odrotbohm added this to the 1.3 RC1 milestone Oct 14, 2024
odrotbohm added a commit that referenced this issue Oct 14, 2024
@odrotbohm
GH-874 - Add LICENSE and NOTICE files to binaries.
6da5d1d
This was referenced Oct 14, 2024
Closed
Closed
@odrotbohm odrotbohm removed the meta: waiting for feedback Waiting for feedback of the original reporter label Oct 14, 2024
@b-abel
Copy link
Author

b-abel commented Oct 15, 2024

Thank you for your resolution. I can only try it in an enterprise environment where it is difficult to use snapshots. I can check it once it is on Maven Central.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@odrotbohm odrotbohm

Labels
in: infrastructure Build / CI / Release type: improvement Minor improvements
Projects
None yet
Milestone
1.3 RC1
Development

No branches or pull requests
2 participants
@odrotbohm @b-abel