Include license in JAR

Question

Include license in JAR

cnsgithub opened this issue 6 years ago · 4 comments

I'd like to reuse owasp-java-encoder in a project licensed under Apache 2.0.

To avoid third-party runtime dependencies, I decided to use Maven Shade Plugin that includes and relocates the owasp-java-encoder classes during packaging.

To include your BSD 3 license, which is required to be legally allowed (BSD 3), I wanted to use org.apache.maven.plugins.shade.resource.IncludeResourceTransformer.

Unfortunately, owasp-java-encoder doesn't include its LICENSE in the META-INF folder.

So, could you please include your license in the JAR?

Answer 1 · 2018-04-03T23:07:11.000Z

This is a reasonable request. We'll get this done in the next release. In the meantime, do you want me to unpack the current jar and add it manually? You can just convert to a zip, unzip, add the license, rezip and rename to .jar. It's a hack, but will work for you today until we push a formal release. Aloha, Jim

…

On 3/27/18 8:08 PM, cnsgithub wrote: I'd like to reuse owasp-java-encoder in a project licensed under Apache 2.0. To avoid third-party runtime dependencies, I decided to use Maven Shade Plugin <http://maven.apache.org/plugins/maven-shade-plugin/> that includes and relocates the owasp-java-encoder classes during packaging. To include your BSD 3 license, which is required to be legally allowed (BSD 3), <https://opensource.org/licenses/BSD-3-Clause> I wanted to use |org.apache.maven.plugins.shade.resource.IncludeResourceTransformer|. Unfortunately, owasp-java-encoder doesn't include its LICENSE in the META-INF folder. So, could you please include your license in the JAR? — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#12>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAgcCUA3u_pTok3lkEFhqywiBf4gCfbVks5tiyjjgaJpZM4S-EVB>.

Answer 2 · 2018-04-04T08:48:43.000Z

@jmanico Thank you for your answer. Manually including the license is a good idea, albeit not feasible for me.

However, I just found a better and more generic method to include licenses of third-party libs by using License Maven Plugin, especially the goals aggregate-download-licenses and add-third-party. That also works for owasp-java-encoder since the encoder-parent POM contains valid license information.

Including the license within your JAR directly would be nice anyway.

Answer 3 · 2018-08-15T20:26:05.000Z

We're going to do a new "WE ARE STILL HERE" release next week and will make sure this get fixed.

Answer 4 · 2018-09-16T14:29:13.000Z

This is now live with version 1.2.2!