Some libs doesn't have licenses at pom file
Kolyall opened this issue · 3 comments
Some libs doesn't have licenses at pom file , but in github they has "Apache-2.0"
For example:
https://github.com/apache/commons-validator
aboutlibraries.json:
{
"uniqueId": "commons-validator:commons-validator",
"funding": [],
"developers": [
{
"name": "Don Brown"
},
{
"name": "Martin Cooper"
},
{
"name": "David Graham"
},
{
"name": "Ted Husted"
},
{
"name": "Rob Leland"
},
{
"name": "Craig McClanahan"
},
{
"name": "James Mitchell"
},
{
"name": "Niall Pemberton"
},
{
"name": "James Turner"
},
{
"name": "David Winterfeldt"
},
{
"name": "Henri Yandell"
},
{
"name": "Ben Speakmon"
},
{
"name": "Nick Burch"
},
{
"name": "SimoneTripodi"
},
{
"name": "Benedikt Ritter"
},
{
"name": "Gary Gregory"
}
],
"artifactVersion": "1.7",
"description": "Apache Commons Validator provides the building blocks for both client side validation and server side data validation.\n It may be used standalone or with a framework like Struts.",
"scm": {
"connection": "scm:git:https://gitbox.apache.org/repos/asf/commons-validator",
"url": "https://gitbox.apache.org/repos/asf/commons-validator",
"developerConnection": "scm:git:https://gitbox.apache.org/repos/asf/commons-validator"
},
"name": "Apache Commons Validator",
"website": "http://commons.apache.org/proper/commons-validator/",
"licenses": []
},
The problem with this one is that it does not have the License
as part of the pom.xml
: https://repo1.maven.org/maven2/commons-validator/commons-validator/1.7/commons-validator-1.7.pom
But furthermore with the LICENSE
fetching enabled via the GitHub API. The pom
also misses the repo spec.
E.g. the pom
does not link to the GitHub repository -> as such the plugin can not try to resolve the license.
Instead it links to gitbox.apache.org
which is not supported for this feature.
Actually I just found. This is another case of a library which has multiple parents.
E.g. the above pom
references:
Which then references:
Which hosts the license.
Please update to v10.6.0-rc01 (or rc02)
The full release is solely pending on the final release of
compose-jb
- as such for all other pieces it's stable.
This was fixed as part of: #829
And reported here originally: #827
Fixed in the latest rc versions