Some libs doesn't have licenses at pom file

Question

Some libs doesn't have licenses at pom file

Kolyall opened this issue a year ago · 3 comments

Some libs doesn't have licenses at pom file , but in github they has "Apache-2.0"
For example:
https://github.com/apache/commons-validator

aboutlibraries.json:

{
      "uniqueId": "commons-validator:commons-validator",
      "funding": [],
      "developers": [
        {
          "name": "Don Brown"
        },
        {
          "name": "Martin Cooper"
        },
        {
          "name": "David Graham"
        },
        {
          "name": "Ted Husted"
        },
        {
          "name": "Rob Leland"
        },
        {
          "name": "Craig McClanahan"
        },
        {
          "name": "James Mitchell"
        },
        {
          "name": "Niall Pemberton"
        },
        {
          "name": "James Turner"
        },
        {
          "name": "David Winterfeldt"
        },
        {
          "name": "Henri Yandell"
        },
        {
          "name": "Ben Speakmon"
        },
        {
          "name": "Nick Burch"
        },
        {
          "name": "SimoneTripodi"
        },
        {
          "name": "Benedikt Ritter"
        },
        {
          "name": "Gary Gregory"
        }
      ],
      "artifactVersion": "1.7",
      "description": "Apache Commons Validator provides the building blocks for both client side validation and server side data validation.\n    It may be used standalone or with a framework like Struts.",
      "scm": {
        "connection": "scm:git:https://gitbox.apache.org/repos/asf/commons-validator",
        "url": "https://gitbox.apache.org/repos/asf/commons-validator",
        "developerConnection": "scm:git:https://gitbox.apache.org/repos/asf/commons-validator"
      },
      "name": "Apache Commons Validator",
      "website": "http://commons.apache.org/proper/commons-validator/",
      "licenses": []
    },

Answer 1 · 2023-01-25T14:03:51.000Z

The problem with this one is that it does not have the License as part of the pom.xml: https://repo1.maven.org/maven2/commons-validator/commons-validator/1.7/commons-validator-1.7.pom

But furthermore with the LICENSE fetching enabled via the GitHub API. The pom also misses the repo spec.
E.g. the pom does not link to the GitHub repository -> as such the plugin can not try to resolve the license.
Instead it links to gitbox.apache.org which is not supported for this feature.

Answer 2 · 2023-01-26T07:39:41.000Z

Actually I just found. This is another case of a library which has multiple parents.

E.g. the above pom references:

https://repo1.maven.org/maven2/org/apache/commons/commons-parent/51/commons-parent-51.pom

Which then references:

https://repo1.maven.org/maven2/org/apache/apache/13/apache-13.pom

Which hosts the license.

Please update to v10.6.0-rc01 (or rc02)

The full release is solely pending on the final release of compose-jb - as such for all other pieces it's stable.

This was fixed as part of: #829
And reported here originally: #827

Answer 3 · 2023-02-18T16:33:55.000Z

Fixed in the latest rc versions