2

I have few doubts regarding hosting libraries on MavenCentral.

(1) Is it possible to have following usecase. Create a private github project which generates library(jar) and host this library on Maven Central so any developer use it. Keep the source code private as of now but generate javadoc from source code and post the same for reference.

(2) Going through various post on posting libraries on Maven Central. Looks like MavenCentral is hosted by The Central Repository. Does this means my project needs to be open source only to post library on Maven Central.

user2068004
  • 41
  • 1
  • You should take a look here: http://central.sonatype.org/ Apart from that either you provide the jar file etc. and make it open source or you don't. If you make it OS than Central is the right choice. And you source code is also available in general in a Java Project (can be decompiled no problem). Furthermore Maven Central is hosted via a Service of the Company Sonatype which supports and offers the whole service for Maven Central. And yes if your project is not open source (which sounds like that) than central is the wrong location. – khmarbaise Jun 15 '16 at 17:32

1 Answers1

1

Maven Central is generally meant for open source projects, or for code under a license that would allow you freely use the code.

Have a look at my answer here, as well as this license comparison (created by Github).

Also, I assume you are aware of the fact that any code written in Java can easily be decompiled by a more senior and well-skilled developer, right?

Community
  • 1
  • 1
carlspring
  • 31,231
  • 29
  • 115
  • 197
  • Legal hasn't decided on the nature of project. Thanks for pointing out regarding decompiling java library to get original source code. Even though maven is meant for open source projects, will it be possible to just post libraries and a license to use this library as is. Looks like central repository needs javadoc and source jar files to be included. – user2068004 Jun 15 '16 at 17:42
  • Well, there you go, now you'll have to choose an opensource license, I guess. The link I gave you is assembled by the guys at Github and is very useful for deciding on such issues. – carlspring Jun 15 '16 at 17:46
  • That's not entirely true. Obfuscation obviously has its limits, but it is generally very effective in making code unreadable. Then 3rd party security APIs can help decrease the chances that someone will be able to decrypt the code. Keep in mind, even if they do decrypt it, they would then still have to decipher the obfuscated code. Unless they already know what they're looking for, it's unlikely it would be worth the time to deobfuscate everything. – TacoManStan Aug 31 '21 at 22:27