3

When I add a dependency to my maven projects, I like to add some comments to indicate what it is, and what license it's released under, for example: 

    <!-- XML parser -->
    <!-- Apache License, Version 2.0 -->
    <dependency>
        <groupId>xerces</groupId>
        <artifactId>xercesImpl</artifactId>
        <version>2.9.1</version>
        <scope>compile</scope>
    </dependency>

My main concern is being able to check (manually, for now) that the licenses are all compatible with one another. The pom.xml documentation states:

Note that a project should list only licenses that may apply directly to this project, and not list licenses that apply to this project's dependencies.

Is there a better way to capture this metadata? Maybe a way to "override" the <licenses> information from a dependency's POM if it's missing?

MrDrews
  • 2,139
  • 2
  • 22
  • 22

2 Answers2

3

First of all you can't overwrite the licenses part of a pom, cause it's not inherited. Secondly you can automatically check the licenses of your dependencies using the Maven-Licenses-Verifier-Plugin (available via Maven Central) which will handle such a situation for you and furthermore you can generate a report about that (Example).

khmarbaise
  • 92,914
  • 28
  • 189
  • 235
1

If I understand correctly, the Maven Remote Resources Plugin and the License Maven Plugin claim to be able to do this.

I have been working with the License Maven Plugin today and following their instructions I can generate a license report that indicates which licenses are missing. Then I can add the missing licenses and get a report on all the licenses in the project. However really I would like this information to be available when I generate the site, but there the license information for the third party dependencies is missing. It would also be useful to be able to add URLs for new licenses or URLs for the dependencies themselves (this information is also included in the site report).

I took a look at the plugin khmarbaise wrote for verifying if the dependencies used in a project but this does not help solve the problem of missing licenses.

Mark Butler
  • 4,361
  • 2
  • 39
  • 39