I am a little bit confused with various ways of putting license information into maven project.
If I put license in the tag inside POM file does that mean that my whole project has that license?
If I put license.txt file into project does that mean that project belongs to that license?
And what if I put license at the beginning of every .java file I have. Does that mean that every class I wrote can have different licenses?
What about the situation when I have license information in the header of the POM file. Does that mean as well that all files are under that license?
So confused...
Don't worry you're not the only one confused. This problem is not confined to Java. Maven at least provides a mechanism to break a project up into separate modules, each with a metadata file (POM) describing the modules's license.
The issue is as a software user, wishing to be license compliant, how can I be sure sure that all files (in the software package) all belong to the same software license. There are subtle differences and usage implications between some of the open source licenses.
HP open sourced their licensing scanning system.
http://www.fossology.org/
This enables an organisation to scan the source code of 3rd party libaries and discover the license. This analysis follows the standard techniques that have emerged over time (License in a README, License in a comment header, etc, etc). For organisation who prefer to outsource this work, there are commercial companies maintaining databases of open source software:
There is some light at the end of the tunnel. The linux foundation have started an initiative to address this issue:
http://spdx.org/
It's a great idea. Create a single standard that allows software developers to explicitly state the license of each file. One real sucess of the group is assembling a common list of license names. The only downside, as I see it, is the lack of developer adoption and tool support.
In conclusion, I would recommend keeping all files a maven module part of the same license. Assuming your module is open source, Indicate that license in a commented header and publish that license in the Maven POM. If your code is closed source, seems to me that putting the license into the META-INF directory helps, but doesn't fully address compliance issues.
A project can have different licenses per the needs. You might like to have an Apache license and a MIT, BSD license as well. The idea of letting your code have multiple licenses is to be able to allow companies to pick the license they're happy with.
These licenses are normally stored in the META-INF/LICENSE.* files (for example LICENSE.BSD, LICENSE.Apache, etc).
If you define the license in the POM, that means that the Maven site plugin will use that string when generating the Maven site.
It is best to have the respective licensing header above each of your classes to avoid possible confusion for adopters of the project.
If you do what is known as "shading" (including the classes of other libraries in your jar), then you would most-likely end up having their license in your META-INF directory. Be careful, as it might overwrite your project's license, if the name of the respective license file is simply LICENSE.
You would normally place your license file(s) under the src/main/resources/META-INF
directory.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With