OpenJPA
  1. OpenJPA
  2. OPENJPA-772

Proper maven pluginManagement and use ianal-maven-plugin for enforcing legal files

    Details

      Description

      Its fairly standard in apache projects to use the apache pom as the parent. Among other things it specifies the apache snapshot repo as one of the repositories which will be needed until the 2.0 spec jar is finalized.

      1. OPENJPA-772-trunk.patch
        15 kB
        Donald Woods
      2. OPENJPA-772-branches13x.patch
        20 kB
        Donald Woods
      3. OPENJPA-772-branches12x.patch
        16 kB
        Donald Woods
      4. OPENJPA-772-branches11x.patch
        16 kB
        Donald Woods
      5. OPENJPA-772-branches10x.patch
        20 kB
        Donald Woods
      6. OPENJPA-772-2.patch
        25 kB
        David Jencks
      7. OPENJPA-772.patch
        3 kB
        David Jencks

        Issue Links

          Activity

          Hide
          David Jencks added a comment -

          Patch sets parent pom and changes spec version to the 2.0 EA snapshot jar from geroniimo specs.

          Show
          David Jencks added a comment - Patch sets parent pom and changes spec version to the 2.0 EA snapshot jar from geroniimo specs.
          Hide
          David Jencks added a comment -

          This patch uses the maven-remote-resources plugin to install LICENSE and NOTICE files into the individual jars and the IANAL plugin to make sure they get there. I'm having some trouble getting IDEA to see the aggregation directory: most likely it will be necessary to do something to get the hard coded LICENSE and NOTICE files into the distribution.

          I'm surprised by the NOTICE file additions:

          • OpenJPA includes software written by Miroslav Nachev
          • OpenJPA uses test code written by Charles Tillman.

          Do these individuals really want these notices?

          I dont' think this is accurate:

          I think that projects are supposed to have a hardcoded LICENSE and NOTICE file at expected cleckout roots that are appropriate for whatever is actually in svn, not including anything that may be pulled in and included from elsewhere while assembling a distribution (such as serp).

          Show
          David Jencks added a comment - This patch uses the maven-remote-resources plugin to install LICENSE and NOTICE files into the individual jars and the IANAL plugin to make sure they get there. I'm having some trouble getting IDEA to see the aggregation directory: most likely it will be necessary to do something to get the hard coded LICENSE and NOTICE files into the distribution. I'm surprised by the NOTICE file additions: OpenJPA includes software written by Miroslav Nachev OpenJPA uses test code written by Charles Tillman. Do these individuals really want these notices? I dont' think this is accurate: OpenJPA is bundled with the binaries from the JPA specification, by Sun Microsystems and licensed under the CDDL 1.0. The source code is available at: https://glassfish.dev.java.net/source/browse/glassfish/ AFAICT it only includes the schemas. I think that projects are supposed to have a hardcoded LICENSE and NOTICE file at expected cleckout roots that are appropriate for whatever is actually in svn, not including anything that may be pulled in and included from elsewhere while assembling a distribution (such as serp).
          Hide
          Donald Woods added a comment -

          Updating title, as trunk is now using the apche-4.pom as the parent pom, but still uses the old NOTICE.txt and LICENSE.txt method for legal files and doesn't verify that they are in the produced artifacts via the ianal (I am not a lawyer) plugin.

          Show
          Donald Woods added a comment - Updating title, as trunk is now using the apche-4.pom as the parent pom, but still uses the old NOTICE.txt and LICENSE.txt method for legal files and doesn't verify that they are in the produced artifacts via the ianal (I am not a lawyer) plugin.
          Hide
          Michael Dick added a comment -

          A couple (overdue) comments.

          The NOTICE file does seem out of date. I don't believe we have any dependency on Sun's copy of the APIs anymore. Regarding Miroslav and Charles I believe Craig had a discussion with legal and it was determined that we needed to keep them in the NOTICE file. They're listed as @author in a few source files.

          What does the ianal plugin do? If it dynamically produces the LICENSE, and NOTICE files I'm all in favor of giving it a go.

          Show
          Michael Dick added a comment - A couple (overdue) comments. The NOTICE file does seem out of date. I don't believe we have any dependency on Sun's copy of the APIs anymore. Regarding Miroslav and Charles I believe Craig had a discussion with legal and it was determined that we needed to keep them in the NOTICE file. They're listed as @author in a few source files. What does the ianal plugin do? If it dynamically produces the LICENSE, and NOTICE files I'm all in favor of giving it a go.
          Hide
          Donald Woods added a comment -

          Splitting the original JIRA into 2, as there were several unrelated changes in the original patches, along with a couple of the original changes (like using the apache pom as the parent) already being incorporated into trunk.
          This JIRA will focus on:
          1) using maven pluginManagement to set common plugin versions in the parent pom, which will make it easier to maintain the child poms
          2) adding missing groupId settings for some of the plugins in the poms
          3) adding missing versions for some plugins. where versions were missing, we'll go with the latest released artifacts. this will help remove build surprises when new levels of plugins are released that include changed APIs or behavior and will make tagged releases easier to rebuild in the future
          4) added the ianal plugin to automatically check generated artifacts (jar, war, ear, ...) for inclusion of required license and notice files

          Show
          Donald Woods added a comment - Splitting the original JIRA into 2, as there were several unrelated changes in the original patches, along with a couple of the original changes (like using the apache pom as the parent) already being incorporated into trunk. This JIRA will focus on: 1) using maven pluginManagement to set common plugin versions in the parent pom, which will make it easier to maintain the child poms 2) adding missing groupId settings for some of the plugins in the poms 3) adding missing versions for some plugins. where versions were missing, we'll go with the latest released artifacts. this will help remove build surprises when new levels of plugins are released that include changed APIs or behavior and will make tagged releases easier to rebuild in the future 4) added the ianal plugin to automatically check generated artifacts (jar, war, ear, ...) for inclusion of required license and notice files
          Hide
          Donald Woods added a comment -

          Patch for trunk (rev738602) which addresses the pluginManagement updates, missing groupId on plugins and pulls in the ianal plugin.

          Show
          Donald Woods added a comment - Patch for trunk (rev738602) which addresses the pluginManagement updates, missing groupId on plugins and pulls in the ianal plugin.
          Hide
          Donald Woods added a comment -

          Same attachment as before, but with corrected filename....

          Show
          Donald Woods added a comment - Same attachment as before, but with corrected filename....
          Hide
          Donald Woods added a comment -

          Updates for branches/1.2.x at Rev738888

          Show
          Donald Woods added a comment - Updates for branches/1.2.x at Rev738888
          Hide
          David Jencks added a comment -

          Michael –

          The maven-remote-resources plugin basically gets the LICENSE and NOTICE files from a common location ("resource-bundle"). You can add more stuff to particular (sub) projects easily.

          The ianal plugin checks that the maven-remote-resources plugin did its job and that there actually are LICENSE and NOTICE files in all the generated artifacts including source and javadoc jars. It seems to be pretty easy to misconfigure the m-r-r-p so that source and/or javadoc jars are missing the legal goo and the ianal plugin really cuts down on the number of release attempts you need to make as you gradually discovery these by looking at each one manually

          Show
          David Jencks added a comment - Michael – The maven-remote-resources plugin basically gets the LICENSE and NOTICE files from a common location ("resource-bundle"). You can add more stuff to particular (sub) projects easily. The ianal plugin checks that the maven-remote-resources plugin did its job and that there actually are LICENSE and NOTICE files in all the generated artifacts including source and javadoc jars. It seems to be pretty easy to misconfigure the m-r-r-p so that source and/or javadoc jars are missing the legal goo and the ianal plugin really cuts down on the number of release attempts you need to make as you gradually discovery these by looking at each one manually
          Hide
          Donald Woods added a comment -

          OPENJPA-880 will be used for the maven-remote-resources-plugin updates, since we'll probably only want to target trunk for those changes.

          Show
          Donald Woods added a comment - OPENJPA-880 will be used for the maven-remote-resources-plugin updates, since we'll probably only want to target trunk for those changes.
          Hide
          Donald Woods added a comment -

          Updated patches for 1.2.x and trunk, to remove upgrade of Geronimo Spec files (will open a separate JIRA for that.)
          Attached patch for branches/1.0.x.

          Show
          Donald Woods added a comment - Updated patches for 1.2.x and trunk, to remove upgrade of Geronimo Spec files (will open a separate JIRA for that.) Attached patch for branches/1.0.x.
          Hide
          Donald Woods added a comment -

          Patch for branches/1.3.x at Rev738952.

          Show
          Donald Woods added a comment - Patch for branches/1.3.x at Rev738952.
          Hide
          Donald Woods added a comment -

          Updated patched against latest svn content.

          Show
          Donald Woods added a comment - Updated patched against latest svn content.
          Hide
          Donald Woods added a comment -

          Updated patches against latest svn code.

          Show
          Donald Woods added a comment - Updated patches against latest svn code.
          Hide
          Donald Woods added a comment -

          Unassigning from me, so a committer can review the patches.

          Show
          Donald Woods added a comment - Unassigning from me, so a committer can review the patches.
          Hide
          Michael Dick added a comment -

          I've committed Donald's changes to 1.0.x,1.2.x,1.3.x,and trunk. I believe the changes are safe for 1.1.x as well, but I'll leave that decision up to the branch maintainers (Patrick and Abe).

          Thanks again for the patch Donald.

          Show
          Michael Dick added a comment - I've committed Donald's changes to 1.0.x,1.2.x,1.3.x,and trunk. I believe the changes are safe for 1.1.x as well, but I'll leave that decision up to the branch maintainers (Patrick and Abe). Thanks again for the patch Donald.

            People

            • Assignee:
              Unassigned
              Reporter:
              David Jencks
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development