Package needed for Maven 2.0.8 Spec URL: http://people.fedoraproject.org/~fnasser/plexus-mail-sender.spec SRPM URL: http://people.fedoraproject.org/~fnasser/plexus-mail-sender-1.0-0.a2.7.jpp6.src.rpm Description: The Plexus project seeks to create end-to-end developer tools for writing applications. At the core is the container, which can be embedded or for a full scale application server. There are many reusable components for hibernate, form processing, jndi, i18n, velocity, etc. Plexus also includes an application server which is like a J2EE application server, without all the baggage.
- the license field needs to be changed to "ASL 2.0" - there is no URL for Source0 and the instructions could be fixed up a bit - I see no differences between a local svn export and the contents of the tarball - there are 3 source files with no URLs
No, the license field is just plain wrong. This package has some files that are under an MIT license, and some that are under an ASL 1.1 (NOT 2.0) license, sometimes both in the same directory. There is also one file, under plexus-mail-sender-api in the org.codehaus.plexus.mailsender.util package, that has a commment that merely reads "LICENSE". The legal status of that file is unclear.
Sorry, I don't know how I determined that it should be ASL 2.0. I must have only looked at a license file. Mea culpa.
spot, if you have a sec, please comment on comment #2 from Jerry.
Ask upstream. If you can't get an answer from them, either drop the file or the package entirely.
It seems most files have the MIT license, 4 have the ASL 2.0 license and this one, even in the last tag http://svn.codehaus.org/plexus/tags/plexus-mail-sender-1.0-alpha-7/plexus-mail-sender-api/src/main/java/org/codehaus/plexus/mailsender/util/DateFormatUtils.java does not have one. It is a very small (2-line) utility class and I counted 6 references. We could try and patch it out but the lines added will have to be identical to these two lines we are suppressing -- I can't see a different way to do this in Java. There are java source files in the plexus stuff everywhere BTW, they should be covered by: http://plexus.codehaus.org/get-involved.html which is the official project header that should be added to every file. I don't know if Deepak would be able to convince maven to build without this plexus-mail-sender thing. So I fixed the License to: MIT, ASL 2.0 and Plexus and re-uploaded: Spec URL: http://people.fedoraproject.org/~fnasser/plexus-mail-sender.spec SRPM URL: http://people.fedoraproject.org/~fnasser/plexus-mail-sender-1.0-0.a2.8.jpp6.src.rpm Does it help?
We still need some confirmation from upstream as to what the license is on the unmarked files. I'm also not sure why you added the "Plexus" license to the list of files in this package, when you only found MIT and ASL 2.0.
In response to comment #6, please refer back to comment #2. There are 6 (not 4) files under an ASL license and they contain ASL 1.1 (not ASL 2.0) notices. There is no file in this distribution with an ASL 2.0 license notice. (Three of the 6 are test files, but that still makes 3, not 4, source files with the ASL 1.1 license.)
Yes, I've got the 2.0 from the initial comment from Andrew. Change that to 1.1 would be easy. But there is no point as we do not have a resolution w.r.t. to that small file with the "LICENSE" in it.
I created http://jira.codehaus.org/browse/PLX-417 for this. Though personally I feel this small source file (it is just a simple date printf) license issue is too minor to block the inclusion in fedora and the maven2 update.
http://jira.codehaus.org/browse/PLX-417 has been fixed (thanks, Paul Gier!) in trunk. Spot, are we good to go ahead here?
I'd like to see an updated SRPM first.
Full review request (including updated licensing): bug #518650.
Spot: updated SRPM with patch to clarify licensing on the one file: http://overholt.fedorapeople.org/plexus-mail-sender-1.0-0.a2.9.fc11.src.rpm
Thanks. Lifting FE-Legal.
Built: http://koji.fedoraproject.org/koji/taskinfo?taskID=1623947
Drop review flag. It was reviewed in #518650.