jsr354-api icon indicating copy to clipboard operation
jsr354-api copied to clipboard
verified publisher icon JavaMoney

Published license identifier is not compliant with the SPDX license list

Open mervyn-mccreight opened this issue 3 years ago • 4 comments

As for now the license is getting published as Apache 2 License but according to https://spdx.org/licenses/Apache-2.0.html the SPDX-identifier would be Apache-2.0.

It would be nice to align it to the SPDX-identifier, because this makes it easier for tools like e.g. Gradle plugins to detect the used license by relying on the SPDX license identifiers.

The published URL to the license is also not correct, as it just references as LICENSE.txt which is not an absolute path to the license file. IMO best would be to link to the official template of the used license, e.g. https://spdx.org/licenses/Apache-2.0.html or https://www.apache.org/licenses/LICENSE-2.0 respectively.

mervyn-mccreight avatar Nov 14 '22 15:11 mervyn-mccreight

Thanks but this is a tiny thing, plus Github recognizes the Apache-2.0 license, and the Enforcer plugin as part of the build also does. If there is either a critical security or bugfix or a new major version like MR2 or 2.0 we'll look into it.

keilw avatar Nov 14 '22 15:11 keilw

Technically speaking we also need to add a NOTICE file https://github.com/JavaMoney/jsr354-api/blob/master/LICENSE.txt#L179

stokito avatar Apr 25 '23 20:04 stokito

@mervyn-mccreight "As for now the license is getting published as Apache 2 License" sorry could you please elaborate where you see it?

stokito avatar Apr 25 '23 20:04 stokito

Sure. You can see it in the published maven artifact (e.g. at mvnrepository.com).

See here: https://github.com/JavaMoney/jsr354-api/blob/master/pom.xml#L202

mervyn-mccreight avatar Apr 26 '23 01:04 mervyn-mccreight