Skip to content

docs: Use SPDX license ID #27

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 3 commits into from
Closed

docs: Use SPDX license ID #27

wants to merge 3 commits into from
+1 −1

Conversation

@jakub-bochenski
Copy link

@jakub-bochenski jakub-bochenski commented Jul 25, 2025
edited by openjdk bot
Loading

Maven POM should use SPDX license ID: https://maven.apache.org/pom.html#Licenses

SPDX License ID is GPL-2.0-with-classpath-exception per https://spdx.org/licenses/GPL-2.0-with-classpath-exception.html

The ID is deprecated, but the replacement is an expression instead of an ID.

Using an expression in place of an ID will result in an invalid CycloneDX BOM, e.g. DependencyTrack/dependency-track#4748

Using correct SPDX license ID allows SCA tools (e.g. https://dependencytrack.org/) to correctly identify the used license.

Progress

  • Change must be properly reviewed (1 review required, with at least 1 Reviewer)
  • Change must not contain extraneous whitespace

Error

 ⚠️ OCA signatory status must be verified

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.org/nashorn.git pull/27/head:pull/27
$ git checkout pull/27

Update a local copy of the PR:
$ git checkout pull/27
$ git pull https://git.openjdk.org/nashorn.git pull/27/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 27

View PR using the GUI difftool:
$ git pr show -t 27

Using diff file

Download this PR as a diff file:
https://git.openjdk.org/nashorn/pull/27.diff

@jakub-bochenski
docs: Use SPDX license ID
2f9231d 
Maven POM should use SPDX license ID: https://maven.apache.org/pom.html#Licenses

SPDX License ID is `GPL-2.0-with-classpath-exception` per https://spdx.org/licenses/GPL-2.0-with-classpath-exception.html

Using correct SPDX license ID allows SCA tools (e.g. https://dependencytrack.org/) to correctly identify the used license.
@bridgekeeper bridgekeeper bot added the oca Needs verification of OCA signatory status label Jul 25, 2025
@bridgekeeper
Copy link

bridgekeeper bot commented Jul 25, 2025

Hi @jakub-bochenski, welcome to this OpenJDK project and thanks for contributing!

We do not recognize you as Contributor and need to ensure you have signed the Oracle Contributor Agreement (OCA). If you have not signed the OCA, please follow the instructions. Please fill in your GitHub username in the "Username" field of the application. Once you have signed the OCA, please let us know by writing /signed in a comment in this pull request.

If you already are an OpenJDK Author, Committer or Reviewer, please click here to open a new issue so that we can record that fact. Please use "Add GitHub user jakub-bochenski" as summary for the issue.

If you are contributing this work on behalf of your employer and your employer has signed the OCA, please let us know by writing /covered in a comment in this pull request.

@openjdk
Copy link

openjdk bot commented Jul 25, 2025

❗ This change is not yet ready to be integrated.
See the Progress checklist in the description for automated requirements.

@jakub-bochenski
Copy link
Author

jakub-bochenski commented Jul 25, 2025
edited by bridgekeeper bot
Loading

Using full name "GNU General Public License v2.0 w/Classpath exception" as seen in SPDX catalog would also work for my use case

jakub-bochenski added a commit to jakub-bochenski/cyclonedx-core-java that referenced this pull request Jul 25, 2025
@jakub-bochenski
feat: Add GPL v2 with the Classpath exception
12dadf0 
This is the license name used by Nashorn: openjdk/nashorn#27

Signed-off-by: jakub-bochenski <[email protected]>
@jakub-bochenski jakub-bochenski mentioned this pull request Jul 25, 2025
Merged
@szegedi
Copy link
Collaborator

szegedi commented Aug 21, 2025

Hi, I updated the POM with the full SPDX name of the license. I'll close this PR.

@szegedi szegedi closed this Aug 21, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

oca Needs verification of OCA signatory status

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jakub-bochenski @szegedi