Clojars (https://clojars.org - the community repository for open source Clojure
libraries) will now require a license to be specified in the POM file for:
- newly uploaded versions for new projects
- newly uploaded versions for existing projects where the prior version had a license
We will then start requiring a license for all newly uploaded versions on or
after 2024-01-01. Note that this will not impact any existing versions;
existing versions that don’t have a license in the POM file will remain
We are making this change:
- to better support auditing from java ecosystem tools that use the POM as the
source of truth for the license
- enforce better hygiene; all open source projects should have a license
If you only consume projects from Clojars and do not release libraries, you
don’t need to do anything.
If you publish projects to Clojars, you will need to:
- include a license with any new projects
- continue to include a license with new versions of projects where you already
provide a license
- update any projects that don’t provide a license to provide one before the end
of the year if you plan to release a new version
If Clojars rejects your deploy, you will see a message like:
Could not transfer metadata org.clojars.tcrawley:deploytest/maven-metadata.xml from/to clojars (https://repo.clojars.org/): authorization failed for https://repo.clojars.org/org/clojars/tcrawley/deploytest/maven-metadata.xml, status: 403 Forbidden - the POM file does not include a license. See https://bit.ly/3PQunZU
Most versions already have licenses in their POM files since Leiningen
includes one by default, and prints a warning when you try to deploy without
one. But newer tooling built on the Clojure CLI tools doesn’t have this
warning (however, deps-new will generate a pom.xml that does include a license
if you use it to template your project).
Thanks to Peter Monks for suggesting this change, and Daniel Compton for
discussing a solution.
This work was done as part of an ongoing maintenance contract from Clojurists
Together. You can also sponsor me directly on GitHub Sponsors if you would
like to directly fund my maintenance of Clojars.
Please reply here or on the issue if you have any concerns or questions.