Sonatype Blog
Latest Posts

As we’ve been busy building out the Insight product line we’ve spent significant time considering the issues associated with “conflicting” and “invalid” licenses — licenses which upon consumption preclude further redistribution without being in violation of the licensing terms.  Conflicting (or incompatible) licenses are problematic for development organizations using open source software as there is no effective way to consume and then redistribute the software (or derivative work).  You simply cannot combine GPL and EPL 1.0, for example, because it is not possible to maintain compliance with all licensing obligations specified by both under any licensing construct upon further distribution.  EPL cannot be consumed within GPL and vice versa.  See http://www.gnu.org/licenses/license-list.html#EPL for additional information.

If you consume both EPL and GPL in a Maven POM or another build, and then you subsequently ship that software, you would not be able to satisfy your obligations as a distributor and would therefore be in violation of one or both of the licenses.   As developers, we have enough to worry about already.  This a job best done by the tools we use — in this case Insight for CI and Nexus Professional.  Depending on your circumstances, having your CI system alert upon detecting incompatible licensing constructs at build time reduces risk and costs by catching problems early in the development lifecycle.

(more…)

Join Brian Fox Wednesday, May 23 at 11AM EDT (GMT-0400) for a 30 minute tour of our latest innovation, Insight for CI. Brian will show you how Insight for CI will help you:

• Gain visibility and control at build time in Hudson and Jenkins.
• Find and fix license, security and quality problems quickly.
• Set rules to notify you of problems or to fail builds.

If you register, you’ll also receive access to the recording after the event. So if something comes up and you can’t make it, you won’t miss out.

Reserve Your Seat Here

I was doing a bit of data analysis of the data that drives our Nexus Professional popularity results and I came across some statistics that show demand for Google Guava has been picking up over the last year. Our Top 10 list for general utilities contains the usual suspects. Libraries like Commons Lang and Commons Beanutils are predictably near the top of the list as are both log4j and slf4j. Not only are these the utilities you’d expect to see in almost every Java project, many of the dependencies you depend on also reference these libraries. This list is a list of utilities and projects you’d better be familiar with if you are programming in Java because you will undoubtedly encounter them.

Here is a list of the Top 10 Utilities from April 2012. Note how Google Guava jumped three places from #15 to #12 with a 2.5% increase in demand from March. While I don’t expect Google Guava to surpass the popularity of Apache Commons components any time soon, it will be interesting to see if Guava becomes a standard that challenges Commons Lang. Guava, like Apache Commons, is a collection of utilities and classes that supplement Java, while they have overlapping purposes, I tend to continue to have both on my classpath whenever I’m coding.

Caveat: I’m comparing utility libraries with the exception of JUnit. JUnit is downloaded automatically by a number of tools (tools that don’t appear to cache artifacts between instantiation). Because of this JUnit downloads are off the chart. If you average out the data, JUnit is being downloaded approximately once a second (across the entire month).

A big thanks to all of you who registered and attended our sneak preview of Insight for CI last week. We had a great turnout and a lot of fantastic questions! If you didn’t have a chance to register, that doesn’t mean you have to miss out. The replay is now available.

Request the webinar recording here.

Thank you!

One of our customers asked me for a presentation deck making a simple case for bringing Nexus into a development environment: what are the broad stroke benefits of the repository from the perspective of the Enterprise? This video is that presentation, it doesn’t spend too much time enumerating a list of pro features. It focuses on the two core benefits: consuming OSS and internal sharing.

If you have five minutes and you are looking for something that might convince others in your organization, this video will be of use. Here’s the video “OSS and the Enterprise: How Nexus can Help” followed by a very brief summary:

A summary in four sentences:

• The Enterprise has shifted dramatically over the last decade and OSS has been a major force driving the evolution of Enterprise software development.
• As organizations have adopted OSS, developers have a new interest in consuming OSS and bring some of the practices of OSS in-house.
• Nexus was designed to make is easier for you to support your developer’s interest in OSS consumption while giving you the necessary controls.
• Better yet, Nexus allows you to adopt the same mechanism for collaboration that is used by OSS projects.

In other words, it isn’t just about software.