Search code examples
jarlicensingpackagingjava

Repackaging library JARs in Java

I have been extracting 3rd-party library JARs into my open source Java library in order for the dependencies to work at runtime.

I remember when I tried doing this in Eclipse a while ago (different project) it produced a warning to check licensing before doing this.

What exactly are the general rules regarding when it's ok to repackage library contents into your JAR, how it should be done, and which widely used licenses forbid it?

Specifically, the libraries I'm repackaging use BSD and LGPL.

Thanks in advance for your help.

Edit

I actually ended up separating out the dependencies to prevent code conflicts as several commenters suggested. Thanks again for the suggestions and information provided.

Solution

  • What I personally do is make sure that none of the library I use explicitly forbid redistribution. If they do, you're out of luck. Neither BSD nor LGPL do though, so you should be ok. I can't think of a sane open source license that would.

    Once you're satisfied you're not violating the terms of the license by repackaging and distributing them, you need to make sure you respect them in other aspects. I find that the following steps are sufficient for 99.99% of the open source licenses out there:

    • create a license.txt file at the root of your JAR file (some people put it in META-INF, but I know of no rule or convention on this and think it's just a matter of preference).
    • list all of the external libraries you import and the license under which they are distributed in license.txt.
    • write the complete text of all licenses that apply in license.txt.
    • ideally, link to each library's web site, download page and license page if available.

    This should make sure you don't run afoul of any mainstream license, to the exception of the GPL. I'm not a lawyer, nor am I an expert in the GPL, and any advice I give you on how to respect it might end up entirely wrong, so I'd rather not lead you astray.

    There are a few more things you can do, but those are more a matter of professional courtesy:

    • if you're writing a user facing application (webservice, UI application...), link to the libraries you're using in the About section.
    • let the maintainer of the library know that you're using and packaging it - some authors like to maintain a list of popular software using their tools.

    While that might sound like a lot of work, it's far less work than writing and maintaining the actual library.

    EDIT: I just realised that you were working on a library, as opposed to an application. My answer doesn't actually apply in that case: it's very poor form to package your dependencies in your library's JAR. If anything, it makes it rather harder for third-party developers to integrate your library with existing build tools and dependency management systems (maven, ant / ivy...).

    If you want to keep things simple, just include the JAR of all your dependencies in the /lib folder of your distribution files.

    To re-iterate my point: I believe you'll alienate the majority of developers by packaging your dependencies in your library's JAR file rather than with it. I certainly would file a bug report and look for alternatives if the issue wasn't addressed.