License metadata mismatch: repository LICENSE says Apache-2.0 but published POM declares MIT #136
Description
Summary
There appears to be a license inconsistency for com.playtika.maven.plugins:mixin-maven-plugin:1.0.7
- The repository
LICENSEfile indicates Apache License 2.0 - The published Maven POM metadata declares MIT
- Maven Central / license indexers therefore report MIT
This mismatch is causing confusion for consumers and automated license/compliance tooling.
Affected artifact
com.playtika.maven.plugins:mixin-maven-plugin:1.0.7
What I’m seeing
-
In the GitHub repo (tag
1.0.7), theLICENSEfile content is Apache 2.0. -
In the repo
pom.xmlat tag1.0.7, the<licenses>section declaresMIT. -
Maven Central / artifact metadata surfaces the POM-declared license (MIT), which conflicts with the repository license file.
Why this matters
Many organizations rely on the published POM license metadata and/or repository license files for:
- automated license scanning
- SBOM generation
- compliance policy checks
When these disagree, the component is flagged as "license unclear" and may be blocked.
Expected
The repository license file and the published POM <licenses> should be consistent, and the intended license should be clearly stated.
Request
Could you please confirm the intended license for mixin-maven-plugin and align:
- the repository
LICENSEfile - the POM
<licenses>metadata (and ideally the artifact published to Maven Central in a future release)
If the project is intended to be dual-licensed, it would help to explicitly document that (and reflect it in the POM metadata).
References
-
GitHub repo license file (tag 1.0.7):
https://github.com/PlaytikaOSS/maven-plugins/blob/1.0.7/LICENSE -
POM in repo (tag 1.0.7):
https://github.com/PlaytikaOSS/maven-plugins/blob/1.0.7/pom.xml -
Maven Central artifact page:
https://central.sonatype.com/artifact/com.playtika.maven.plugins/mixin-maven-plugin/1.0.7