hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ted Dunning (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-13794) JSON.org license is now CatX
Date Sat, 19 Nov 2016 03:24:59 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-13794?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15678496#comment-15678496
] 

Ted Dunning commented on HADOOP-13794:
--------------------------------------

Chris,

Not sure what you mean by your comment here. I don't see that there is any choice to this.
A growing number of our customers and prospects are using this issue to simply refuse to buy
any software with this dependency.  As awareness of this issue grows, I expect this to become
a major threat to the adoption of Apache software everywhere.

Yes, this *was* avoidable. But that was back when the JSON license was classified as anything
other than Cat X. That led to adoption which led to the current mess. I don't think that the
mess is avoidable at this point ... we all have to pitch in to clean it up. Hence me publishing
a replacement.



> JSON.org license is now CatX
> ----------------------------
>
>                 Key: HADOOP-13794
>                 URL: https://issues.apache.org/jira/browse/HADOOP-13794
>             Project: Hadoop Common
>          Issue Type: Bug
>    Affects Versions: 2.8.0, 2.7.4, 3.0.0-alpha2, 2.6.6
>            Reporter: Sean Busbey
>            Priority: Blocker
>
> per [update resolved legal|http://www.apache.org/legal/resolved.html#json]:
> {quote}
> CAN APACHE PRODUCTS INCLUDE WORKS LICENSED UNDER THE JSON LICENSE?
> No. As of 2016-11-03 this has been moved to the 'Category X' license list. Prior to this,
use of the JSON Java library was allowed. See Debian's page for a list of alternatives.
> {quote}
> We have a test-time transitive dependency on the {{org.json:json}} artifact in trunk
and branch-2. AFAICT, this test time dependency doesn't get exposed to downstream at all (I
checked assemblies and test-jar artifacts we publish to maven), so it can be removed or kept
at our leisure. keeping it risks it being promoted out of test scope by maven without us noticing.
We might be able to add an enforcer rule to check for this.
> We also distribute it in bundled form through our use of the AWS Java SDK artifacts in
trunk and branch-2. Looking at the github project, [their dependency on JSON.org was removed
in 1.11|https://github.com/aws/aws-sdk-java/pull/417], so if we upgrade to 1.11.0+ we should
be good to go. (this might be hard in branch-2.6 and branch-2.7 where we're on 1.7.4)



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org


Mime
View raw message