hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sean Mackrory (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (HADOOP-15080) Cat-X dependency on org.json via derived json-lib
Date Tue, 05 Dec 2017 16:24:01 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-15080?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16278809#comment-16278809
] 

Sean Mackrory edited comment on HADOOP-15080 at 12/5/17 4:23 PM:
-----------------------------------------------------------------

{quote}explicitly add it as a test-scoped dependency{quote}
Ah - I was wondering if you could conditionally exclude a dependency or change the scope of
a transitive one. I guess that's how you do it.

I thought I had seen a specific exception for "weak copyleft" licenses for use in build, development
and testing, hence my idea that Jersey's CDDL was much safer than category X. But if we're
already using category X in testing, then perhaps the explicit test-scoped dependency is okay
(plus I can't find that exception now). My only remaining concern then is that most category
X licenses dictate how you're allowed to distribute stuff. json-lib dictates how you *use*
stuff, so there's still the ambiguity as far as ASF's liability is concerned. But if it's
okay with whoever needs to make that call, then yeah, just a maven hack to prevent this from
being included while the OSS folks work on a more elegant solution is fine by me too.


was (Author: mackrorysd):
{quote}explicitly add it as a test-scoped dependency{quote}
Ah - I was wondering if you could selectively exlude a dependency of change the scope of a
transitive one. I guess that's how you do it.

I thought I had seen a specific exception for "weak copyleft" licenses for use in build, development
and testing, hence my idea that Jersey's CDDL was much safer than category X. But if we're
already using category X in testing, then perhaps the explicit test-scoped dependency is okay.
My only remaining concern then is that most category X licenses dictate how you're allowed
to distribute stuff. json-lib dictates how you *use* stuff, so there's still the ambiguity.
But if it's okay with whoever needs to make that call, then yeah, just a maven hack to prevent
this from being included while the OSS folks work on a more elegant solution is fine by me
too.

> Cat-X dependency on org.json via derived json-lib
> -------------------------------------------------
>
>                 Key: HADOOP-15080
>                 URL: https://issues.apache.org/jira/browse/HADOOP-15080
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: fs/oss
>    Affects Versions: 3.0.0-beta1
>            Reporter: Chris Douglas
>            Priority: Blocker
>         Attachments: HADOOP-15080-branch-3.0.0.001.patch
>
>
> The OSS SDK has a dependency on json-lib. In LEGAL-245, the org.json library (from which
json-lib may be derived) is released under a [category-x|https://www.apache.org/legal/resolved.html#json]
license.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org


Mime
View raw message