streams-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sblackmon <sblack...@apache.org>
Subject Re: [DISCUSS] JSON.org license is now category-x
Date Mon, 14 Nov 2016 17:41:27 GMT
Thanks for bringing this up Joey.

Looking into this it’s already on Twitter4J’s radar and there’s an open pull-request.

https://github.com/yusuke/twitter4j/pull/215

Provided they resolve and release again in the near future, the only action we’ll need to
take is to upgrade.

Any ideas on ways to scan all of our direct dependencies for usage of org.json:json?
On November 14, 2016 at 6:04:53 PM, Joey Frazee (joey.frazee@icloud.com) wrote:

The ASF recently reclassified the JSON license for org.json as category-x because of its "shall
be used for Good, not Evil" clause [1].  

There does not appear to be any direct usage of it in Streams but there are a number of dependencies
in Streams that do depend on org.json, most notably Twitter4j, and it does appear in the poms.
 

Looking forward to the next release it probably makes sense to verify where it's being pulled
in and find an alternative. There seem to be 3 approaches people are taking:  

- Pull relevant code into the project and replace the JSON.org code with a compatible alternative
 

- Cease distributing offending modules as part of the Apache release  

- Replace dependencies with alternatives that do not depend on org.json.  

To my knowledge releases aren't currently getting -1 because of this, but it's probably coming
and prudent to address it anyway.  

I think in the case of Twitter4j at least, we can likely pull the code into the project, replace
the org.json dep and begin working towards our own implementation.  

-joey  

1. http://www.apache.org/legal/resolved#json  

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message