taverna-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stian Soiland-Reyes <st...@apache.org>
Subject Fwd: JSON License and Apache Projects
Date Wed, 23 Nov 2016 14:52:01 GMT
We need to check we are not using org.json as the JSON.org license has
been verified as NOT open source.

See below from Legal VP - tl;dr: "The Software shall be used for Good,
not Evil." is an ambiguous restriction of use!

It seems org.json is used in taverna-mobile -- possibly through the
Apache-licensed clean-room implementation of org.json (part of Android
SDK I believe),  but that needs to be verified:

./incubator-taverna-mobile/app/src/main/java/org/apache/taverna/mobile/utils/WorkflowDB.java:import
org.json.JSONArray;
./incubator-taverna-mobile/app/src/main/java/org/apache/taverna/mobile/utils/WorkflowDB.java:import
org.json.JSONException;
./incubator-taverna-mobile/app/src/main/java/org/apache/taverna/mobile/utils/WorkflowDB.java:import
org.json.JSONObject;

(..)


./incubator-taverna-common-activities/taverna-interaction-activity/src/main/resources/json2.js
is also from json.org - but it has a permissive Public Domain license
(which has other issues) but otherwise is OK.
(as mentioned in LICENSE for incubator-taverna-common-activities)


(If you found the JSON license funny - see here:

---------- Forwarded message ----------
From: Jim Jagielski <jim@apache.org>
Date: 23 November 2016 at 14:08
Subject: JSON License and Apache Projects
To: legal-discuss@apache.org


As some of you may know, recently the JSON License has been
moved to Category X (https://www.apache.org/legal/resolved#category-x).

I understand that this has impacted some projects, especially
those in the midst of doing a release. I also understand that
up until now, really, there has been no real "outcry" over our
usage of it, especially from end-users and other consumers of
our projects which use it.

As compelling as that is, the fact is that the JSON license
itself is not OSI approved and is therefore not, by definition,
an "Open Source license" and, as such, cannot be considered as
one which is acceptable as related to categories.

Therefore, w/ my VP Legal hat on, I am making the following
statements:

  o No new project, sub-project or codebase, which has not
    used JSON licensed jars (or similar), are allowed to use
    them. In other words, if you haven't been using them, you
    aren't allowed to start. It is Cat-X.

  o If you have been using it, and have done so in a *release*,
    AND there has been NO pushback from your community/eco-system,
    you have a temporary exclusion from the Cat-X classification thru
    April 30, 2017. At that point in time, ANY and ALL usage
    of these JSON licensed artifacts are DISALLOWED. You must
    either find a suitably licensed replacement, or do without.
    There will be NO exceptions.

  o Any situation not covered by the above is an implicit
    DISALLOWAL of usage.

Also please note that in the 2nd situation (where a temporary
exclusion has been granted), you MUST ensure that NOTICE explicitly
notifies the end-user that a JSON licensed artifact exists. They
may not be aware of it up to now, and that MUST be addressed.

If there are any questions, please ask on the legal-discuss@a.o
list.

--
Jim Jagielski
VP Legal Affairs


---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org



-- 
Stian Soiland-Reyes
http://orcid.org/0000-0001-9842-9718

Mime
View raw message