www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ted Dunning <tdunn...@apache.org>
Subject JSON license again
Date Thu, 27 Oct 2016 17:49:27 GMT
I know that this has been brought up, but I think that we have
institutionalized an erroneous decision. That decision is that the json.org
license is a Category A license.

The json.org version of the BSD license is problematic because it imposes
constraints on the downstream consumer by including a constraint on field
of endeavor that the software "not be used for evil". Debian and Google,
for instance, won't consume anything with this license:

https://wiki.debian.org/qa.debian.org/jsonevil
https://www.cnet.com/news/dont-be-evil-google-spurns-no-evil-software/

Apache has codified a policy that is apparently based on a determination
that the no-evil clause was "clearly a joke".

https://www.apache.org/legal/resolved#json
https://s.apache.org/json-license-ok

At work, we now have more than one customer whose legal team has decided
not to get the joke. I will be filing patches to remove those dependencies
from Hive and HCatalog, but the point remains that the json.org license
isn't acceptable to those customers.

To me, all of this clearly shows that the json license is substantially
hindering downstream adoption due to a perception by those downstream
consumers that you can't put a joke into a license. I, frankly, agree with
those folks. Not doing evil is a good thing and I try to do that myself,
but having to get a legal opinion that everything I do is not evil would
make it impossible to get anything done.

I think that this license should be moved to category X due to the non-free
nature of the license. There is a clean-room reimplementation of the core
part of the library available from the Android team
<https://developer.android.com/reference/org/json/package-summary.html> so
removing the dependency. Using Jackson or Gson instead is another fine
approach.

A quick look at maven central indicates that at least the following Apache
projects are affected

Tika
Hive
Wink
possibly Asterixdb (because hyracks had this dependency)
Shindig
Spark (transitive from Hive)
Giraph
Rave
Felix
Tuscany
Tinkerpop

Mime
View raw message