www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "John Whelan (JIRA)" <j...@apache.org>
Subject [jira] [Created] (LEGAL-294) Non-declared nested dependency license issues
Date Tue, 14 Mar 2017 18:50:41 GMT
John Whelan created LEGAL-294:
---------------------------------

             Summary: Non-declared nested dependency license issues
                 Key: LEGAL-294
                 URL: https://issues.apache.org/jira/browse/LEGAL-294
             Project: Legal Discuss
          Issue Type: Question
            Reporter: John Whelan


I have been going through source for ActiveMQ 5.14.1 including the dependencies, and ran into
content that appears to have licensing issues. Specifically, I see that snappy-java-1.1.2.jar
contains source files licensed by IBM and Oracle that don't clearly indicate that they can
be used by snappy-java. (see https://github.com/xerial/snappy-java/blob/1.1.2/lib/inc_ibm/jni_md.h
and https://github.com/xerial/snappy-java/blob/1.1.2/lib/inc_linux/jni_md.h as examples.)

Related to this, I have a few questions. Does Apache typically do a transitive scan of source
code for products that it consumes? (AKA "would this issue already been discovered and reviewed?")
Given that this library is used in Apache products, is there an Apache issue here, and if
so, what is the proper way to raise the concern?



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org


Mime
View raw message