www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Marvin Humphrey (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (LEGAL-294) Non-declared nested dependency license issues
Date Sat, 22 Apr 2017 01:44:04 GMT

     [ https://issues.apache.org/jira/browse/LEGAL-294?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Marvin Humphrey resolved LEGAL-294.
    Resolution: Information Provided

> Non-declared nested dependency license issues
> ---------------------------------------------
>                 Key: LEGAL-294
>                 URL: https://issues.apache.org/jira/browse/LEGAL-294
>             Project: Legal Discuss
>          Issue Type: Question
>            Reporter: John Whelan
> I have been going through source for ActiveMQ 5.14.1 including the dependencies, and
ran into content that appears to have licensing issues. Specifically, I see that snappy-java-1.1.2.jar
contains source files licensed by IBM and Oracle that don't clearly indicate that they can
be used by snappy-java. (see https://github.com/xerial/snappy-java/blob/1.1.2/lib/inc_ibm/jni_md.h
and https://github.com/xerial/snappy-java/blob/1.1.2/lib/inc_linux/jni_md.h as examples.)
> Related to this, I have a few questions. Does Apache typically do a transitive scan of
source code for products that it consumes? (AKA "would this issue already been discovered
and reviewed?") Given that this library is used in Apache products, is there an Apache issue
here, and if so, what is the proper way to raise the concern?

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org

View raw message