[ https://issues.apache.org/jira/browse/HADOOP-13794?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15704983#comment-15704983 ]
Steve Loughran commented on HADOOP-13794: ----------------------------------------- Andrew Wang has pointed to: https://lists.apache.org/thread.html/bb18f942ce7eb83c11438303c818b885810fb76385979490366720d5@%3Clegal-discuss.apache.org%3E bq. If you have been using it, and have done so in a *release*, AND there has been NO pushback from your community/eco-system, you have a temporary exclusion from the Cat-X classification thru April 30, 2017. At that point in time, ANY and ALL usage of these JSON licensed artifacts are DISALLOWED. You must either find a suitably licensed replacement, or do without. There will be NO exceptions. This means that Hadoop 2.6-2.8 can continue to ship the older libs —with that disclaimer; with the jackson/aws SDK updates there's no issue in 2.9+ trunk. This gives us some headroom to come up with some shading. What it doesn't do is let projects downstream, which weren't bundling the AWS SDK, to start doing so. > JSON.org license is now CatX > ---------------------------- > > Key: HADOOP-13794 > URL: https://issues.apache.org/jira/browse/HADOOP-13794 > Project: Hadoop Common > Issue Type: Bug > Affects Versions: 2.8.0, 2.7.4, 3.0.0-alpha2, 2.6.6 > Reporter: Sean Busbey > Priority: Blocker > > per [update resolved legal|http://www.apache.org/legal/resolved.html#json]: > {quote} > CAN APACHE PRODUCTS INCLUDE WORKS LICENSED UNDER THE JSON LICENSE? > No. As of 2016-11-03 this has been moved to the 'Category X' license list. > Prior to this, use of the JSON Java library was allowed. See Debian's page > for a list of alternatives. > {quote} > We have a test-time transitive dependency on the {{org.json:json}} artifact > in trunk and branch-2. AFAICT, this test time dependency doesn't get exposed > to downstream at all (I checked assemblies and test-jar artifacts we publish > to maven), so it can be removed or kept at our leisure. keeping it risks it > being promoted out of test scope by maven without us noticing. We might be > able to add an enforcer rule to check for this. > We also distribute it in bundled form through our use of the AWS Java SDK > artifacts in trunk and branch-2. Looking at the github project, [their > dependency on JSON.org was removed in > 1.11|https://github.com/aws/aws-sdk-java/pull/417], so if we upgrade to > 1.11.0+ we should be good to go. (this might be hard in branch-2.6 and > branch-2.7 where we're on 1.7.4) -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org