[
https://issues.apache.org/jira/browse/HADOOP-13794?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15704983#comment-15704983
]
Steve Loughran commented on HADOOP-13794:
-----------------------------------------
Andrew Wang has pointed to:
https://lists.apache.org/thread.html/bb18f942ce7eb83c11438303c818b885810fb76385979490366720d5@%3Clegal-discuss.apache.org%3E
bq. If you have been using it, and have done so in a *release*, AND there has
been NO pushback from your community/eco-system, you have a temporary exclusion
from the Cat-X classification thru April 30, 2017. At that point in time, ANY
and ALL usage of these JSON licensed artifacts are DISALLOWED. You must either
find a suitably licensed replacement, or do without. There will be NO
exceptions.
This means that Hadoop 2.6-2.8 can continue to ship the older libs —with that
disclaimer; with the jackson/aws SDK updates there's no issue in 2.9+ trunk.
This gives us some headroom to come up with some shading.
What it doesn't do is let projects downstream, which weren't bundling the AWS
SDK, to start doing so.
> JSON.org license is now CatX
> ----------------------------
>
> Key: HADOOP-13794
> URL: https://issues.apache.org/jira/browse/HADOOP-13794
> Project: Hadoop Common
> Issue Type: Bug
> Affects Versions: 2.8.0, 2.7.4, 3.0.0-alpha2, 2.6.6
> Reporter: Sean Busbey
> Priority: Blocker
>
> per [update resolved legal|http://www.apache.org/legal/resolved.html#json]:
> {quote}
> CAN APACHE PRODUCTS INCLUDE WORKS LICENSED UNDER THE JSON LICENSE?
> No. As of 2016-11-03 this has been moved to the 'Category X' license list.
> Prior to this, use of the JSON Java library was allowed. See Debian's page
> for a list of alternatives.
> {quote}
> We have a test-time transitive dependency on the {{org.json:json}} artifact
> in trunk and branch-2. AFAICT, this test time dependency doesn't get exposed
> to downstream at all (I checked assemblies and test-jar artifacts we publish
> to maven), so it can be removed or kept at our leisure. keeping it risks it
> being promoted out of test scope by maven without us noticing. We might be
> able to add an enforcer rule to check for this.
> We also distribute it in bundled form through our use of the AWS Java SDK
> artifacts in trunk and branch-2. Looking at the github project, [their
> dependency on JSON.org was removed in
> 1.11|https://github.com/aws/aws-sdk-java/pull/417], so if we upgrade to
> 1.11.0+ we should be good to go. (this might be hard in branch-2.6 and
> branch-2.7 where we're on 1.7.4)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
