The ASF recently reclassified the JSON license for org.json as category-x because of its "shall be used for Good, not Evil" clause [1].
There does not appear to be any direct usage of it in Streams but there are a number of dependencies in Streams that do depend on org.json, most notably Twitter4j, and it does appear in the poms. Looking forward to the next release it probably makes sense to verify where it's being pulled in and find an alternative. There seem to be 3 approaches people are taking: - Pull relevant code into the project and replace the JSON.org code with a compatible alternative - Cease distributing offending modules as part of the Apache release - Replace dependencies with alternatives that do not depend on org.json. To my knowledge releases aren't currently getting -1 because of this, but it's probably coming and prudent to address it anyway. I think in the case of Twitter4j at least, we can likely pull the code into the project, replace the org.json dep and begin working towards our own implementation. -joey 1. http://www.apache.org/legal/resolved#json
