Hi Georg, On 25.11.16 12:52, Georg Kallidis wrote: > Fulcrum Jackson2 1.1.1-SNAPSHOT dependency > - <groupId>com.fasterxml.jackson.datatype</groupId> > <artifactId>jackson-datatype-json-org</artifactId> > > Fulcrum Gson 1.1.1-SNAPSHOT dependency > - <groupId>com.jayway.jsonpath</groupId> > <artifactId>json-path</artifactId>
Are these actually JSON-licensed? I thought the directly dependent libraries have AL 2.0 licenses? > > Turbine 4 class > org.apache.turbine.services.jsonrpc.JSONProcessor > > - dependency > + <groupId>org.jabsorb</groupId> > <artifactId>jabsorb</artifactId> > <version>1.3.2</version> According to the POM, this one is AL 2.0 licensed. However I don't know about transient dependencies. > The snapshots could just switch to an alternative, e.g. > > <groupId>com.vaadin.external.google</groupId> > <artifactId>android-json</artifactId> > <version>0.0.20131108.vaadin1</version> > > or https://code.google.com/archive/p/json-simple/? > > The latter one has the disadvantage having a different package - using it > with a new turbine version and a released fulcrum or a new fulcrum and an > old turbine version might result in problems. As a result the former > alternative seems to be best, or isnĀ“t it? Somehow, I don't like the idea of having Vaadin and/or Android stuff as a dependency to Turbine. Do you believe that anyone else besides you and me actually used this? > > How could we handle the released versions? > Released versions are *released* after all. We cannot call them back. I don't know what is meant by the "temporary exclusion" but this is generally what is accepted as a law of nature. I'll ask back on board@ Bye, Thomas --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
