[
https://issues.apache.org/jira/browse/NIFI-2991?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15649836#comment-15649836
]
Joseph Witt commented on NIFI-2991:
-----------------------------------
Well, this is not good. I have analyzed all documented references to the
json.org license or anything from the json.org site both in our codebase and in
our resulting convenience binary. There are some perfectly fine references but
the following things are an issue and require follow-on action. I will spawn
JIRAs for a number of these items for the 0.x line and might do the same for
the 1.x line for the specifically scoped items treating this as the 1.x parent
issue.
* nifi-assembly
** any such references will need to be updated as the following deps are changed
* nifi-aws-nar
** not a problem on 1.x line as we're using 1.11.x aws sdk and their NOTICE now
removes this entry
*** "JSON parsing and utility functions from JSON.org - Copyright 2002
JSON.org."
** ACTION: For 1.x we just need to update the nifi-aws-nar notice and
nifi-assembly notice to remove that reference
** is a problem on the 0.x line as we use 1.10.32 aws sdk and it has a source
dependency on the cat-x code. We have to switch to AWS 1.11 line.
** ACTION: File a JIRA for 0.x line to move to 1.11.x aws sdk to resolve the
cat-x json.org dependency
* nifi-social-media-nar
** The offending item is in the twitter4j library which is a binary dependency
for us.
** The Twitter4J source uses some of the now category X json.org source code
and their NOTICE does reference it as well.
** I do not believe we can have this dependency then as-is since twitter4J is
effectively a combination of ASLv2 + CatX.
** ACTION: For 1.x we have to solve this somehow as we have a binary dependency
on Twitter4J which has a source dependency on this CatX item.
** ACTION: For 0.x file a JIRA to address this similar to what we do for 1.x.
* nifi-flume-nar
** same problem as the nifi-social-media-nar.
** ACTION: For 1.x remove 'flume-twitter-source' from nifi-flume-processor
dependency and document that it is no longer supported due to licensing issue.
** ACTION: File a JIRA on 0.x to do the same as we did for 1.x
* nifi-hive-nar
**
./nar/extensions/nifi-hive-nar-1.1.0-SNAPSHOT.nar-unpacked/META-INF/bundled-dependencies/json-20090211.jar
** nifi-hive-processors depends on hive-jdbc which depends on hive-common which
depends on json library.
** ACTION: For 1.x this must be solved somehow and the dependency needs to be
reflected in the LICENSE/NOTICE
** ACTION: For 0.x if we have the hive processors a new JIRA must be filed and
same resolution provided.
* nifi-standard-nar
**
./nar/extensions/nifi-standard-nar-1.1.0-SNAPSHOT.nar-unpacked/META-INF/bundled-dependencies/json-20160810.jar
** nifi-standard-processors depends on org.everit.json which depends on the now
cat-x JSON library. Further, this/these deps don't appear to be reflected in
the nifi-standard-nar
** ACTION: For 1.x this must be solved somehow...
** ACTION: For 0.x a new JIRA must be filed to tackle this in the same manner
it is solved in 1.x
> JSON.org license is now CatX
> ----------------------------
>
> Key: NIFI-2991
> URL: https://issues.apache.org/jira/browse/NIFI-2991
> Project: Apache NiFi
> Issue Type: Bug
> Reporter: Sean Busbey
> Assignee: Joseph Witt
> Priority: Blocker
> Fix For: 1.1.0
>
>
> per [update resolved legal|http://www.apache.org/legal/resolved.html#json]:
> {quote}
> CAN APACHE PRODUCTS INCLUDE WORKS LICENSED UNDER THE JSON LICENSE?
> No. As of 2016-11-03 this has been moved to the 'Category X' license list.
> Prior to this, use of the JSON Java library was allowed. See Debian's page
> for a list of alternatives.
> {quote}
> I don't know how many of our versions include stuff under this license, it's
> definitely currently in master.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
