Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-13794

JSON.org license is now CatX

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Blocker
    • Resolution: Done
    • Affects Version/s: 2.8.0, 2.7.4, 2.6.6
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None
    • Target Version/s:

      Description

      per update resolved legal:

      CAN APACHE PRODUCTS INCLUDE WORKS LICENSED UNDER THE JSON LICENSE?

      No. As of 2016-11-03 this has been moved to the 'Category X' license list. Prior to this, use of the JSON Java library was allowed. See Debian's page for a list of alternatives.

      We have a test-time transitive dependency on the org.json:json artifact in trunk and branch-2. AFAICT, this test time dependency doesn't get exposed to downstream at all (I checked assemblies and test-jar artifacts we publish to maven), so it can be removed or kept at our leisure. keeping it risks it being promoted out of test scope by maven without us noticing. We might be able to add an enforcer rule to check for this.

      We also distribute it in bundled form through our use of the AWS Java SDK artifacts in trunk and branch-2. Looking at the github project, their dependency on JSON.org was removed in 1.11, so if we upgrade to 1.11.0+ we should be good to go. (this might be hard in branch-2.6 and branch-2.7 where we're on 1.7.4)

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                busbey Sean Busbey
              • Votes:
                0 Vote for this issue
                Watchers:
                11 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: