Details
-
Bug
-
Status: Resolved
-
Blocker
-
Resolution: Done
-
2.8.0, 2.7.4, 2.6.6
-
None
-
None
-
None
Description
CAN APACHE PRODUCTS INCLUDE WORKS LICENSED UNDER THE JSON LICENSE?
No. As of 2016-11-03 this has been moved to the 'Category X' license list. Prior to this, use of the JSON Java library was allowed. See Debian's page for a list of alternatives.
We have a test-time transitive dependency on the org.json:json artifact in trunk and branch-2. AFAICT, this test time dependency doesn't get exposed to downstream at all (I checked assemblies and test-jar artifacts we publish to maven), so it can be removed or kept at our leisure. keeping it risks it being promoted out of test scope by maven without us noticing. We might be able to add an enforcer rule to check for this.
We also distribute it in bundled form through our use of the AWS Java SDK artifacts in trunk and branch-2. Looking at the github project, their dependency on JSON.org was removed in 1.11, so if we upgrade to 1.11.0+ we should be good to go. (this might be hard in branch-2.6 and branch-2.7 where we're on 1.7.4)
Attachments
Issue Links
- is related to
-
-
- Resolved
-
- relates to
-
HADOOP-13050 Upgrade to AWS SDK 1.11.45
-
- Resolved
-
-
-
- Resolved
-