Sean Busbey created HADOOP-13794:
------------------------------------
Summary: JSON.org license is now CatX
Key: HADOOP-13794
URL: https://issues.apache.org/jira/browse/HADOOP-13794
Project: Hadoop Common
Issue Type: Bug
Reporter: Sean Busbey
Priority: Blocker
per [update resolved legal|http://www.apache.org/legal/resolved.html#json]:
{quote}
CAN APACHE PRODUCTS INCLUDE WORKS LICENSED UNDER THE JSON LICENSE?
No. As of 2016-11-03 this has been moved to the 'Category X' license list.
Prior to this, use of the JSON Java library was allowed. See Debian's page for
a list of alternatives.
{quote}
We have a test-time transitive dependency on the {{org.json:json}} artifact in
trunk and branch-2. AFAICT, this test time dependency doesn't get exposed to
downstream at all (I checked assemblies and test-jar artifacts we publish to
maven), so it can be removed or kept at our leisure. keeping it risks it being
promoted out of test scope by maven without us noticing. We might be able to
add an enforcer rule to check for this.
We also distribute it in bundled form through our use of the AWS Java SDK
artifacts in trunk and branch-2. Looking at the github project, [their
dependency on JSON.org was removed in
1.11|https://github.com/aws/aws-sdk-java/pull/417], so if we upgrade to 1.11.0+
we should be good to go. (this might be hard in branch-2.6 and branch-2.7 where
we're on 1.7.4)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-dev-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-dev-h...@hadoop.apache.org
