Wei-Chiu Chuang created HADOOP-15874:
----------------------------------------
Summary: Add Bouncy Castle License
Key: HADOOP-15874
URL: https://issues.apache.org/jira/browse/HADOOP-15874
Project: Hadoop Common
Issue Type: Bug
Reporter: Wei-Chiu Chuang
Compiling HBase against Hadoop trunk tells me Bouncy Castle license is used.
{quote}
This product includes Bouncy Castle PKIX, CMS, EAC, TSP, PKCS, OCSP, CMP, and
CRMF APIs licensed under the Bouncy Castle Licence.
ERROR: Please check ^^^^^^^^^^^^ this License for acceptability here:
https://www.apache.org/legal/resolved
If it is okay, then update the list named 'non_aggregate_fine' in the
LICENSE.vm file.
If it isn't okay, then revert the change that added the dependency.
More info on the dependency:
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk15on</artifactId>
<version>1.60</version>
maven central search
g:org.bouncycastle AND a:bcpkix-jdk15on AND v:1.60
project website
http://www.bouncycastle.org/java.html
project source
https://github.com/bcgit/bc-java
{quote}
According to the project website, Bouncy Castle License is the same as MIT
license.
https://www.bouncycastle.org/licence.html
{quote}
Please note this should be read in the same way as the MIT license.
{quote}
Shall we seek Apache Software Foundation's legal advice? Per ASF legal, Bouncy
Castle is not listed as an includable license:
https://www.apache.org/legal/resolved#category-a
Not sure why it only surfaced in Hadoop trunk (aka branch 3.3) since Bouncy
Castle was included long time ago. Maybe a recent change made by [~rkanter] in
YARN-8857 updated the version and changed the license?
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-dev-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-dev-h...@hadoop.apache.org
