Hi Martijn, Doh! I was looking at the netty-tcnative-openssl-static module, not the one pulled in by Flink netty-tcnative-boringssl-static, which is of course building BoringSSL not OpenSSL. So the legal issue stands.
Maybe there's a possibility to offer netty-tcnative-openssl-static as an option, but it is not published by the netty project [1], Flink would have to build it and take on that pain. Where the netty boringssl artefact will be more battle tested by the wider community. Sounds like more risk/maintenance than the current solution. Thanks, Rob 1. https://github.com/netty/netty-tcnative/issues/226 On Wed, Jul 10, 2024 at 7:24 PM Martijn Visser <martijnvis...@apache.org> wrote: > Hi Rob, > > While Netty TCNative has upgraded to Openssl 3, there are still references > to BoringSSL [1]. Do you know if TCNative still uses BoringSSL as well in > this version? > > Best regards, > > Martijn > > [1] > > https://github.com/netty/netty-tcnative/blob/netty-tcnative-parent-2.0.62.Final/license/LICENSE.boringssl.txt > > On Wed, Jul 10, 2024 at 3:54 AM Robert Young <robertyoun...@gmail.com> > wrote: > > > Hi, > > > > I see in flink-shaded main we depend > > on <netty.tcnative.version>2.0.62.Final</netty.tcnative.version> and we > > currently avoid building/distributing flink-shaded-netty-tcnative-static > > due to legal issues > > > > > This module is excluded by default since it is not compliant with the > > apache license. https://issues.apache.org/jira/browse/LEGAL-393 > > > > netty-tcnative 2.0.62.Final upgraded openssl to 3.1.2 [1] > > > > Openssl 3 introduced a license change to apache 2 [2] so I wondered if > it's > > now okay to build/deploy flink-shaded-netty-tcnative-static? Then we > could > > avoid having to build the static lib in the flink core end-to-end tests > [3] > > and include it in the flink binary distribution for users to access. > > > > 1. > > > > > https://github.com/netty/netty-tcnative/blob/d70e48a56c4aaa8df86a7de2e275e51aa0cc43a1/pom.xml#L97 > > 2. https://www.openssl.org/docs/man3.0/man7/migration_guide.html > > 3. > > > > > https://github.com/apache/flink/blob/4e86d98437480377973f66600c2d5bda907589d6/flink-end-to-end-tests/test-scripts/common_ssl.sh#L82 > > > > Thanks, > > Rob Young > > >
