Good point Justin about the importance of checking for problematic licenses. That fat jar is 600Mb and includes the kitchen sink in terms of classes.
One set of classes is from OpenJDK JOL and this is GPL-2.0 licensed. This seems like a big problem to me, especially because the artifact has already been uploaded to maven central. Downstream users could accidentally include or distribute GPL code by using and redistributing Apache XTable. XTable may also need to be dual licensed because of 2.b) in the GPL-2.0 (the copyleft part): You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties *under the terms of this License*. My interpretation of the incubator disclaimer is not that we can make releases without attempting to produce license documentation -- that doesn't change the consequences of distributing GPL code. It means that we (the IPMC) have not fully checked and verified the license documentation. Given the risks to people using ASF software, I don’t think it is at all safe to make releases without due diligence here. Ryan On Thu, Sep 12, 2024 at 2:23 AM Justin Mclean <jus...@classsoftware.com> wrote: > Hi, > > > Thanks for sharing LEGAL-469 Justin. I have seen it at some point but > > as time passed I forgot its existence. > > > > The DISCLAIMER-WIP contains the following snippet: > > Some of the incubating project’s releases may not be fully compliant > > with ASF policy. For example, releases may have incomplete or > > un-reviewed licensing conditions. What follows is a list of issues the > > project is currently aware of (this list is likely to be incomplete): > > List of known issues goes here > > > > I didn't perform a thorough license check cause it was implied by the > > disclaimer that this rather OK for this type of release. If we need to > > check for all licenses involved then I don't see much point in having > > this WIP file. > > As the WIP disclaimer states, "List of known issues goes here”, so you > need to know (in general) what the issues are, particularly if they are > Category X related the users need to be aware of those. It doesn't need to > be perfect, as it's an incubating project, but you should still do a basic > check. > > Kind Regards, > Justin > --------------------------------------------------------------------- > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org > >
