[jira] [Comment Edited] (LEGAL-592) Third-party jar of [Indiana University Extreme! Lab Software License] is used in the binary release, whether it satisfies license policy?

["Heping Wang (Jira)" <ji...@apache.org>]

    [ https://issues.apache.org/jira/browse/LEGAL-592?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17474393#comment-17474393 ] 

Heping Wang edited comment on LEGAL-592 at 1/12/22, 9:33 AM:
-------------------------------------------------------------

Thank you, [~rvs]  and [~jmclean] 

 

We double-checked and verified that this dependency[mxparser.jar] is redundant for our project. In order to avoid unnecessary controversy, we decided to remove the dependency on it in the binary released.

In addition, when doing the Incubator Release Checklist, there is a third-party dependent license item about the binary package, which confuses me:

1. For the dependent third-party jar package, its LICENSE/NOTICE file, we should use the latest or the LICENSE/NOTICE file corresponding to the dependent jar package version.

2. Is there any better tool to easily obtain the corresponding LICENSE/NOTICE file, because once the project dependencies change, the corresponding LICENSE/NOTICE needs to be added or removed. One way I can think of is to get it from its jar package, but not all jar packages are released with a LICENSE/NOTICE file. However, relying on manual inspection is easy to miss.


was (Author: peacewong):
Thank you, Justin Mclean and Roman Shaposhnik.

We double-checked and verified that this dependency[mxparser.jar] is redundant for our project. In order to avoid unnecessary controversy, we decided to remove the dependency on it in the binary released.


In addition, when doing the Incubator Release Checklist, there is a third-party dependent license item about the binary package, which confuses me:

1. For the dependent third-party jar package, its LICENSE/NOTICE file, we should use the latest or the LICENSE/NOTICE file corresponding to the dependent jar package version.

2. Is there any better tool to easily obtain the corresponding LICENSE/NOTICE file, because once the project dependencies change, the corresponding LICENSE/NOTICE needs to be added or removed. One way I can think of is to get it from its jar package, but not all jar packages are released with a LICENSE/NOTICE file. However, relying on manual inspection is easy to miss.

> Third-party jar of [Indiana University Extreme! Lab Software License] is used in the binary release, whether it satisfies license policy?
> -----------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: LEGAL-592
>                 URL: https://issues.apache.org/jira/browse/LEGAL-592
>             Project: Legal Discuss
>          Issue Type: Question
>            Reporter: Heping Wang
>            Priority: Major
>
> We used  org.springframework.cloud:spring-cloud-starter-netflix-ribbon:jar
> in linkis project. And It indirectly depends on io.github.x-stream:mxparser. The license of x-stream:mxparser is：
> (Indiana University Extreme! Lab Software License) MXParser (io.github.x-stream:mxparser:1.2.2 - http://x-stream.github.io/mxparser)
> [https://github.com/x-stream/mxparser/blob/master/LICENSE.txt]
>  
> This license does not find the corresponding classification in the A/B/X category[1].
> Third-party jar of [Indiana University Extreme! Lab Software License] is used in the binary release, whether it satisfies license policy?
> [[1] https://apache.org/legal/resolved.html|https://apache.org/legal/resolved.html] 
>  



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org