You are viewing a plain text version of this content. The canonical link for it is here.
Posted to legal-discuss@apache.org by Jim Jagielski <ji...@apache.org> on 2016/11/23 14:08:30 UTC
JSON License and Apache Projects
As some of you may know, recently the JSON License has been
moved to Category X (https://www.apache.org/legal/resolved#category-x).
I understand that this has impacted some projects, especially
those in the midst of doing a release. I also understand that
up until now, really, there has been no real "outcry" over our
usage of it, especially from end-users and other consumers of
our projects which use it.
As compelling as that is, the fact is that the JSON license
itself is not OSI approved and is therefore not, by definition,
an "Open Source license" and, as such, cannot be considered as
one which is acceptable as related to categories.
Therefore, w/ my VP Legal hat on, I am making the following
statements:
o No new project, sub-project or codebase, which has not
used JSON licensed jars (or similar), are allowed to use
them. In other words, if you haven't been using them, you
aren't allowed to start. It is Cat-X.
o If you have been using it, and have done so in a *release*,
AND there has been NO pushback from your community/eco-system,
you have a temporary exclusion from the Cat-X classification thru
April 30, 2017. At that point in time, ANY and ALL usage
of these JSON licensed artifacts are DISALLOWED. You must
either find a suitably licensed replacement, or do without.
There will be NO exceptions.
o Any situation not covered by the above is an implicit
DISALLOWAL of usage.
Also please note that in the 2nd situation (where a temporary
exclusion has been granted), you MUST ensure that NOTICE explicitly
notifies the end-user that a JSON licensed artifact exists. They
may not be aware of it up to now, and that MUST be addressed.
If there are any questions, please ask on the legal-discuss@a.o
list.
--
Jim Jagielski
VP Legal Affairs
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org
Fwd: JSON License and Apache Projects
Posted by "P. Taylor Goetz" <pt...@gmail.com>.
FYI. Official statement from VP Legal regarding use of json.org <http://json.org/> licensed code.
-Taylor
> Begin forwarded message:
>
> From: Jim Jagielski <ji...@apache.org>
> Subject: JSON License and Apache Projects
> Date: November 23, 2016 at 9:08:30 AM EST
> To: legal-discuss@apache.org
> Reply-To: legal-discuss@apache.org
>
> As some of you may know, recently the JSON License has been
> moved to Category X (https://www.apache.org/legal/resolved#category-x).
>
> I understand that this has impacted some projects, especially
> those in the midst of doing a release. I also understand that
> up until now, really, there has been no real "outcry" over our
> usage of it, especially from end-users and other consumers of
> our projects which use it.
>
> As compelling as that is, the fact is that the JSON license
> itself is not OSI approved and is therefore not, by definition,
> an "Open Source license" and, as such, cannot be considered as
> one which is acceptable as related to categories.
>
> Therefore, w/ my VP Legal hat on, I am making the following
> statements:
>
> o No new project, sub-project or codebase, which has not
> used JSON licensed jars (or similar), are allowed to use
> them. In other words, if you haven't been using them, you
> aren't allowed to start. It is Cat-X.
>
> o If you have been using it, and have done so in a *release*,
> AND there has been NO pushback from your community/eco-system,
> you have a temporary exclusion from the Cat-X classification thru
> April 30, 2017. At that point in time, ANY and ALL usage
> of these JSON licensed artifacts are DISALLOWED. You must
> either find a suitably licensed replacement, or do without.
> There will be NO exceptions.
>
> o Any situation not covered by the above is an implicit
> DISALLOWAL of usage.
>
> Also please note that in the 2nd situation (where a temporary
> exclusion has been granted), you MUST ensure that NOTICE explicitly
> notifies the end-user that a JSON licensed artifact exists. They
> may not be aware of it up to now, and that MUST be addressed.
>
> If there are any questions, please ask on the legal-discuss@a.o
> list.
>
> --
> Jim Jagielski
> VP Legal Affairs
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> For additional commands, e-mail: legal-discuss-help@apache.org
>
Fwd: JSON License and Apache Projects
Posted by Andy Seaborne <an...@apache.org>.
Jena does not use code with the JSON License so this is just FYI.
jsonld-java uses com.fasterxml.jackson
Some organisations treat the "not be used for evil" clause as not
material; some organisations, Debian and Google, for instance, don't
allow its use.
https://opensource.org/ does not classify it as an Open Source license.
Andy
-------- Forwarded Message --------
Subject: JSON License and Apache Projects
Date: Wed, 23 Nov 2016 09:08:30 -0500
From: Jim Jagielski <ji...@apache.org>
Reply-To: legal-discuss@apache.org
To: legal-discuss@apache.org
As some of you may know, recently the JSON License has been
moved to Category X (https://www.apache.org/legal/resolved#category-x).
I understand that this has impacted some projects, especially
those in the midst of doing a release. I also understand that
up until now, really, there has been no real "outcry" over our
usage of it, especially from end-users and other consumers of
our projects which use it.
As compelling as that is, the fact is that the JSON license
itself is not OSI approved and is therefore not, by definition,
an "Open Source license" and, as such, cannot be considered as
one which is acceptable as related to categories.
Therefore, w/ my VP Legal hat on, I am making the following
statements:
o No new project, sub-project or codebase, which has not
used JSON licensed jars (or similar), are allowed to use
them. In other words, if you haven't been using them, you
aren't allowed to start. It is Cat-X.
o If you have been using it, and have done so in a *release*,
AND there has been NO pushback from your community/eco-system,
you have a temporary exclusion from the Cat-X classification thru
April 30, 2017. At that point in time, ANY and ALL usage
of these JSON licensed artifacts are DISALLOWED. You must
either find a suitably licensed replacement, or do without.
There will be NO exceptions.
o Any situation not covered by the above is an implicit
DISALLOWAL of usage.
Also please note that in the 2nd situation (where a temporary
exclusion has been granted), you MUST ensure that NOTICE explicitly
notifies the end-user that a JSON licensed artifact exists. They
may not be aware of it up to now, and that MUST be addressed.
If there are any questions, please ask on the legal-discuss@a.o
list.
--
Jim Jagielski
VP Legal Affairs
Re: JSON License and Apache Projects
Posted by Sebastien <se...@gmail.com>.
dsl-json seems to be fast, and the license seems to be compatible (BSD
3-Clause).
However, this is a quite new project, which is java-8 oriented AFAICS.
I guess the JSON library we will choose should be java 1.5, 6, 7 & 8
compatible...
On Wed, Nov 23, 2016 at 6:37 PM, Martin Grigorov <mg...@apache.org>
wrote:
> Better use https://github.com/fabienrenaud/java-json-benchmark
> The article by Takipi is both old and the testing approach is inaccurate.
>
> Martin Grigorov
> Wicket Training and Consulting
> https://twitter.com/mtgrigorov
>
> On Wed, Nov 23, 2016 at 6:25 PM, Tobias Soloschenko <
> tobiassoloschenko@googlemail.com> wrote:
>
> > Hi,
> >
> > we should also consider the performance impact, shouldn't we?
> >
> > http://blog.takipi.com/the-ultimate-json-library-json-simple
> > -vs-gson-vs-jackson-vs-json/
> >
> > kind regards
> >
> > Tobias
> >
> > Am 23.11.16 um 17:26 schrieb Sebastien:
> >
> > I'm +1 for jackson. We already use it in wicket-extensions
> >>
> >> https://github.com/apache/wicket/blob/master/wicket-extensio
> >> ns/src/main/java/org/apache/wicket/extensions/requestlogge
> >> r/JsonRequestLogger.java#L22
> >>
> >> Moreover, I'm personally fine to rely on a 3rd party library for JSON
> >> objects. That way you can use the same library back-end side and get the
> >> JSON objects back (no deserialization issues, which is not true if a
> >> specific JSON lib is front-end side only, like for our JSON internal
> lib)
> >>
> >>
> >> On Wed, Nov 23, 2016 at 5:16 PM, Martijn Dashorst <
> >> martijn.dashorst@gmail.com> wrote:
> >>
> >> Another option would be to use jackson and use the JSON classes in
> >>> Wicket as API wrappers.
> >>>
> >>> Martijn
> >>>
> >>>
> >
>
Re: JSON License and Apache Projects
Posted by Tobias Soloschenko <to...@googlemail.com>.
Hi Martin,
sadly there are classes not covered by open-json, but for all others we could make different PRs for 6.x and 7.x and copy them. In this case I would suggest to also let the name of JSONFunction to be like I renamed it.
kind regards
Tobias
> Am 24.11.2016 um 21:46 schrieb Martin Grigorov <mg...@apache.org>:
>
> Hi Tobias,
>
> This PR is OK for 8.x but as Emond said: making such change in 6.x and 7.x
> is a *BIG* API break.
> 1.5.x is not affected because we introduced JSON.org for the Ajax rework in
> Wicket 6.0.0.
> I believe the easier solution for 6.x and 7.x is to copy the classes from
> Open-JSON and replace the current ones.
>
> Martin Grigorov
> Wicket Training and Consulting
> https://twitter.com/mtgrigorov
>
> On Thu, Nov 24, 2016 at 7:01 PM, Tobias Soloschenko <
> tobiassoloschenko@googlemail.com> wrote:
>
>> Hi,
>>
>> to provide the most possible backward compatibility I think open-json is
>> great:
>>
>> https://github.com/apache/wicket/pull/193
>> https://github.com/tdunning/open-json/pull/1
>> https://github.com/apache/wicket/pull/193
>>
>> I also think that we should move the classes out and use the external lib.
>>
>> Libraries which are using Apache Wicket JSON only have to organize the
>> imports in most cases. If classes are used which are not ported yet - you
>> can exclude open-json and shift to json.org - or you can implement it
>> yourself.
>>
>> WDYT?
>>
>> kind regards
>>
>> Tobias
>>
>> 2016-11-23 21:26 GMT+01:00 Mark Struberg <st...@yahoo.de.invalid>:
>>
>>> Try Apache Johnzon.
>>> It is really tiny (< 100k) and already used in CXF and TomEE as well for
>>> example.
>>> It's based on the JSON-P specification, so it's even optional if you run
>>> Wicket on a EE7 server.
>>>
>>> LieGrue,
>>> strub
>>>
>>>
>>>> Am 23.11.2016 um 20:24 schrieb Emond Papegaaij <
>>> emond.papegaaij@gmail.com>:
>>>>
>>>> Hi,
>>>>
>>>> Does this mean we can no longer include these files in Wicket 6 and 7?
>>>> If so, that would mean a serious API break, or we need to duplicate
>>>> the entire API in new classes. The classes are part of the public API
>>>> of AbstractDefaultAjaxBehavior and the classes are publicly available.
>>>>
>>>> Looking at the usage of the classes in Wicket, I don't see why we need
>>>> a heavy weight library such as Jackson. Also, Jackson has a history of
>>>> breaking its API even in patch releases. It has proven one of the most
>>>> unreliable libraries in our applications over the past few years.
>>>>
>>>> Wicket only uses the JSON classes in 3 places:
>>>> AbstractDefaultAjaxBehavior, AtmosphereParameters and ModalWindow. I
>>>> think we should either find a lightweight substitute or write
>>>> something ourselves from scratch. As far as I can see, we only use the
>>>> classes to render Maps and arrays to JSON. We do not seem to be using
>>>> them for parsing.
>>>>
>>>> Best regards,
>>>> Emond
>>>>
>>>> On Wed, Nov 23, 2016 at 7:44 PM, Mark Struberg
>>>> <st...@yahoo.de.invalid> wrote:
>>>>> This benchmark is also not really correct.
>>>>> For Johnzon it creates a new JsonProvider for each and every
>>> invocation. This heavily slows down the performance.
>>>>>
>>>>> LieGrue,
>>>>> strub
>>>>>
>>>>>> Am 23.11.2016 um 18:37 schrieb Martin Grigorov <mgrigorov@apache.org
>>> :
>>>>>>
>>>>>> https://github.com/fabienrenaud/java-json-benchmark
>>>>>
>>>
>>>
>>
Re: JSON License and Apache Projects
Posted by Martin Grigorov <mg...@apache.org>.
Hi Tobias,
This PR is OK for 8.x but as Emond said: making such change in 6.x and 7.x
is a *BIG* API break.
1.5.x is not affected because we introduced JSON.org for the Ajax rework in
Wicket 6.0.0.
I believe the easier solution for 6.x and 7.x is to copy the classes from
Open-JSON and replace the current ones.
Martin Grigorov
Wicket Training and Consulting
https://twitter.com/mtgrigorov
On Thu, Nov 24, 2016 at 7:01 PM, Tobias Soloschenko <
tobiassoloschenko@googlemail.com> wrote:
> Hi,
>
> to provide the most possible backward compatibility I think open-json is
> great:
>
> https://github.com/apache/wicket/pull/193
> https://github.com/tdunning/open-json/pull/1
> https://github.com/apache/wicket/pull/193
>
> I also think that we should move the classes out and use the external lib.
>
> Libraries which are using Apache Wicket JSON only have to organize the
> imports in most cases. If classes are used which are not ported yet - you
> can exclude open-json and shift to json.org - or you can implement it
> yourself.
>
> WDYT?
>
> kind regards
>
> Tobias
>
> 2016-11-23 21:26 GMT+01:00 Mark Struberg <st...@yahoo.de.invalid>:
>
> > Try Apache Johnzon.
> > It is really tiny (< 100k) and already used in CXF and TomEE as well for
> > example.
> > It's based on the JSON-P specification, so it's even optional if you run
> > Wicket on a EE7 server.
> >
> > LieGrue,
> > strub
> >
> >
> > > Am 23.11.2016 um 20:24 schrieb Emond Papegaaij <
> > emond.papegaaij@gmail.com>:
> > >
> > > Hi,
> > >
> > > Does this mean we can no longer include these files in Wicket 6 and 7?
> > > If so, that would mean a serious API break, or we need to duplicate
> > > the entire API in new classes. The classes are part of the public API
> > > of AbstractDefaultAjaxBehavior and the classes are publicly available.
> > >
> > > Looking at the usage of the classes in Wicket, I don't see why we need
> > > a heavy weight library such as Jackson. Also, Jackson has a history of
> > > breaking its API even in patch releases. It has proven one of the most
> > > unreliable libraries in our applications over the past few years.
> > >
> > > Wicket only uses the JSON classes in 3 places:
> > > AbstractDefaultAjaxBehavior, AtmosphereParameters and ModalWindow. I
> > > think we should either find a lightweight substitute or write
> > > something ourselves from scratch. As far as I can see, we only use the
> > > classes to render Maps and arrays to JSON. We do not seem to be using
> > > them for parsing.
> > >
> > > Best regards,
> > > Emond
> > >
> > > On Wed, Nov 23, 2016 at 7:44 PM, Mark Struberg
> > > <st...@yahoo.de.invalid> wrote:
> > >> This benchmark is also not really correct.
> > >> For Johnzon it creates a new JsonProvider for each and every
> > invocation. This heavily slows down the performance.
> > >>
> > >> LieGrue,
> > >> strub
> > >>
> > >>> Am 23.11.2016 um 18:37 schrieb Martin Grigorov <mgrigorov@apache.org
> >:
> > >>>
> > >>> https://github.com/fabienrenaud/java-json-benchmark
> > >>
> >
> >
>
Re: JSON License and Apache Projects
Posted by Tobias Soloschenko <to...@googlemail.com>.
Hi,
to provide the most possible backward compatibility I think open-json is
great:
https://github.com/apache/wicket/pull/193
https://github.com/tdunning/open-json/pull/1
https://github.com/apache/wicket/pull/193
I also think that we should move the classes out and use the external lib.
Libraries which are using Apache Wicket JSON only have to organize the
imports in most cases. If classes are used which are not ported yet - you
can exclude open-json and shift to json.org - or you can implement it
yourself.
WDYT?
kind regards
Tobias
2016-11-23 21:26 GMT+01:00 Mark Struberg <st...@yahoo.de.invalid>:
> Try Apache Johnzon.
> It is really tiny (< 100k) and already used in CXF and TomEE as well for
> example.
> It's based on the JSON-P specification, so it's even optional if you run
> Wicket on a EE7 server.
>
> LieGrue,
> strub
>
>
> > Am 23.11.2016 um 20:24 schrieb Emond Papegaaij <
> emond.papegaaij@gmail.com>:
> >
> > Hi,
> >
> > Does this mean we can no longer include these files in Wicket 6 and 7?
> > If so, that would mean a serious API break, or we need to duplicate
> > the entire API in new classes. The classes are part of the public API
> > of AbstractDefaultAjaxBehavior and the classes are publicly available.
> >
> > Looking at the usage of the classes in Wicket, I don't see why we need
> > a heavy weight library such as Jackson. Also, Jackson has a history of
> > breaking its API even in patch releases. It has proven one of the most
> > unreliable libraries in our applications over the past few years.
> >
> > Wicket only uses the JSON classes in 3 places:
> > AbstractDefaultAjaxBehavior, AtmosphereParameters and ModalWindow. I
> > think we should either find a lightweight substitute or write
> > something ourselves from scratch. As far as I can see, we only use the
> > classes to render Maps and arrays to JSON. We do not seem to be using
> > them for parsing.
> >
> > Best regards,
> > Emond
> >
> > On Wed, Nov 23, 2016 at 7:44 PM, Mark Struberg
> > <st...@yahoo.de.invalid> wrote:
> >> This benchmark is also not really correct.
> >> For Johnzon it creates a new JsonProvider for each and every
> invocation. This heavily slows down the performance.
> >>
> >> LieGrue,
> >> strub
> >>
> >>> Am 23.11.2016 um 18:37 schrieb Martin Grigorov <mg...@apache.org>:
> >>>
> >>> https://github.com/fabienrenaud/java-json-benchmark
> >>
>
>
Re: JSON License and Apache Projects
Posted by Mark Struberg <st...@yahoo.de.INVALID>.
Try Apache Johnzon.
It is really tiny (< 100k) and already used in CXF and TomEE as well for example.
It's based on the JSON-P specification, so it's even optional if you run Wicket on a EE7 server.
LieGrue,
strub
> Am 23.11.2016 um 20:24 schrieb Emond Papegaaij <em...@gmail.com>:
>
> Hi,
>
> Does this mean we can no longer include these files in Wicket 6 and 7?
> If so, that would mean a serious API break, or we need to duplicate
> the entire API in new classes. The classes are part of the public API
> of AbstractDefaultAjaxBehavior and the classes are publicly available.
>
> Looking at the usage of the classes in Wicket, I don't see why we need
> a heavy weight library such as Jackson. Also, Jackson has a history of
> breaking its API even in patch releases. It has proven one of the most
> unreliable libraries in our applications over the past few years.
>
> Wicket only uses the JSON classes in 3 places:
> AbstractDefaultAjaxBehavior, AtmosphereParameters and ModalWindow. I
> think we should either find a lightweight substitute or write
> something ourselves from scratch. As far as I can see, we only use the
> classes to render Maps and arrays to JSON. We do not seem to be using
> them for parsing.
>
> Best regards,
> Emond
>
> On Wed, Nov 23, 2016 at 7:44 PM, Mark Struberg
> <st...@yahoo.de.invalid> wrote:
>> This benchmark is also not really correct.
>> For Johnzon it creates a new JsonProvider for each and every invocation. This heavily slows down the performance.
>>
>> LieGrue,
>> strub
>>
>>> Am 23.11.2016 um 18:37 schrieb Martin Grigorov <mg...@apache.org>:
>>>
>>> https://github.com/fabienrenaud/java-json-benchmark
>>
Re: JSON License and Apache Projects
Posted by Emond Papegaaij <em...@gmail.com>.
Hi,
Does this mean we can no longer include these files in Wicket 6 and 7?
If so, that would mean a serious API break, or we need to duplicate
the entire API in new classes. The classes are part of the public API
of AbstractDefaultAjaxBehavior and the classes are publicly available.
Looking at the usage of the classes in Wicket, I don't see why we need
a heavy weight library such as Jackson. Also, Jackson has a history of
breaking its API even in patch releases. It has proven one of the most
unreliable libraries in our applications over the past few years.
Wicket only uses the JSON classes in 3 places:
AbstractDefaultAjaxBehavior, AtmosphereParameters and ModalWindow. I
think we should either find a lightweight substitute or write
something ourselves from scratch. As far as I can see, we only use the
classes to render Maps and arrays to JSON. We do not seem to be using
them for parsing.
Best regards,
Emond
On Wed, Nov 23, 2016 at 7:44 PM, Mark Struberg
<st...@yahoo.de.invalid> wrote:
> This benchmark is also not really correct.
> For Johnzon it creates a new JsonProvider for each and every invocation. This heavily slows down the performance.
>
> LieGrue,
> strub
>
>> Am 23.11.2016 um 18:37 schrieb Martin Grigorov <mg...@apache.org>:
>>
>> https://github.com/fabienrenaud/java-json-benchmark
>
Re: JSON License and Apache Projects
Posted by Mark Struberg <st...@yahoo.de.INVALID>.
This benchmark is also not really correct.
For Johnzon it creates a new JsonProvider for each and every invocation. This heavily slows down the performance.
LieGrue,
strub
> Am 23.11.2016 um 18:37 schrieb Martin Grigorov <mg...@apache.org>:
>
> https://github.com/fabienrenaud/java-json-benchmark
Re: JSON License and Apache Projects
Posted by Martin Grigorov <mg...@apache.org>.
Better use https://github.com/fabienrenaud/java-json-benchmark
The article by Takipi is both old and the testing approach is inaccurate.
Martin Grigorov
Wicket Training and Consulting
https://twitter.com/mtgrigorov
On Wed, Nov 23, 2016 at 6:25 PM, Tobias Soloschenko <
tobiassoloschenko@googlemail.com> wrote:
> Hi,
>
> we should also consider the performance impact, shouldn't we?
>
> http://blog.takipi.com/the-ultimate-json-library-json-simple
> -vs-gson-vs-jackson-vs-json/
>
> kind regards
>
> Tobias
>
> Am 23.11.16 um 17:26 schrieb Sebastien:
>
> I'm +1 for jackson. We already use it in wicket-extensions
>>
>> https://github.com/apache/wicket/blob/master/wicket-extensio
>> ns/src/main/java/org/apache/wicket/extensions/requestlogge
>> r/JsonRequestLogger.java#L22
>>
>> Moreover, I'm personally fine to rely on a 3rd party library for JSON
>> objects. That way you can use the same library back-end side and get the
>> JSON objects back (no deserialization issues, which is not true if a
>> specific JSON lib is front-end side only, like for our JSON internal lib)
>>
>>
>> On Wed, Nov 23, 2016 at 5:16 PM, Martijn Dashorst <
>> martijn.dashorst@gmail.com> wrote:
>>
>> Another option would be to use jackson and use the JSON classes in
>>> Wicket as API wrappers.
>>>
>>> Martijn
>>>
>>>
>
Re: JSON License and Apache Projects
Posted by Tobias Soloschenko <to...@googlemail.com>.
Hi,
we should also consider the performance impact, shouldn't we?
http://blog.takipi.com/the-ultimate-json-library-json-simple-vs-gson-vs-jackson-vs-json/
kind regards
Tobias
Am 23.11.16 um 17:26 schrieb Sebastien:
> I'm +1 for jackson. We already use it in wicket-extensions
>
> https://github.com/apache/wicket/blob/master/wicket-extensions/src/main/java/org/apache/wicket/extensions/requestlogger/JsonRequestLogger.java#L22
>
> Moreover, I'm personally fine to rely on a 3rd party library for JSON
> objects. That way you can use the same library back-end side and get the
> JSON objects back (no deserialization issues, which is not true if a
> specific JSON lib is front-end side only, like for our JSON internal lib)
>
>
> On Wed, Nov 23, 2016 at 5:16 PM, Martijn Dashorst <
> martijn.dashorst@gmail.com> wrote:
>
>> Another option would be to use jackson and use the JSON classes in
>> Wicket as API wrappers.
>>
>> Martijn
>>
Fwd: JSON License and Apache Projects
Posted by Julian Hyde <jh...@apache.org>.
Apache legal have decided that the JSON license is now category X (i.e. we can’t use it). This is a reverse from previous guidance. I don’t believe that we use (directly or indirectly) any JSON-licensed components, but if we do, please speak up and log an issue.
Julian
> Begin forwarded message:
>
> From: Jim Jagielski <ji...@apache.org>
> Date: Wed, Nov 23, 2016 at 10:08 PM
> Subject: JSON License and Apache Projects
> To: legal-discuss@apache.org
>
>
> As some of you may know, recently the JSON License has been
> moved to Category X (https://www.apache.org/legal/resolved#category-x).
>
> I understand that this has impacted some projects, especially
> those in the midst of doing a release. I also understand that
> up until now, really, there has been no real "outcry" over our
> usage of it, especially from end-users and other consumers of
> our projects which use it.
>
> As compelling as that is, the fact is that the JSON license
> itself is not OSI approved and is therefore not, by definition,
> an "Open Source license" and, as such, cannot be considered as
> one which is acceptable as related to categories.
>
> Therefore, w/ my VP Legal hat on, I am making the following
> statements:
>
> o No new project, sub-project or codebase, which has not
> used JSON licensed jars (or similar), are allowed to use
> them. In other words, if you haven't been using them, you
> aren't allowed to start. It is Cat-X.
>
> o If you have been using it, and have done so in a *release*,
> AND there has been NO pushback from your community/eco-system,
> you have a temporary exclusion from the Cat-X classification thru
> April 30, 2017. At that point in time, ANY and ALL usage
> of these JSON licensed artifacts are DISALLOWED. You must
> either find a suitably licensed replacement, or do without.
> There will be NO exceptions.
>
> o Any situation not covered by the above is an implicit
> DISALLOWAL of usage.
>
> Also please note that in the 2nd situation (where a temporary
> exclusion has been granted), you MUST ensure that NOTICE explicitly
> notifies the end-user that a JSON licensed artifact exists. They
> may not be aware of it up to now, and that MUST be addressed.
>
> If there are any questions, please ask on the legal-discuss@a.o
> list.
>
> --
> Jim Jagielski
> VP Legal Affairs
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> For additional commands, e-mail: legal-discuss-help@apache.org
Fwd: JSON License and Apache Projects
Posted by Luke Han <lu...@apache.org>.
Dear community,
We have informed there's JSON license issue which every project has to
resolve it.
Please help to double check if our project directly depends on that
one, and if our dependencies rely on it.
Let's try to upgrade/replace any library to one without such issue in
our coming releases.
More detail, please check below mail from legal.
Thanks.
Luke
---------- Forwarded message ----------
From: Jim Jagielski <ji...@apache.org>
Date: Wed, Nov 23, 2016 at 10:08 PM
Subject: JSON License and Apache Projects
To: legal-discuss@apache.org
As some of you may know, recently the JSON License has been
moved to Category X (https://www.apache.org/legal/resolved#category-x).
I understand that this has impacted some projects, especially
those in the midst of doing a release. I also understand that
up until now, really, there has been no real "outcry" over our
usage of it, especially from end-users and other consumers of
our projects which use it.
As compelling as that is, the fact is that the JSON license
itself is not OSI approved and is therefore not, by definition,
an "Open Source license" and, as such, cannot be considered as
one which is acceptable as related to categories.
Therefore, w/ my VP Legal hat on, I am making the following
statements:
o No new project, sub-project or codebase, which has not
used JSON licensed jars (or similar), are allowed to use
them. In other words, if you haven't been using them, you
aren't allowed to start. It is Cat-X.
o If you have been using it, and have done so in a *release*,
AND there has been NO pushback from your community/eco-system,
you have a temporary exclusion from the Cat-X classification thru
April 30, 2017. At that point in time, ANY and ALL usage
of these JSON licensed artifacts are DISALLOWED. You must
either find a suitably licensed replacement, or do without.
There will be NO exceptions.
o Any situation not covered by the above is an implicit
DISALLOWAL of usage.
Also please note that in the 2nd situation (where a temporary
exclusion has been granted), you MUST ensure that NOTICE explicitly
notifies the end-user that a JSON licensed artifact exists. They
may not be aware of it up to now, and that MUST be addressed.
If there are any questions, please ask on the legal-discuss@a.o
list.
--
Jim Jagielski
VP Legal Affairs
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org
Re: JSON License and Apache Projects
Posted by Stian Soiland-Reyes <st...@apache.org>.
On 23 November 2016 at 16:21, Sam Ruby <ru...@intertwingly.net> wrote:
>> BTW, has anybody approached json.org to see if they would change their
>> license?
> I've met with Doug personally many times, and discussed this very
> topic. I don't expect him to change his position.
He occasionally grant an extra license like "I give permission to
$company, its customers, partners and minions, to use this software
for evil". Not sure we would want one like that for ASF.. :-))
This youtube link was shared earlier, showing his reasoning:
https://www.youtube.com/watch?v=-hCimLnIsDA
--
Stian Soiland-Reyes
http://orcid.org/0000-0001-9842-9718
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org
Re: JSON License and Apache Projects
Posted by Jim Jagielski <ji...@jaguNET.com>.
> On Nov 23, 2016, at 11:21 AM, Sam Ruby <ru...@intertwingly.net> wrote:
>
> On Wed, Nov 23, 2016 at 11:11 AM, Alex Harui <ah...@adobe.com> wrote:
>>
>
>> BTW, has anybody approached json.org to see if they would change their
>> license?
>
> I've met with Doug personally many times, and discussed this very
> topic. I don't expect him to change his position.
Heh... same here. I expect he is weary of people asking :)
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org
Re: JSON License and Apache Projects
Posted by Ted Dunning <te...@gmail.com>.
Contacting the maintainer might help.
Otherwise, as you say, caveat emptor.
On Wed, Nov 23, 2016 at 11:22 PM, Alex Harui <ah...@adobe.com> wrote:
> I think our project will replace org.json with some Apache project, but
> I'm wondering if there is any obligation to find a way to keep the POM on
> mvnrepository.com from looking like it is ALv2 . Or is it just
> buyer-beware?
>
> -Alex
>
> From: Ted Dunning <te...@gmail.com>
> Reply-To: "legal-discuss@apache.org" <le...@apache.org>
> Date: Wednesday, November 23, 2016 at 11:10 PM
>
> To: "legal-discuss@apache.org" <le...@apache.org>
> Subject: Re: JSON License and Apache Projects
>
>
> I would avoid dealing with this pom. It is a technical inaccurate
> description of a non-open source licensed piece of software.
>
> If you want an open version of the org.json API, see here:
>
> https://github.com/tdunning/open-json
> https://mvnrepository.com/artifact/com.tdunning/json
>
>
>
> On Wed, Nov 23, 2016 at 10:17 PM, Alex Harui <ah...@adobe.com> wrote:
>
>> I don't use GH much, but I don't see a way to contact the owner or open
>> an issue against that repo. Any suggestions on if and how to deal with
>> this pom?
>>
>> -Alex
>>
>> From: Ted Dunning <te...@gmail.com>
>> Reply-To: "legal-discuss@apache.org" <le...@apache.org>
>> Date: Wednesday, November 23, 2016 at 4:01 PM
>> To: "legal-discuss@apache.org" <le...@apache.org>
>> Subject: Re: JSON License and Apache Projects
>>
>>
>> John,
>>
>> The link that Alex provided ( https://mvnrepository.com/ar
>> tifact/org.codeartisans/org.json/20150729 ) is backed up by this source
>> code:
>>
>> https://github.com/eskatos/org.json-java
>>
>> That source code is purely a pom that packages up the original json.org
>> code. It has no source code whatsoever. The README says just this and
>> inspection of the src/ directory shows no additional or modified content.
>>
>> The license clause is simply mis-leading and wrong. It breaks the
>> problematic do-no-evil clause out into a comment instead of recognizing it
>> as part of the license.
>>
>> <licenses>
>> <license>
>> <name>MIT</name>
>> <url>http://opensource.org/licenses/MIT</url>
>> <distribution>repo</distribution>
>> <comments>The software shall be used for good, not
>> evil.</comments>
>> </license>
>> </licenses>
>>
>>
>>
>>
>>
>> On Wed, Nov 23, 2016 at 12:50 PM, John D. Ament <jo...@apache.org>
>> wrote:
>>
>>>
>>>
>>> On Wed, Nov 23, 2016 at 3:34 PM Sam Ruby <ru...@intertwingly.net> wrote:
>>>
>>>> On Wed, Nov 23, 2016 at 2:07 PM, John D. Ament <jo...@apache.org>
>>>> wrote:
>>>> >
>>>> > On Wed, Nov 23, 2016 at 1:16 PM Sam Ruby <ru...@intertwingly.net>
>>>> wrote:
>>>> >>
>>>> >> On Wed, Nov 23, 2016 at 12:21 PM, Justin Mclean
>>>> >> <ju...@classsoftware.com> wrote:
>>>> >> > Hi,
>>>> >> >
>>>> >> >> MIT is OSI certified, compatible with the GPL, and category A.
>>>> >> >>
>>>> >> >> The JSON license is not OSI certified, not compatible with the
>>>> GPL,
>>>> >> >> and (now) category X.
>>>> >> >
>>>> >> > Yep no disagreement from me there.
>>>> >> >
>>>> >> > I should of said it’s based of the text of the MIT license plus
>>>> the “Do
>>>> >> > good not evil bit” which it probably why the pom states MIT.
>>>> >>
>>>> >> All apples are fruit, but not all fruit are apples.
>>>> >>
>>>> >> Religions, Species, and Software Licenses are all examples of
>>>> >> categories where having a "common ancestor" doesn't mean that two
>>>> >> instances of the superclass are compatible.
>>>> >>
>>>> >> The POM is misleading to the point of being unhelpful and incorrect.
>>>> >
>>>> >
>>>> >
>>>> > Just wondering, what POM are you looking at? The true pom has this
>>>> for its
>>>> > license:
>>>> >
>>>> > <licenses>
>>>> > <license>
>>>> > <name>provided without support or warranty</name>
>>>> > <url>http://www.json.org/license.html</url>
>>>> > </license>
>>>> > </licenses>
>>>> >
>>>> > This is the 20090211 version. Similar for the 20080701 version.
>>>> Prior to
>>>> > it had no license declaration.
>>>>
>>>> Here is the link provided earlier in the thread:
>>>>
>>>> https://mvnrepository.com/artifact/org.codeartisans/org.json/20150729
>>>>
>>>> That page indicates that the JAR is made available under the MIT and
>>>> Apache licenses.
>>>>
>>>
>>> Ok, that's what I'm checking on then. The link Alex pointed out is for
>>> a different artifact (binary compatible), different source code.
>>>
>>> Its similar to the google vs oracle copyright an API case.
>>>
>>>
>>>
>>>>
>>>> - Sam Ruby
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
>>>> For additional commands, e-mail: legal-discuss-help@apache.org
>>>>
>>>>
>>
>
Re: JSON License and Apache Projects
Posted by Alex Harui <ah...@adobe.com>.
I think our project will replace org.json with some Apache project, but I'm wondering if there is any obligation to find a way to keep the POM on mvnrepository.com from looking like it is ALv2 . Or is it just buyer-beware?
-Alex
From: Ted Dunning <te...@gmail.com>>
Reply-To: "legal-discuss@apache.org<ma...@apache.org>" <le...@apache.org>>
Date: Wednesday, November 23, 2016 at 11:10 PM
To: "legal-discuss@apache.org<ma...@apache.org>" <le...@apache.org>>
Subject: Re: JSON License and Apache Projects
I would avoid dealing with this pom. It is a technical inaccurate description of a non-open source licensed piece of software.
If you want an open version of the org.json API, see here:
https://github.com/tdunning/open-json
https://mvnrepository.com/artifact/com.tdunning/json
On Wed, Nov 23, 2016 at 10:17 PM, Alex Harui <ah...@adobe.com>> wrote:
I don't use GH much, but I don't see a way to contact the owner or open an issue against that repo. Any suggestions on if and how to deal with this pom?
-Alex
From: Ted Dunning <te...@gmail.com>>
Reply-To: "legal-discuss@apache.org<ma...@apache.org>" <le...@apache.org>>
Date: Wednesday, November 23, 2016 at 4:01 PM
To: "legal-discuss@apache.org<ma...@apache.org>" <le...@apache.org>>
Subject: Re: JSON License and Apache Projects
John,
The link that Alex provided ( https://mvnrepository.com/artifact/org.codeartisans/org.json/20150729 ) is backed up by this source code:
https://github.com/eskatos/org.json-java
That source code is purely a pom that packages up the original json.org<http://json.org> code. It has no source code whatsoever. The README says just this and inspection of the src/ directory shows no additional or modified content.
The license clause is simply mis-leading and wrong. It breaks the problematic do-no-evil clause out into a comment instead of recognizing it as part of the license.
<licenses>
<license>
<name>MIT</name>
<url>http://opensource.org/licenses/MIT</url>
<distribution>repo</distribution>
<comments>The software shall be used for good, not evil.</comments>
</license>
</licenses>
On Wed, Nov 23, 2016 at 12:50 PM, John D. Ament <jo...@apache.org>> wrote:
On Wed, Nov 23, 2016 at 3:34 PM Sam Ruby <ru...@intertwingly.net>> wrote:
On Wed, Nov 23, 2016 at 2:07 PM, John D. Ament <jo...@apache.org>> wrote:
>
> On Wed, Nov 23, 2016 at 1:16 PM Sam Ruby <ru...@intertwingly.net>> wrote:
>>
>> On Wed, Nov 23, 2016 at 12:21 PM, Justin Mclean
>> <ju...@classsoftware.com>> wrote:
>> > Hi,
>> >
>> >> MIT is OSI certified, compatible with the GPL, and category A.
>> >>
>> >> The JSON license is not OSI certified, not compatible with the GPL,
>> >> and (now) category X.
>> >
>> > Yep no disagreement from me there.
>> >
>> > I should of said it’s based of the text of the MIT license plus the “Do
>> > good not evil bit” which it probably why the pom states MIT.
>>
>> All apples are fruit, but not all fruit are apples.
>>
>> Religions, Species, and Software Licenses are all examples of
>> categories where having a "common ancestor" doesn't mean that two
>> instances of the superclass are compatible.
>>
>> The POM is misleading to the point of being unhelpful and incorrect.
>
>
>
> Just wondering, what POM are you looking at? The true pom has this for its
> license:
>
> <licenses>
> <license>
> <name>provided without support or warranty</name>
> <url>http://www.json.org/license.html</url>
> </license>
> </licenses>
>
> This is the 20090211 version. Similar for the 20080701 version. Prior to
> it had no license declaration.
Here is the link provided earlier in the thread:
https://mvnrepository.com/artifact/org.codeartisans/org.json/20150729
That page indicates that the JAR is made available under the MIT and
Apache licenses.
Ok, that's what I'm checking on then. The link Alex pointed out is for a different artifact (binary compatible), different source code.
Its similar to the google vs oracle copyright an API case.
- Sam Ruby
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org<ma...@apache.org>
For additional commands, e-mail: legal-discuss-help@apache.org<ma...@apache.org>
Re: JSON License and Apache Projects
Posted by Ted Dunning <te...@gmail.com>.
I would avoid dealing with this pom. It is a technical inaccurate
description of a non-open source licensed piece of software.
If you want an open version of the org.json API, see here:
https://github.com/tdunning/open-json
https://mvnrepository.com/artifact/com.tdunning/json
On Wed, Nov 23, 2016 at 10:17 PM, Alex Harui <ah...@adobe.com> wrote:
> I don't use GH much, but I don't see a way to contact the owner or open an
> issue against that repo. Any suggestions on if and how to deal with this
> pom?
>
> -Alex
>
> From: Ted Dunning <te...@gmail.com>
> Reply-To: "legal-discuss@apache.org" <le...@apache.org>
> Date: Wednesday, November 23, 2016 at 4:01 PM
> To: "legal-discuss@apache.org" <le...@apache.org>
> Subject: Re: JSON License and Apache Projects
>
>
> John,
>
> The link that Alex provided ( https://mvnrepository.com/
> artifact/org.codeartisans/org.json/20150729 ) is backed up by this source
> code:
>
> https://github.com/eskatos/org.json-java
>
> That source code is purely a pom that packages up the original json.org
> code. It has no source code whatsoever. The README says just this and
> inspection of the src/ directory shows no additional or modified content.
>
> The license clause is simply mis-leading and wrong. It breaks the
> problematic do-no-evil clause out into a comment instead of recognizing it
> as part of the license.
>
> <licenses>
> <license>
> <name>MIT</name>
> <url>http://opensource.org/licenses/MIT</url>
> <distribution>repo</distribution>
> <comments>The software shall be used for good, not
> evil.</comments>
> </license>
> </licenses>
>
>
>
>
>
> On Wed, Nov 23, 2016 at 12:50 PM, John D. Ament <jo...@apache.org>
> wrote:
>
>>
>>
>> On Wed, Nov 23, 2016 at 3:34 PM Sam Ruby <ru...@intertwingly.net> wrote:
>>
>>> On Wed, Nov 23, 2016 at 2:07 PM, John D. Ament <jo...@apache.org>
>>> wrote:
>>> >
>>> > On Wed, Nov 23, 2016 at 1:16 PM Sam Ruby <ru...@intertwingly.net>
>>> wrote:
>>> >>
>>> >> On Wed, Nov 23, 2016 at 12:21 PM, Justin Mclean
>>> >> <ju...@classsoftware.com> wrote:
>>> >> > Hi,
>>> >> >
>>> >> >> MIT is OSI certified, compatible with the GPL, and category A.
>>> >> >>
>>> >> >> The JSON license is not OSI certified, not compatible with the GPL,
>>> >> >> and (now) category X.
>>> >> >
>>> >> > Yep no disagreement from me there.
>>> >> >
>>> >> > I should of said it’s based of the text of the MIT license plus the
>>> “Do
>>> >> > good not evil bit” which it probably why the pom states MIT.
>>> >>
>>> >> All apples are fruit, but not all fruit are apples.
>>> >>
>>> >> Religions, Species, and Software Licenses are all examples of
>>> >> categories where having a "common ancestor" doesn't mean that two
>>> >> instances of the superclass are compatible.
>>> >>
>>> >> The POM is misleading to the point of being unhelpful and incorrect.
>>> >
>>> >
>>> >
>>> > Just wondering, what POM are you looking at? The true pom has this for
>>> its
>>> > license:
>>> >
>>> > <licenses>
>>> > <license>
>>> > <name>provided without support or warranty</name>
>>> > <url>http://www.json.org/license.html</url>
>>> > </license>
>>> > </licenses>
>>> >
>>> > This is the 20090211 version. Similar for the 20080701 version.
>>> Prior to
>>> > it had no license declaration.
>>>
>>> Here is the link provided earlier in the thread:
>>>
>>> https://mvnrepository.com/artifact/org.codeartisans/org.json/20150729
>>>
>>> That page indicates that the JAR is made available under the MIT and
>>> Apache licenses.
>>>
>>
>> Ok, that's what I'm checking on then. The link Alex pointed out is for a
>> different artifact (binary compatible), different source code.
>>
>> Its similar to the google vs oracle copyright an API case.
>>
>>
>>
>>>
>>> - Sam Ruby
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
>>> For additional commands, e-mail: legal-discuss-help@apache.org
>>>
>>>
>
Re: JSON License and Apache Projects
Posted by Alex Harui <ah...@adobe.com>.
I already got a response that the fix has been published and is propagating. I will try to remember to verify.
From: Alex Harui <ah...@adobe.com>>
Reply-To: "legal-discuss@apache.org<ma...@apache.org>" <le...@apache.org>>
Date: Thursday, November 24, 2016 at 7:24 AM
To: "legal-discuss@apache.org<ma...@apache.org>" <le...@apache.org>>
Subject: Re: JSON License and Apache Projects
I will contact him.
From: "John D. Ament" <jo...@apache.org>>
Reply-To: "legal-discuss@apache.org<ma...@apache.org>" <le...@apache.org>>
Date: Thursday, November 24, 2016 at 5:28 AM
To: "legal-discuss@apache.org<ma...@apache.org>" <le...@apache.org>>
Subject: Re: JSON License and Apache Projects
The guy who published it is a committer/PMC member on Zest. Though I do agree, its generally not a valid release.
John
On Thu, Nov 24, 2016 at 1:18 AM Alex Harui <ah...@adobe.com>> wrote:
I don't use GH much, but I don't see a way to contact the owner or open an issue against that repo. Any suggestions on if and how to deal with this pom?
-Alex
From: Ted Dunning <te...@gmail.com>>
Reply-To: "legal-discuss@apache.org<ma...@apache.org>" <le...@apache.org>>
Date: Wednesday, November 23, 2016 at 4:01 PM
To: "legal-discuss@apache.org<ma...@apache.org>" <le...@apache.org>>
Subject: Re: JSON License and Apache Projects
John,
The link that Alex provided ( https://mvnrepository.com/artifact/org.codeartisans/org.json/20150729 ) is backed up by this source code:
https://github.com/eskatos/org.json-java
That source code is purely a pom that packages up the original json.org<http://json.org> code. It has no source code whatsoever. The README says just this and inspection of the src/ directory shows no additional or modified content.
The license clause is simply mis-leading and wrong. It breaks the problematic do-no-evil clause out into a comment instead of recognizing it as part of the license.
<licenses>
<license>
<name>MIT</name>
<url>http://opensource.org/licenses/MIT</url>
<distribution>repo</distribution>
<comments>The software shall be used for good, not evil.</comments>
</license>
</licenses>
On Wed, Nov 23, 2016 at 12:50 PM, John D. Ament <jo...@apache.org>> wrote:
On Wed, Nov 23, 2016 at 3:34 PM Sam Ruby <ru...@intertwingly.net>> wrote:
On Wed, Nov 23, 2016 at 2:07 PM, John D. Ament <jo...@apache.org>> wrote:
>
> On Wed, Nov 23, 2016 at 1:16 PM Sam Ruby <ru...@intertwingly.net>> wrote:
>>
>> On Wed, Nov 23, 2016 at 12:21 PM, Justin Mclean
>> <ju...@classsoftware.com>> wrote:
>> > Hi,
>> >
>> >> MIT is OSI certified, compatible with the GPL, and category A.
>> >>
>> >> The JSON license is not OSI certified, not compatible with the GPL,
>> >> and (now) category X.
>> >
>> > Yep no disagreement from me there.
>> >
>> > I should of said it’s based of the text of the MIT license plus the “Do
>> > good not evil bit” which it probably why the pom states MIT.
>>
>> All apples are fruit, but not all fruit are apples.
>>
>> Religions, Species, and Software Licenses are all examples of
>> categories where having a "common ancestor" doesn't mean that two
>> instances of the superclass are compatible.
>>
>> The POM is misleading to the point of being unhelpful and incorrect.
>
>
>
> Just wondering, what POM are you looking at? The true pom has this for its
> license:
>
> <licenses>
> <license>
> <name>provided without support or warranty</name>
> <url>http://www.json.org/license.html</url>
> </license>
> </licenses>
>
> This is the 20090211 version. Similar for the 20080701 version. Prior to
> it had no license declaration.
Here is the link provided earlier in the thread:
https://mvnrepository.com/artifact/org.codeartisans/org.json/20150729
That page indicates that the JAR is made available under the MIT and
Apache licenses.
Ok, that's what I'm checking on then. The link Alex pointed out is for a different artifact (binary compatible), different source code.
Its similar to the google vs oracle copyright an API case.
- Sam Ruby
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org<ma...@apache.org>
For additional commands, e-mail: legal-discuss-help@apache.org<ma...@apache.org>
Re: JSON License and Apache Projects
Posted by Alex Harui <ah...@adobe.com>.
I will contact him.
From: "John D. Ament" <jo...@apache.org>>
Reply-To: "legal-discuss@apache.org<ma...@apache.org>" <le...@apache.org>>
Date: Thursday, November 24, 2016 at 5:28 AM
To: "legal-discuss@apache.org<ma...@apache.org>" <le...@apache.org>>
Subject: Re: JSON License and Apache Projects
The guy who published it is a committer/PMC member on Zest. Though I do agree, its generally not a valid release.
John
On Thu, Nov 24, 2016 at 1:18 AM Alex Harui <ah...@adobe.com>> wrote:
I don't use GH much, but I don't see a way to contact the owner or open an issue against that repo. Any suggestions on if and how to deal with this pom?
-Alex
From: Ted Dunning <te...@gmail.com>>
Reply-To: "legal-discuss@apache.org<ma...@apache.org>" <le...@apache.org>>
Date: Wednesday, November 23, 2016 at 4:01 PM
To: "legal-discuss@apache.org<ma...@apache.org>" <le...@apache.org>>
Subject: Re: JSON License and Apache Projects
John,
The link that Alex provided ( https://mvnrepository.com/artifact/org.codeartisans/org.json/20150729 ) is backed up by this source code:
https://github.com/eskatos/org.json-java
That source code is purely a pom that packages up the original json.org<http://json.org> code. It has no source code whatsoever. The README says just this and inspection of the src/ directory shows no additional or modified content.
The license clause is simply mis-leading and wrong. It breaks the problematic do-no-evil clause out into a comment instead of recognizing it as part of the license.
<licenses>
<license>
<name>MIT</name>
<url>http://opensource.org/licenses/MIT</url>
<distribution>repo</distribution>
<comments>The software shall be used for good, not evil.</comments>
</license>
</licenses>
On Wed, Nov 23, 2016 at 12:50 PM, John D. Ament <jo...@apache.org>> wrote:
On Wed, Nov 23, 2016 at 3:34 PM Sam Ruby <ru...@intertwingly.net>> wrote:
On Wed, Nov 23, 2016 at 2:07 PM, John D. Ament <jo...@apache.org>> wrote:
>
> On Wed, Nov 23, 2016 at 1:16 PM Sam Ruby <ru...@intertwingly.net>> wrote:
>>
>> On Wed, Nov 23, 2016 at 12:21 PM, Justin Mclean
>> <ju...@classsoftware.com>> wrote:
>> > Hi,
>> >
>> >> MIT is OSI certified, compatible with the GPL, and category A.
>> >>
>> >> The JSON license is not OSI certified, not compatible with the GPL,
>> >> and (now) category X.
>> >
>> > Yep no disagreement from me there.
>> >
>> > I should of said it’s based of the text of the MIT license plus the “Do
>> > good not evil bit” which it probably why the pom states MIT.
>>
>> All apples are fruit, but not all fruit are apples.
>>
>> Religions, Species, and Software Licenses are all examples of
>> categories where having a "common ancestor" doesn't mean that two
>> instances of the superclass are compatible.
>>
>> The POM is misleading to the point of being unhelpful and incorrect.
>
>
>
> Just wondering, what POM are you looking at? The true pom has this for its
> license:
>
> <licenses>
> <license>
> <name>provided without support or warranty</name>
> <url>http://www.json.org/license.html</url>
> </license>
> </licenses>
>
> This is the 20090211 version. Similar for the 20080701 version. Prior to
> it had no license declaration.
Here is the link provided earlier in the thread:
https://mvnrepository.com/artifact/org.codeartisans/org.json/20150729
That page indicates that the JAR is made available under the MIT and
Apache licenses.
Ok, that's what I'm checking on then. The link Alex pointed out is for a different artifact (binary compatible), different source code.
Its similar to the google vs oracle copyright an API case.
- Sam Ruby
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org<ma...@apache.org>
For additional commands, e-mail: legal-discuss-help@apache.org<ma...@apache.org>
Re: JSON License and Apache Projects
Posted by "John D. Ament" <jo...@apache.org>.
The guy who published it is a committer/PMC member on Zest. Though I do
agree, its generally not a valid release.
John
On Thu, Nov 24, 2016 at 1:18 AM Alex Harui <ah...@adobe.com> wrote:
> I don't use GH much, but I don't see a way to contact the owner or open an
> issue against that repo. Any suggestions on if and how to deal with this
> pom?
>
> -Alex
>
> From: Ted Dunning <te...@gmail.com>
> Reply-To: "legal-discuss@apache.org" <le...@apache.org>
> Date: Wednesday, November 23, 2016 at 4:01 PM
> To: "legal-discuss@apache.org" <le...@apache.org>
> Subject: Re: JSON License and Apache Projects
>
>
> John,
>
> The link that Alex provided (
> https://mvnrepository.com/artifact/org.codeartisans/org.json/20150729 )
> is backed up by this source code:
>
> https://github.com/eskatos/org.json-java
>
> That source code is purely a pom that packages up the original json.org
> code. It has no source code whatsoever. The README says just this and
> inspection of the src/ directory shows no additional or modified content.
>
> The license clause is simply mis-leading and wrong. It breaks the
> problematic do-no-evil clause out into a comment instead of recognizing it
> as part of the license.
>
> <licenses>
> <license>
> <name>MIT</name>
> <url>http://opensource.org/licenses/MIT</url>
> <distribution>repo</distribution>
> <comments>The software shall be used for good, not
> evil.</comments>
> </license>
> </licenses>
>
>
>
>
>
> On Wed, Nov 23, 2016 at 12:50 PM, John D. Ament <jo...@apache.org>
> wrote:
>
>
>
> On Wed, Nov 23, 2016 at 3:34 PM Sam Ruby <ru...@intertwingly.net> wrote:
>
> On Wed, Nov 23, 2016 at 2:07 PM, John D. Ament <jo...@apache.org>
> wrote:
> >
> > On Wed, Nov 23, 2016 at 1:16 PM Sam Ruby <ru...@intertwingly.net> wrote:
> >>
> >> On Wed, Nov 23, 2016 at 12:21 PM, Justin Mclean
> >> <ju...@classsoftware.com> wrote:
> >> > Hi,
> >> >
> >> >> MIT is OSI certified, compatible with the GPL, and category A.
> >> >>
> >> >> The JSON license is not OSI certified, not compatible with the GPL,
> >> >> and (now) category X.
> >> >
> >> > Yep no disagreement from me there.
> >> >
> >> > I should of said it’s based of the text of the MIT license plus the
> “Do
> >> > good not evil bit” which it probably why the pom states MIT.
> >>
> >> All apples are fruit, but not all fruit are apples.
> >>
> >> Religions, Species, and Software Licenses are all examples of
> >> categories where having a "common ancestor" doesn't mean that two
> >> instances of the superclass are compatible.
> >>
> >> The POM is misleading to the point of being unhelpful and incorrect.
> >
> >
> >
> > Just wondering, what POM are you looking at? The true pom has this for
> its
> > license:
> >
> > <licenses>
> > <license>
> > <name>provided without support or warranty</name>
> > <url>http://www.json.org/license.html</url>
> > </license>
> > </licenses>
> >
> > This is the 20090211 version. Similar for the 20080701 version. Prior
> to
> > it had no license declaration.
>
> Here is the link provided earlier in the thread:
>
> https://mvnrepository.com/artifact/org.codeartisans/org.json/20150729
>
> That page indicates that the JAR is made available under the MIT and
> Apache licenses.
>
>
> Ok, that's what I'm checking on then. The link Alex pointed out is for a
> different artifact (binary compatible), different source code.
>
> Its similar to the google vs oracle copyright an API case.
>
>
>
>
> - Sam Ruby
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> For additional commands, e-mail: legal-discuss-help@apache.org
>
>
>
Re: JSON License and Apache Projects
Posted by Alex Harui <ah...@adobe.com>.
I don't use GH much, but I don't see a way to contact the owner or open an issue against that repo. Any suggestions on if and how to deal with this pom?
-Alex
From: Ted Dunning <te...@gmail.com>>
Reply-To: "legal-discuss@apache.org<ma...@apache.org>" <le...@apache.org>>
Date: Wednesday, November 23, 2016 at 4:01 PM
To: "legal-discuss@apache.org<ma...@apache.org>" <le...@apache.org>>
Subject: Re: JSON License and Apache Projects
John,
The link that Alex provided ( https://mvnrepository.com/artifact/org.codeartisans/org.json/20150729 ) is backed up by this source code:
https://github.com/eskatos/org.json-java
That source code is purely a pom that packages up the original json.org<http://json.org> code. It has no source code whatsoever. The README says just this and inspection of the src/ directory shows no additional or modified content.
The license clause is simply mis-leading and wrong. It breaks the problematic do-no-evil clause out into a comment instead of recognizing it as part of the license.
<licenses>
<license>
<name>MIT</name>
<url>http://opensource.org/licenses/MIT</url>
<distribution>repo</distribution>
<comments>The software shall be used for good, not evil.</comments>
</license>
</licenses>
On Wed, Nov 23, 2016 at 12:50 PM, John D. Ament <jo...@apache.org>> wrote:
On Wed, Nov 23, 2016 at 3:34 PM Sam Ruby <ru...@intertwingly.net>> wrote:
On Wed, Nov 23, 2016 at 2:07 PM, John D. Ament <jo...@apache.org>> wrote:
>
> On Wed, Nov 23, 2016 at 1:16 PM Sam Ruby <ru...@intertwingly.net>> wrote:
>>
>> On Wed, Nov 23, 2016 at 12:21 PM, Justin Mclean
>> <ju...@classsoftware.com>> wrote:
>> > Hi,
>> >
>> >> MIT is OSI certified, compatible with the GPL, and category A.
>> >>
>> >> The JSON license is not OSI certified, not compatible with the GPL,
>> >> and (now) category X.
>> >
>> > Yep no disagreement from me there.
>> >
>> > I should of said it’s based of the text of the MIT license plus the “Do
>> > good not evil bit” which it probably why the pom states MIT.
>>
>> All apples are fruit, but not all fruit are apples.
>>
>> Religions, Species, and Software Licenses are all examples of
>> categories where having a "common ancestor" doesn't mean that two
>> instances of the superclass are compatible.
>>
>> The POM is misleading to the point of being unhelpful and incorrect.
>
>
>
> Just wondering, what POM are you looking at? The true pom has this for its
> license:
>
> <licenses>
> <license>
> <name>provided without support or warranty</name>
> <url>http://www.json.org/license.html</url>
> </license>
> </licenses>
>
> This is the 20090211 version. Similar for the 20080701 version. Prior to
> it had no license declaration.
Here is the link provided earlier in the thread:
https://mvnrepository.com/artifact/org.codeartisans/org.json/20150729
That page indicates that the JAR is made available under the MIT and
Apache licenses.
Ok, that's what I'm checking on then. The link Alex pointed out is for a different artifact (binary compatible), different source code.
Its similar to the google vs oracle copyright an API case.
- Sam Ruby
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org<ma...@apache.org>
For additional commands, e-mail: legal-discuss-help@apache.org<ma...@apache.org>
Re: JSON License and Apache Projects
Posted by Ted Dunning <te...@gmail.com>.
John,
The link that Alex provided (
https://mvnrepository.com/artifact/org.codeartisans/org.json/20150729 ) is
backed up by this source code:
https://github.com/eskatos/org.json-java
That source code is purely a pom that packages up the original json.org
code. It has no source code whatsoever. The README says just this and
inspection of the src/ directory shows no additional or modified content.
The license clause is simply mis-leading and wrong. It breaks the
problematic do-no-evil clause out into a comment instead of recognizing it
as part of the license.
<licenses>
<license>
<name>MIT</name>
<url>http://opensource.org/licenses/MIT</url>
<distribution>repo</distribution>
<comments>The software shall be used for good, not
evil.</comments>
</license>
</licenses>
On Wed, Nov 23, 2016 at 12:50 PM, John D. Ament <jo...@apache.org>
wrote:
>
>
> On Wed, Nov 23, 2016 at 3:34 PM Sam Ruby <ru...@intertwingly.net> wrote:
>
>> On Wed, Nov 23, 2016 at 2:07 PM, John D. Ament <jo...@apache.org>
>> wrote:
>> >
>> > On Wed, Nov 23, 2016 at 1:16 PM Sam Ruby <ru...@intertwingly.net>
>> wrote:
>> >>
>> >> On Wed, Nov 23, 2016 at 12:21 PM, Justin Mclean
>> >> <ju...@classsoftware.com> wrote:
>> >> > Hi,
>> >> >
>> >> >> MIT is OSI certified, compatible with the GPL, and category A.
>> >> >>
>> >> >> The JSON license is not OSI certified, not compatible with the GPL,
>> >> >> and (now) category X.
>> >> >
>> >> > Yep no disagreement from me there.
>> >> >
>> >> > I should of said it’s based of the text of the MIT license plus the
>> “Do
>> >> > good not evil bit” which it probably why the pom states MIT.
>> >>
>> >> All apples are fruit, but not all fruit are apples.
>> >>
>> >> Religions, Species, and Software Licenses are all examples of
>> >> categories where having a "common ancestor" doesn't mean that two
>> >> instances of the superclass are compatible.
>> >>
>> >> The POM is misleading to the point of being unhelpful and incorrect.
>> >
>> >
>> >
>> > Just wondering, what POM are you looking at? The true pom has this for
>> its
>> > license:
>> >
>> > <licenses>
>> > <license>
>> > <name>provided without support or warranty</name>
>> > <url>http://www.json.org/license.html</url>
>> > </license>
>> > </licenses>
>> >
>> > This is the 20090211 version. Similar for the 20080701 version. Prior
>> to
>> > it had no license declaration.
>>
>> Here is the link provided earlier in the thread:
>>
>> https://mvnrepository.com/artifact/org.codeartisans/org.json/20150729
>>
>> That page indicates that the JAR is made available under the MIT and
>> Apache licenses.
>>
>
> Ok, that's what I'm checking on then. The link Alex pointed out is for a
> different artifact (binary compatible), different source code.
>
> Its similar to the google vs oracle copyright an API case.
>
>
>
>>
>> - Sam Ruby
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
>> For additional commands, e-mail: legal-discuss-help@apache.org
>>
>>
Re: JSON License and Apache Projects
Posted by "John D. Ament" <jo...@apache.org>.
On Wed, Nov 23, 2016 at 3:34 PM Sam Ruby <ru...@intertwingly.net> wrote:
> On Wed, Nov 23, 2016 at 2:07 PM, John D. Ament <jo...@apache.org>
> wrote:
> >
> > On Wed, Nov 23, 2016 at 1:16 PM Sam Ruby <ru...@intertwingly.net> wrote:
> >>
> >> On Wed, Nov 23, 2016 at 12:21 PM, Justin Mclean
> >> <ju...@classsoftware.com> wrote:
> >> > Hi,
> >> >
> >> >> MIT is OSI certified, compatible with the GPL, and category A.
> >> >>
> >> >> The JSON license is not OSI certified, not compatible with the GPL,
> >> >> and (now) category X.
> >> >
> >> > Yep no disagreement from me there.
> >> >
> >> > I should of said it’s based of the text of the MIT license plus the
> “Do
> >> > good not evil bit” which it probably why the pom states MIT.
> >>
> >> All apples are fruit, but not all fruit are apples.
> >>
> >> Religions, Species, and Software Licenses are all examples of
> >> categories where having a "common ancestor" doesn't mean that two
> >> instances of the superclass are compatible.
> >>
> >> The POM is misleading to the point of being unhelpful and incorrect.
> >
> >
> >
> > Just wondering, what POM are you looking at? The true pom has this for
> its
> > license:
> >
> > <licenses>
> > <license>
> > <name>provided without support or warranty</name>
> > <url>http://www.json.org/license.html</url>
> > </license>
> > </licenses>
> >
> > This is the 20090211 version. Similar for the 20080701 version. Prior
> to
> > it had no license declaration.
>
> Here is the link provided earlier in the thread:
>
> https://mvnrepository.com/artifact/org.codeartisans/org.json/20150729
>
> That page indicates that the JAR is made available under the MIT and
> Apache licenses.
>
Ok, that's what I'm checking on then. The link Alex pointed out is for a
different artifact (binary compatible), different source code.
Its similar to the google vs oracle copyright an API case.
>
> - Sam Ruby
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> For additional commands, e-mail: legal-discuss-help@apache.org
>
>
Re: JSON License and Apache Projects
Posted by Sam Ruby <ru...@intertwingly.net>.
On Wed, Nov 23, 2016 at 2:07 PM, John D. Ament <jo...@apache.org> wrote:
>
> On Wed, Nov 23, 2016 at 1:16 PM Sam Ruby <ru...@intertwingly.net> wrote:
>>
>> On Wed, Nov 23, 2016 at 12:21 PM, Justin Mclean
>> <ju...@classsoftware.com> wrote:
>> > Hi,
>> >
>> >> MIT is OSI certified, compatible with the GPL, and category A.
>> >>
>> >> The JSON license is not OSI certified, not compatible with the GPL,
>> >> and (now) category X.
>> >
>> > Yep no disagreement from me there.
>> >
>> > I should of said it’s based of the text of the MIT license plus the “Do
>> > good not evil bit” which it probably why the pom states MIT.
>>
>> All apples are fruit, but not all fruit are apples.
>>
>> Religions, Species, and Software Licenses are all examples of
>> categories where having a "common ancestor" doesn't mean that two
>> instances of the superclass are compatible.
>>
>> The POM is misleading to the point of being unhelpful and incorrect.
>
>
>
> Just wondering, what POM are you looking at? The true pom has this for its
> license:
>
> <licenses>
> <license>
> <name>provided without support or warranty</name>
> <url>http://www.json.org/license.html</url>
> </license>
> </licenses>
>
> This is the 20090211 version. Similar for the 20080701 version. Prior to
> it had no license declaration.
Here is the link provided earlier in the thread:
https://mvnrepository.com/artifact/org.codeartisans/org.json/20150729
That page indicates that the JAR is made available under the MIT and
Apache licenses.
- Sam Ruby
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org
Re: JSON License and Apache Projects
Posted by "John D. Ament" <jo...@apache.org>.
On Wed, Nov 23, 2016 at 1:16 PM Sam Ruby <ru...@intertwingly.net> wrote:
> On Wed, Nov 23, 2016 at 12:21 PM, Justin Mclean
> <ju...@classsoftware.com> wrote:
> > Hi,
> >
> >> MIT is OSI certified, compatible with the GPL, and category A.
> >>
> >> The JSON license is not OSI certified, not compatible with the GPL,
> >> and (now) category X.
> >
> > Yep no disagreement from me there.
> >
> > I should of said it’s based of the text of the MIT license plus the “Do
> good not evil bit” which it probably why the pom states MIT.
>
> All apples are fruit, but not all fruit are apples.
>
> Religions, Species, and Software Licenses are all examples of
> categories where having a "common ancestor" doesn't mean that two
> instances of the superclass are compatible.
>
> The POM is misleading to the point of being unhelpful and incorrect.
>
Just wondering, what POM are you looking at? The true pom has this for its
license:
<licenses>
<license>
<name>provided without support or warranty</name>
<url>http://www.json.org/license.html</url>
</license>
</licenses>
This is the 20090211 version. Similar for the 20080701 version. Prior to
it had no license declaration.
> > Thanks,
> > Justin
>
> - Sam Ruby
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> For additional commands, e-mail: legal-discuss-help@apache.org
>
>
Re: JSON License and Apache Projects
Posted by Sam Ruby <ru...@intertwingly.net>.
On Wed, Nov 23, 2016 at 12:21 PM, Justin Mclean
<ju...@classsoftware.com> wrote:
> Hi,
>
>> MIT is OSI certified, compatible with the GPL, and category A.
>>
>> The JSON license is not OSI certified, not compatible with the GPL,
>> and (now) category X.
>
> Yep no disagreement from me there.
>
> I should of said it’s based of the text of the MIT license plus the “Do good not evil bit” which it probably why the pom states MIT.
All apples are fruit, but not all fruit are apples.
Religions, Species, and Software Licenses are all examples of
categories where having a "common ancestor" doesn't mean that two
instances of the superclass are compatible.
The POM is misleading to the point of being unhelpful and incorrect.
> Thanks,
> Justin
- Sam Ruby
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org
Re: JSON License and Apache Projects
Posted by Justin Mclean <ju...@classsoftware.com>.
Hi,
> MIT is OSI certified, compatible with the GPL, and category A.
>
> The JSON license is not OSI certified, not compatible with the GPL,
> and (now) category X.
Yep no disagreement from me there.
I should of said it’s based of the text of the MIT license plus the “Do good not evil bit” which it probably why the pom states MIT.
Thanks,
Justin
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org
Re: JSON License and Apache Projects
Posted by Sam Ruby <ru...@intertwingly.net>.
On Wed, Nov 23, 2016 at 12:01 PM, Justin Mclean
<ju...@classsoftware.com> wrote:
> Hi,
>
>> Are the maven coordinates org.json? Does that mean that this link [1]
>> which implies ALv2 and MIT licensing is incorrect?
>
> It’s modified MIT so MIT is sort of right.
MIT is OSI certified, compatible with the GPL, and category A.
The JSON license is not OSI certified, not compatible with the GPL,
and (now) category X.
> The pom contains:
> <licenses>
> <license>
> <name>MIT</name>
> <url>http://opensource.org/licenses/MIT</url>
> <distribution>repo</distribution>
> <comments>The software shall be used for good, not evil.</comments>
> </license>
> </licenses>
The POM is incorrect.
> But the full license text is here. [1]
>
> Also interesting to note FSF consider it non free [2]
>
> Thanks,
> Justin
>
> 1. http://www.json.org/license.html
> 2. http://directory.fsf.org/wiki/License:JSON
- Sam Ruby
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org
Re: JSON License and Apache Projects
Posted by Justin Mclean <ju...@classsoftware.com>.
Hi,
> Are the maven coordinates org.json? Does that mean that this link [1]
> which implies ALv2 and MIT licensing is incorrect?
It’s modified MIT so MIT is sort of right.
The pom contains:
<licenses>
<license>
<name>MIT</name>
<url>http://opensource.org/licenses/MIT</url>
<distribution>repo</distribution>
<comments>The software shall be used for good, not evil.</comments>
</license>
</licenses>
But the full license text is here. [1]
Also interesting to note FSF consider it non free [2]
Thanks,
Justin
1. http://www.json.org/license.html
2. http://directory.fsf.org/wiki/License:JSON
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org
Re: JSON License and Apache Projects
Posted by Alex Harui <ah...@adobe.com>.
On 11/23/16, 8:21 AM, "sa3ruby@gmail.com on behalf of Sam Ruby"
<sa3ruby@gmail.com on behalf of rubys@intertwingly.net> wrote:
>> BTW, has anybody approached json.org to see if they would change their
>> license?
>
>I've met with Doug personally many times, and discussed this very
>topic. I don't expect him to change his position.
Are the maven coordinates org.json? Does that mean that this link [1]
which implies ALv2 and MIT licensing is incorrect?
-Alex
[1] https://mvnrepository.com/artifact/org.codeartisans/org.json
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org
Re: JSON License and Apache Projects
Posted by Sam Ruby <ru...@intertwingly.net>.
On Wed, Nov 23, 2016 at 11:11 AM, Alex Harui <ah...@adobe.com> wrote:
>
> On 11/23/16, 7:26 AM, "Paul Libbrecht" <pa...@hoplahup.net> wrote:
>
>>On 23 Nov 2016, at 16:10, Jim Jagielski <ji...@jaguNET.com> wrote:
>>> Something can't be called Open Source unless it is, well, Open Source
>>> and OSI (and the FSF) are the ones who determine what is and is not.
>>
>>I’ve seen lawyers dispute the OSI right to define that a license is an
>>open-source license.
>>
>>I agree with Sam that we should claim that the foundation has deemed it
>>not open-source and not that OSI has, and maybe assert that the reason
>>was non-verifiability.
>
> I thought the reason was the "no evil" clause. Why can't we say that that
> clause was too open to interpretation to be meet the ASF requirement of
> "brain-dead easy to consume"?
Concurring with OSI's conclusion on this one license is indeed the correct path.
I agree with Paul that no corporation or foundation should abdicate
their role and responsibility for evaluating licenses. That being
said, I do believe that OSI is a source that we should consult with
and weigh heavily.
> BTW, has anybody approached json.org to see if they would change their
> license?
I've met with Doug personally many times, and discussed this very
topic. I don't expect him to change his position.
> -Alex
- Sam Ruby
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org
Re: JSON License and Apache Projects
Posted by Alex Harui <ah...@adobe.com>.
On 11/23/16, 7:26 AM, "Paul Libbrecht" <pa...@hoplahup.net> wrote:
>
>On 23 Nov 2016, at 16:10, Jim Jagielski <ji...@jaguNET.com> wrote:
>> Something can't be called Open Source unless it is, well, Open Source
>> and OSI (and the FSF) are the ones who determine what is and is not.
>
>I’ve seen lawyers dispute the OSI right to define that a license is an
>open-source license.
>
>I agree with Sam that we should claim that the foundation has deemed it
>not open-source and not that OSI has, and maybe assert that the reason
>was non-verifiability.
I thought the reason was the "no evil" clause. Why can't we say that that
clause was too open to interpretation to be meet the ASF requirement of
"brain-dead easy to consume"?
BTW, has anybody approached json.org to see if they would change their
license?
-Alex
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org
Re: JSON License and Apache Projects
Posted by Jim Jagielski <ji...@jaguNET.com>.
> On Nov 23, 2016, at 10:26 AM, Paul Libbrecht <pa...@hoplahup.net> wrote:
>
>
> On 23 Nov 2016, at 16:10, Jim Jagielski <ji...@jaguNET.com> wrote:
>> Something can't be called Open Source unless it is, well, Open Source
>> and OSI (and the FSF) are the ones who determine what is and is not.
>
> I’ve seen lawyers dispute the OSI right to define that a license is an open-source license.
>
> I agree with Sam that we should claim that the foundation has deemed it not open-source and not that OSI has, and maybe assert that the reason was non-verifiability.
>
I stand by what I say. If we want to say we concur w/ OSI, that's fine.
But I refuse to imply that the ASF is a definer of what is,
and is not, Open Source. Period.
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org
Re: JSON License and Apache Projects
Posted by Paul Libbrecht <pa...@hoplahup.net>.
On 23 Nov 2016, at 16:10, Jim Jagielski <ji...@jaguNET.com> wrote:
> Something can't be called Open Source unless it is, well, Open Source
> and OSI (and the FSF) are the ones who determine what is and is not.
I’ve seen lawyers dispute the OSI right to define that a license is an open-source license.
I agree with Sam that we should claim that the foundation has deemed it not open-source and not that OSI has, and maybe assert that the reason was non-verifiability.
Paul
Re: JSON License and Apache Projects
Posted by Sam Ruby <ru...@intertwingly.net>.
On Wed, Nov 23, 2016 at 10:10 AM, Jim Jagielski <ji...@jagunet.com> wrote:
>
>> On Nov 23, 2016, at 9:59 AM, Sam Ruby <ru...@intertwingly.net> wrote:
>>
>> On Wed, Nov 23, 2016 at 9:08 AM, Jim Jagielski <ji...@apache.org> wrote:
>>>
>>> As compelling as that is, the fact is that the JSON license
>>> itself is not OSI approved and is therefore not, by definition,
>>> an "Open Source license" and, as such, cannot be considered as
>>> one which is acceptable as related to categories.
>>
>> Just a small note, the WTFPL is not OSI approved. While I agree with
>> the recategorization of the JSON license; and the fact that we should
>> take into consideration the evaluation of what OSI and others make of
>> licenses; I don't think we should gate any of our decisions on an
>> external entity.
>
> Something can't be called Open Source unless it is, well, Open Source
> and OSI (and the FSF) are the ones who determine what is and is not.
>
> Again, this comes down to the basic tenet that we want consumption and
> usage of ASF projects to be as "brain dead easy" as possible. By having
> a non-OSI license in there, it encourages the legal dept to get
> involved, which disrupts that "easy as possible" meme.
Should the WTFPL be reclassified then?
- Sam Ruby
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org
Re: JSON License and Apache Projects
Posted by Jim Jagielski <ji...@jaguNET.com>.
> On Nov 23, 2016, at 9:59 AM, Sam Ruby <ru...@intertwingly.net> wrote:
>
> On Wed, Nov 23, 2016 at 9:08 AM, Jim Jagielski <ji...@apache.org> wrote:
>>
>> As compelling as that is, the fact is that the JSON license
>> itself is not OSI approved and is therefore not, by definition,
>> an "Open Source license" and, as such, cannot be considered as
>> one which is acceptable as related to categories.
>
> Just a small note, the WTFPL is not OSI approved. While I agree with
> the recategorization of the JSON license; and the fact that we should
> take into consideration the evaluation of what OSI and others make of
> licenses; I don't think we should gate any of our decisions on an
> external entity.
>
Something can't be called Open Source unless it is, well, Open Source
and OSI (and the FSF) are the ones who determine what is and is not.
Again, this comes down to the basic tenet that we want consumption and
usage of ASF projects to be as "brain dead easy" as possible. By having
a non-OSI license in there, it encourages the legal dept to get
involved, which disrupts that "easy as possible" meme.
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org
Re: JSON License and Apache Projects
Posted by Sam Ruby <ru...@intertwingly.net>.
On Wed, Nov 23, 2016 at 9:08 AM, Jim Jagielski <ji...@apache.org> wrote:
>
> As compelling as that is, the fact is that the JSON license
> itself is not OSI approved and is therefore not, by definition,
> an "Open Source license" and, as such, cannot be considered as
> one which is acceptable as related to categories.
Just a small note, the WTFPL is not OSI approved. While I agree with
the recategorization of the JSON license; and the fact that we should
take into consideration the evaluation of what OSI and others make of
licenses; I don't think we should gate any of our decisions on an
external entity.
- Sam Ruby
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org
Re: JSON License and Apache Projects
Posted by Stian Soiland-Reyes <st...@apache.org>.
Yes, please forward - although this thread has not yet shown up in the
archive at:
https://lists.apache.org/list.html?legal-discuss@apache.org
There's a corresponding private legal list which should NOT be
forwarded from and should be used for confidential cases:
legal-internal@apache.org
On 23 November 2016 at 14:51, Martijn Dashorst
<ma...@gmail.com> wrote:
> Is this a public list, and can I forward this to our dev@ list?
>
> Martijn
>
>
> On Wed, Nov 23, 2016 at 3:08 PM, Jim Jagielski <ji...@apache.org> wrote:
>> As some of you may know, recently the JSON License has been
>> moved to Category X (https://www.apache.org/legal/resolved#category-x).
>>
>> I understand that this has impacted some projects, especially
>> those in the midst of doing a release. I also understand that
>> up until now, really, there has been no real "outcry" over our
>> usage of it, especially from end-users and other consumers of
>> our projects which use it.
>>
>> As compelling as that is, the fact is that the JSON license
>> itself is not OSI approved and is therefore not, by definition,
>> an "Open Source license" and, as such, cannot be considered as
>> one which is acceptable as related to categories.
>>
>> Therefore, w/ my VP Legal hat on, I am making the following
>> statements:
>>
>> o No new project, sub-project or codebase, which has not
>> used JSON licensed jars (or similar), are allowed to use
>> them. In other words, if you haven't been using them, you
>> aren't allowed to start. It is Cat-X.
>>
>> o If you have been using it, and have done so in a *release*,
>> AND there has been NO pushback from your community/eco-system,
>> you have a temporary exclusion from the Cat-X classification thru
>> April 30, 2017. At that point in time, ANY and ALL usage
>> of these JSON licensed artifacts are DISALLOWED. You must
>> either find a suitably licensed replacement, or do without.
>> There will be NO exceptions.
>>
>> o Any situation not covered by the above is an implicit
>> DISALLOWAL of usage.
>>
>> Also please note that in the 2nd situation (where a temporary
>> exclusion has been granted), you MUST ensure that NOTICE explicitly
>> notifies the end-user that a JSON licensed artifact exists. They
>> may not be aware of it up to now, and that MUST be addressed.
>>
>> If there are any questions, please ask on the legal-discuss@a.o
>> list.
>>
>> --
>> Jim Jagielski
>> VP Legal Affairs
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
>> For additional commands, e-mail: legal-discuss-help@apache.org
>>
>
>
>
> --
> Become a Wicket expert, learn from the best: http://wicketinaction.com
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> For additional commands, e-mail: legal-discuss-help@apache.org
>
--
Stian Soiland-Reyes
http://orcid.org/0000-0001-9842-9718
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org
Re: JSON License and Apache Projects
Posted by Jim Jagielski <ji...@jaguNET.com>.
Yes. It is also on board@ so all PMC chairs should now
be aware of this!
> On Nov 23, 2016, at 9:51 AM, Martijn Dashorst <ma...@gmail.com> wrote:
>
> Is this a public list, and can I forward this to our dev@ list?
>
> Martijn
>
>
> On Wed, Nov 23, 2016 at 3:08 PM, Jim Jagielski <ji...@apache.org> wrote:
>> As some of you may know, recently the JSON License has been
>> moved to Category X (https://www.apache.org/legal/resolved#category-x).
>>
>> I understand that this has impacted some projects, especially
>> those in the midst of doing a release. I also understand that
>> up until now, really, there has been no real "outcry" over our
>> usage of it, especially from end-users and other consumers of
>> our projects which use it.
>>
>> As compelling as that is, the fact is that the JSON license
>> itself is not OSI approved and is therefore not, by definition,
>> an "Open Source license" and, as such, cannot be considered as
>> one which is acceptable as related to categories.
>>
>> Therefore, w/ my VP Legal hat on, I am making the following
>> statements:
>>
>> o No new project, sub-project or codebase, which has not
>> used JSON licensed jars (or similar), are allowed to use
>> them. In other words, if you haven't been using them, you
>> aren't allowed to start. It is Cat-X.
>>
>> o If you have been using it, and have done so in a *release*,
>> AND there has been NO pushback from your community/eco-system,
>> you have a temporary exclusion from the Cat-X classification thru
>> April 30, 2017. At that point in time, ANY and ALL usage
>> of these JSON licensed artifacts are DISALLOWED. You must
>> either find a suitably licensed replacement, or do without.
>> There will be NO exceptions.
>>
>> o Any situation not covered by the above is an implicit
>> DISALLOWAL of usage.
>>
>> Also please note that in the 2nd situation (where a temporary
>> exclusion has been granted), you MUST ensure that NOTICE explicitly
>> notifies the end-user that a JSON licensed artifact exists. They
>> may not be aware of it up to now, and that MUST be addressed.
>>
>> If there are any questions, please ask on the legal-discuss@a.o
>> list.
>>
>> --
>> Jim Jagielski
>> VP Legal Affairs
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
>> For additional commands, e-mail: legal-discuss-help@apache.org
>>
>
>
>
> --
> Become a Wicket expert, learn from the best: http://wicketinaction.com
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> For additional commands, e-mail: legal-discuss-help@apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org
Re: JSON License and Apache Projects
Posted by Martijn Dashorst <ma...@gmail.com>.
Is this a public list, and can I forward this to our dev@ list?
Martijn
On Wed, Nov 23, 2016 at 3:08 PM, Jim Jagielski <ji...@apache.org> wrote:
> As some of you may know, recently the JSON License has been
> moved to Category X (https://www.apache.org/legal/resolved#category-x).
>
> I understand that this has impacted some projects, especially
> those in the midst of doing a release. I also understand that
> up until now, really, there has been no real "outcry" over our
> usage of it, especially from end-users and other consumers of
> our projects which use it.
>
> As compelling as that is, the fact is that the JSON license
> itself is not OSI approved and is therefore not, by definition,
> an "Open Source license" and, as such, cannot be considered as
> one which is acceptable as related to categories.
>
> Therefore, w/ my VP Legal hat on, I am making the following
> statements:
>
> o No new project, sub-project or codebase, which has not
> used JSON licensed jars (or similar), are allowed to use
> them. In other words, if you haven't been using them, you
> aren't allowed to start. It is Cat-X.
>
> o If you have been using it, and have done so in a *release*,
> AND there has been NO pushback from your community/eco-system,
> you have a temporary exclusion from the Cat-X classification thru
> April 30, 2017. At that point in time, ANY and ALL usage
> of these JSON licensed artifacts are DISALLOWED. You must
> either find a suitably licensed replacement, or do without.
> There will be NO exceptions.
>
> o Any situation not covered by the above is an implicit
> DISALLOWAL of usage.
>
> Also please note that in the 2nd situation (where a temporary
> exclusion has been granted), you MUST ensure that NOTICE explicitly
> notifies the end-user that a JSON licensed artifact exists. They
> may not be aware of it up to now, and that MUST be addressed.
>
> If there are any questions, please ask on the legal-discuss@a.o
> list.
>
> --
> Jim Jagielski
> VP Legal Affairs
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> For additional commands, e-mail: legal-discuss-help@apache.org
>
--
Become a Wicket expert, learn from the best: http://wicketinaction.com
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org
Re: JSON License and Apache Projects
Posted by Sebastien <se...@gmail.com>.
I'm +1 for jackson. We already use it in wicket-extensions
https://github.com/apache/wicket/blob/master/wicket-extensions/src/main/java/org/apache/wicket/extensions/requestlogger/JsonRequestLogger.java#L22
Moreover, I'm personally fine to rely on a 3rd party library for JSON
objects. That way you can use the same library back-end side and get the
JSON objects back (no deserialization issues, which is not true if a
specific JSON lib is front-end side only, like for our JSON internal lib)
On Wed, Nov 23, 2016 at 5:16 PM, Martijn Dashorst <
martijn.dashorst@gmail.com> wrote:
> Another option would be to use jackson and use the JSON classes in
> Wicket as API wrappers.
>
> Martijn
>
Re: JSON License and Apache Projects
Posted by Martijn Dashorst <ma...@gmail.com>.
Another option would be to use jackson and use the JSON classes in
Wicket as API wrappers.
Martijn
On Wed, Nov 23, 2016 at 5:16 PM, Martijn Dashorst
<ma...@gmail.com> wrote:
> Ted Dunning has created this package:
>
> https://github.com/tdunning/open-json
>
> Martijn
>
>
> On Wed, Nov 23, 2016 at 5:13 PM, Martijn Dashorst
> <ma...@gmail.com> wrote:
>> OK,
>>
>> So we need to exorcise the JSON code from our project. This has to be
>> done in all active branches.
>>
>> It also occurred to me that the licensing for these files is
>> incorrectly implemented: the JSON license should also be in /licenses
>> so that the release script will add it to the LICENSE file upon
>> release.
>>
>> Martijn
>>
>>
>> On Wed, Nov 23, 2016 at 4:51 PM, Sebastien <se...@gmail.com> wrote:
>>> Looking at
>>> https://github.com/apache/wicket/blob/master/wicket-core/src/main/java/org/apache/wicket/ajax/json/README
>>>
>>> The link https://github.com/douglascrockford/JSON-java redirects to
>>> https://github.com/stleary/JSON-java/
>>>
>>> And, https://github.com/stleary/JSON-java/blob/master/LICENSE indicates
>>> that the library is JSON.org licensed.
>>> So, is our copy be affected by the new license terms?
>>>
>>>
>>>
>>> On Wed, Nov 23, 2016 at 4:43 PM, Martin Grigorov <mg...@apache.org>
>>> wrote:
>>>
>>>> We do not depend on it but use a copy of it:
>>>> https://github.com/apache/wicket/tree/master/wicket-
>>>> core/src/main/java/org/apache/wicket/ajax/json
>>>>
>>>> Martin Grigorov
>>>> Wicket Training and Consulting
>>>> https://twitter.com/mtgrigorov
>>>>
>>>> On Wed, Nov 23, 2016 at 4:36 PM, Martijn Dashorst <da...@apache.org>
>>>> wrote:
>>>>
>>>> > FYI: the json.org library for parsing and generating JSON documents
>>>> > is now category X, which means it is prohibited from being included
>>>> > in Apache releases.
>>>> >
>>>> > As far as I know we are not exposed, but we should be diligent and
>>>> > make note of this and replace if we do have a (transitive)
>>>> > dependency.
>>>> >
>>>> > The issue is the "don't use this for evil" clause, that makes it hard to
>>>> > get past legal departments without any issue. The license is also not
>>>> > approved by the OSI, and therefore moved to the category X.
>>>> >
>>>> > Martijn
>>>> >
>>>> >
>>>> >
>>>> > ---------- Forwarded message ----------
>>>> > From: Jim Jagielski <ji...@apache.org>
>>>> > Date: Wed, Nov 23, 2016 at 3:08 PM
>>>> > Subject: JSON License and Apache Projects
>>>> > To: legal-discuss@apache.org
>>>> >
>>>> >
>>>> > As some of you may know, recently the JSON License has been
>>>> > moved to Category X (https://www.apache.org/legal/resolved#category-x).
>>>> >
>>>> > I understand that this has impacted some projects, especially
>>>> > those in the midst of doing a release. I also understand that
>>>> > up until now, really, there has been no real "outcry" over our
>>>> > usage of it, especially from end-users and other consumers of
>>>> > our projects which use it.
>>>> >
>>>> > As compelling as that is, the fact is that the JSON license
>>>> > itself is not OSI approved and is therefore not, by definition,
>>>> > an "Open Source license" and, as such, cannot be considered as
>>>> > one which is acceptable as related to categories.
>>>> >
>>>> > Therefore, w/ my VP Legal hat on, I am making the following
>>>> > statements:
>>>> >
>>>> > o No new project, sub-project or codebase, which has not
>>>> > used JSON licensed jars (or similar), are allowed to use
>>>> > them. In other words, if you haven't been using them, you
>>>> > aren't allowed to start. It is Cat-X.
>>>> >
>>>> > o If you have been using it, and have done so in a *release*,
>>>> > AND there has been NO pushback from your community/eco-system,
>>>> > you have a temporary exclusion from the Cat-X classification thru
>>>> > April 30, 2017. At that point in time, ANY and ALL usage
>>>> > of these JSON licensed artifacts are DISALLOWED. You must
>>>> > either find a suitably licensed replacement, or do without.
>>>> > There will be NO exceptions.
>>>> >
>>>> > o Any situation not covered by the above is an implicit
>>>> > DISALLOWAL of usage.
>>>> >
>>>> > Also please note that in the 2nd situation (where a temporary
>>>> > exclusion has been granted), you MUST ensure that NOTICE explicitly
>>>> > notifies the end-user that a JSON licensed artifact exists. They
>>>> > may not be aware of it up to now, and that MUST be addressed.
>>>> >
>>>> > If there are any questions, please ask on the legal-discuss@a.o
>>>> > list.
>>>> >
>>>> > --
>>>> > Jim Jagielski
>>>> > VP Legal Affairs
>>>> >
>>>> >
>>>> > ---------------------------------------------------------------------
>>>> > To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
>>>> > For additional commands, e-mail: legal-discuss-help@apache.org
>>>> >
>>>>
>>
>>
>>
>> --
>> Become a Wicket expert, learn from the best: http://wicketinaction.com
>
>
>
> --
> Become a Wicket expert, learn from the best: http://wicketinaction.com
--
Become a Wicket expert, learn from the best: http://wicketinaction.com
Re: JSON License and Apache Projects
Posted by Martijn Dashorst <ma...@gmail.com>.
Ted Dunning has created this package:
https://github.com/tdunning/open-json
Martijn
On Wed, Nov 23, 2016 at 5:13 PM, Martijn Dashorst
<ma...@gmail.com> wrote:
> OK,
>
> So we need to exorcise the JSON code from our project. This has to be
> done in all active branches.
>
> It also occurred to me that the licensing for these files is
> incorrectly implemented: the JSON license should also be in /licenses
> so that the release script will add it to the LICENSE file upon
> release.
>
> Martijn
>
>
> On Wed, Nov 23, 2016 at 4:51 PM, Sebastien <se...@gmail.com> wrote:
>> Looking at
>> https://github.com/apache/wicket/blob/master/wicket-core/src/main/java/org/apache/wicket/ajax/json/README
>>
>> The link https://github.com/douglascrockford/JSON-java redirects to
>> https://github.com/stleary/JSON-java/
>>
>> And, https://github.com/stleary/JSON-java/blob/master/LICENSE indicates
>> that the library is JSON.org licensed.
>> So, is our copy be affected by the new license terms?
>>
>>
>>
>> On Wed, Nov 23, 2016 at 4:43 PM, Martin Grigorov <mg...@apache.org>
>> wrote:
>>
>>> We do not depend on it but use a copy of it:
>>> https://github.com/apache/wicket/tree/master/wicket-
>>> core/src/main/java/org/apache/wicket/ajax/json
>>>
>>> Martin Grigorov
>>> Wicket Training and Consulting
>>> https://twitter.com/mtgrigorov
>>>
>>> On Wed, Nov 23, 2016 at 4:36 PM, Martijn Dashorst <da...@apache.org>
>>> wrote:
>>>
>>> > FYI: the json.org library for parsing and generating JSON documents
>>> > is now category X, which means it is prohibited from being included
>>> > in Apache releases.
>>> >
>>> > As far as I know we are not exposed, but we should be diligent and
>>> > make note of this and replace if we do have a (transitive)
>>> > dependency.
>>> >
>>> > The issue is the "don't use this for evil" clause, that makes it hard to
>>> > get past legal departments without any issue. The license is also not
>>> > approved by the OSI, and therefore moved to the category X.
>>> >
>>> > Martijn
>>> >
>>> >
>>> >
>>> > ---------- Forwarded message ----------
>>> > From: Jim Jagielski <ji...@apache.org>
>>> > Date: Wed, Nov 23, 2016 at 3:08 PM
>>> > Subject: JSON License and Apache Projects
>>> > To: legal-discuss@apache.org
>>> >
>>> >
>>> > As some of you may know, recently the JSON License has been
>>> > moved to Category X (https://www.apache.org/legal/resolved#category-x).
>>> >
>>> > I understand that this has impacted some projects, especially
>>> > those in the midst of doing a release. I also understand that
>>> > up until now, really, there has been no real "outcry" over our
>>> > usage of it, especially from end-users and other consumers of
>>> > our projects which use it.
>>> >
>>> > As compelling as that is, the fact is that the JSON license
>>> > itself is not OSI approved and is therefore not, by definition,
>>> > an "Open Source license" and, as such, cannot be considered as
>>> > one which is acceptable as related to categories.
>>> >
>>> > Therefore, w/ my VP Legal hat on, I am making the following
>>> > statements:
>>> >
>>> > o No new project, sub-project or codebase, which has not
>>> > used JSON licensed jars (or similar), are allowed to use
>>> > them. In other words, if you haven't been using them, you
>>> > aren't allowed to start. It is Cat-X.
>>> >
>>> > o If you have been using it, and have done so in a *release*,
>>> > AND there has been NO pushback from your community/eco-system,
>>> > you have a temporary exclusion from the Cat-X classification thru
>>> > April 30, 2017. At that point in time, ANY and ALL usage
>>> > of these JSON licensed artifacts are DISALLOWED. You must
>>> > either find a suitably licensed replacement, or do without.
>>> > There will be NO exceptions.
>>> >
>>> > o Any situation not covered by the above is an implicit
>>> > DISALLOWAL of usage.
>>> >
>>> > Also please note that in the 2nd situation (where a temporary
>>> > exclusion has been granted), you MUST ensure that NOTICE explicitly
>>> > notifies the end-user that a JSON licensed artifact exists. They
>>> > may not be aware of it up to now, and that MUST be addressed.
>>> >
>>> > If there are any questions, please ask on the legal-discuss@a.o
>>> > list.
>>> >
>>> > --
>>> > Jim Jagielski
>>> > VP Legal Affairs
>>> >
>>> >
>>> > ---------------------------------------------------------------------
>>> > To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
>>> > For additional commands, e-mail: legal-discuss-help@apache.org
>>> >
>>>
>
>
>
> --
> Become a Wicket expert, learn from the best: http://wicketinaction.com
--
Become a Wicket expert, learn from the best: http://wicketinaction.com
Re: JSON License and Apache Projects
Posted by Martijn Dashorst <ma...@gmail.com>.
OK,
So we need to exorcise the JSON code from our project. This has to be
done in all active branches.
It also occurred to me that the licensing for these files is
incorrectly implemented: the JSON license should also be in /licenses
so that the release script will add it to the LICENSE file upon
release.
Martijn
On Wed, Nov 23, 2016 at 4:51 PM, Sebastien <se...@gmail.com> wrote:
> Looking at
> https://github.com/apache/wicket/blob/master/wicket-core/src/main/java/org/apache/wicket/ajax/json/README
>
> The link https://github.com/douglascrockford/JSON-java redirects to
> https://github.com/stleary/JSON-java/
>
> And, https://github.com/stleary/JSON-java/blob/master/LICENSE indicates
> that the library is JSON.org licensed.
> So, is our copy be affected by the new license terms?
>
>
>
> On Wed, Nov 23, 2016 at 4:43 PM, Martin Grigorov <mg...@apache.org>
> wrote:
>
>> We do not depend on it but use a copy of it:
>> https://github.com/apache/wicket/tree/master/wicket-
>> core/src/main/java/org/apache/wicket/ajax/json
>>
>> Martin Grigorov
>> Wicket Training and Consulting
>> https://twitter.com/mtgrigorov
>>
>> On Wed, Nov 23, 2016 at 4:36 PM, Martijn Dashorst <da...@apache.org>
>> wrote:
>>
>> > FYI: the json.org library for parsing and generating JSON documents
>> > is now category X, which means it is prohibited from being included
>> > in Apache releases.
>> >
>> > As far as I know we are not exposed, but we should be diligent and
>> > make note of this and replace if we do have a (transitive)
>> > dependency.
>> >
>> > The issue is the "don't use this for evil" clause, that makes it hard to
>> > get past legal departments without any issue. The license is also not
>> > approved by the OSI, and therefore moved to the category X.
>> >
>> > Martijn
>> >
>> >
>> >
>> > ---------- Forwarded message ----------
>> > From: Jim Jagielski <ji...@apache.org>
>> > Date: Wed, Nov 23, 2016 at 3:08 PM
>> > Subject: JSON License and Apache Projects
>> > To: legal-discuss@apache.org
>> >
>> >
>> > As some of you may know, recently the JSON License has been
>> > moved to Category X (https://www.apache.org/legal/resolved#category-x).
>> >
>> > I understand that this has impacted some projects, especially
>> > those in the midst of doing a release. I also understand that
>> > up until now, really, there has been no real "outcry" over our
>> > usage of it, especially from end-users and other consumers of
>> > our projects which use it.
>> >
>> > As compelling as that is, the fact is that the JSON license
>> > itself is not OSI approved and is therefore not, by definition,
>> > an "Open Source license" and, as such, cannot be considered as
>> > one which is acceptable as related to categories.
>> >
>> > Therefore, w/ my VP Legal hat on, I am making the following
>> > statements:
>> >
>> > o No new project, sub-project or codebase, which has not
>> > used JSON licensed jars (or similar), are allowed to use
>> > them. In other words, if you haven't been using them, you
>> > aren't allowed to start. It is Cat-X.
>> >
>> > o If you have been using it, and have done so in a *release*,
>> > AND there has been NO pushback from your community/eco-system,
>> > you have a temporary exclusion from the Cat-X classification thru
>> > April 30, 2017. At that point in time, ANY and ALL usage
>> > of these JSON licensed artifacts are DISALLOWED. You must
>> > either find a suitably licensed replacement, or do without.
>> > There will be NO exceptions.
>> >
>> > o Any situation not covered by the above is an implicit
>> > DISALLOWAL of usage.
>> >
>> > Also please note that in the 2nd situation (where a temporary
>> > exclusion has been granted), you MUST ensure that NOTICE explicitly
>> > notifies the end-user that a JSON licensed artifact exists. They
>> > may not be aware of it up to now, and that MUST be addressed.
>> >
>> > If there are any questions, please ask on the legal-discuss@a.o
>> > list.
>> >
>> > --
>> > Jim Jagielski
>> > VP Legal Affairs
>> >
>> >
>> > ---------------------------------------------------------------------
>> > To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
>> > For additional commands, e-mail: legal-discuss-help@apache.org
>> >
>>
--
Become a Wicket expert, learn from the best: http://wicketinaction.com
Re: JSON License and Apache Projects
Posted by Sebastien <se...@gmail.com>.
Looking at
https://github.com/apache/wicket/blob/master/wicket-core/src/main/java/org/apache/wicket/ajax/json/README
The link https://github.com/douglascrockford/JSON-java redirects to
https://github.com/stleary/JSON-java/
And, https://github.com/stleary/JSON-java/blob/master/LICENSE indicates
that the library is JSON.org licensed.
So, is our copy be affected by the new license terms?
On Wed, Nov 23, 2016 at 4:43 PM, Martin Grigorov <mg...@apache.org>
wrote:
> We do not depend on it but use a copy of it:
> https://github.com/apache/wicket/tree/master/wicket-
> core/src/main/java/org/apache/wicket/ajax/json
>
> Martin Grigorov
> Wicket Training and Consulting
> https://twitter.com/mtgrigorov
>
> On Wed, Nov 23, 2016 at 4:36 PM, Martijn Dashorst <da...@apache.org>
> wrote:
>
> > FYI: the json.org library for parsing and generating JSON documents
> > is now category X, which means it is prohibited from being included
> > in Apache releases.
> >
> > As far as I know we are not exposed, but we should be diligent and
> > make note of this and replace if we do have a (transitive)
> > dependency.
> >
> > The issue is the "don't use this for evil" clause, that makes it hard to
> > get past legal departments without any issue. The license is also not
> > approved by the OSI, and therefore moved to the category X.
> >
> > Martijn
> >
> >
> >
> > ---------- Forwarded message ----------
> > From: Jim Jagielski <ji...@apache.org>
> > Date: Wed, Nov 23, 2016 at 3:08 PM
> > Subject: JSON License and Apache Projects
> > To: legal-discuss@apache.org
> >
> >
> > As some of you may know, recently the JSON License has been
> > moved to Category X (https://www.apache.org/legal/resolved#category-x).
> >
> > I understand that this has impacted some projects, especially
> > those in the midst of doing a release. I also understand that
> > up until now, really, there has been no real "outcry" over our
> > usage of it, especially from end-users and other consumers of
> > our projects which use it.
> >
> > As compelling as that is, the fact is that the JSON license
> > itself is not OSI approved and is therefore not, by definition,
> > an "Open Source license" and, as such, cannot be considered as
> > one which is acceptable as related to categories.
> >
> > Therefore, w/ my VP Legal hat on, I am making the following
> > statements:
> >
> > o No new project, sub-project or codebase, which has not
> > used JSON licensed jars (or similar), are allowed to use
> > them. In other words, if you haven't been using them, you
> > aren't allowed to start. It is Cat-X.
> >
> > o If you have been using it, and have done so in a *release*,
> > AND there has been NO pushback from your community/eco-system,
> > you have a temporary exclusion from the Cat-X classification thru
> > April 30, 2017. At that point in time, ANY and ALL usage
> > of these JSON licensed artifacts are DISALLOWED. You must
> > either find a suitably licensed replacement, or do without.
> > There will be NO exceptions.
> >
> > o Any situation not covered by the above is an implicit
> > DISALLOWAL of usage.
> >
> > Also please note that in the 2nd situation (where a temporary
> > exclusion has been granted), you MUST ensure that NOTICE explicitly
> > notifies the end-user that a JSON licensed artifact exists. They
> > may not be aware of it up to now, and that MUST be addressed.
> >
> > If there are any questions, please ask on the legal-discuss@a.o
> > list.
> >
> > --
> > Jim Jagielski
> > VP Legal Affairs
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> > For additional commands, e-mail: legal-discuss-help@apache.org
> >
>
Re: JSON License and Apache Projects
Posted by Sebastien <se...@gmail.com>.
Looking at
https://github.com/apache/wicket/blob/master/wicket-core/src/main/java/org/apache/wicket/ajax/json/README
The link https://github.com/douglascrockford/JSON-java redirects to
https://github.com/stleary/JSON-java/
And, https://github.com/stleary/JSON-java/blob/master/LICENSE indicates
that the library is JSON.org licensed.
So, is our copy be affected by the new license terms?
On Wed, Nov 23, 2016 at 4:43 PM, Martin Grigorov <mg...@apache.org>
wrote:
> We do not depend on it but use a copy of it:
> https://github.com/apache/wicket/tree/master/wicket-
> core/src/main/java/org/apache/wicket/ajax/json
>
> Martin Grigorov
> Wicket Training and Consulting
> https://twitter.com/mtgrigorov
>
> On Wed, Nov 23, 2016 at 4:36 PM, Martijn Dashorst <da...@apache.org>
> wrote:
>
> > FYI: the json.org library for parsing and generating JSON documents
> > is now category X, which means it is prohibited from being included
> > in Apache releases.
> >
> > As far as I know we are not exposed, but we should be diligent and
> > make note of this and replace if we do have a (transitive)
> > dependency.
> >
> > The issue is the "don't use this for evil" clause, that makes it hard to
> > get past legal departments without any issue. The license is also not
> > approved by the OSI, and therefore moved to the category X.
> >
> > Martijn
> >
> >
> >
> > ---------- Forwarded message ----------
> > From: Jim Jagielski <ji...@apache.org>
> > Date: Wed, Nov 23, 2016 at 3:08 PM
> > Subject: JSON License and Apache Projects
> > To: legal-discuss@apache.org
> >
> >
> > As some of you may know, recently the JSON License has been
> > moved to Category X (https://www.apache.org/legal/resolved#category-x).
> >
> > I understand that this has impacted some projects, especially
> > those in the midst of doing a release. I also understand that
> > up until now, really, there has been no real "outcry" over our
> > usage of it, especially from end-users and other consumers of
> > our projects which use it.
> >
> > As compelling as that is, the fact is that the JSON license
> > itself is not OSI approved and is therefore not, by definition,
> > an "Open Source license" and, as such, cannot be considered as
> > one which is acceptable as related to categories.
> >
> > Therefore, w/ my VP Legal hat on, I am making the following
> > statements:
> >
> > o No new project, sub-project or codebase, which has not
> > used JSON licensed jars (or similar), are allowed to use
> > them. In other words, if you haven't been using them, you
> > aren't allowed to start. It is Cat-X.
> >
> > o If you have been using it, and have done so in a *release*,
> > AND there has been NO pushback from your community/eco-system,
> > you have a temporary exclusion from the Cat-X classification thru
> > April 30, 2017. At that point in time, ANY and ALL usage
> > of these JSON licensed artifacts are DISALLOWED. You must
> > either find a suitably licensed replacement, or do without.
> > There will be NO exceptions.
> >
> > o Any situation not covered by the above is an implicit
> > DISALLOWAL of usage.
> >
> > Also please note that in the 2nd situation (where a temporary
> > exclusion has been granted), you MUST ensure that NOTICE explicitly
> > notifies the end-user that a JSON licensed artifact exists. They
> > may not be aware of it up to now, and that MUST be addressed.
> >
> > If there are any questions, please ask on the legal-discuss@a.o
> > list.
> >
> > --
> > Jim Jagielski
> > VP Legal Affairs
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> > For additional commands, e-mail: legal-discuss-help@apache.org
> >
>
Re: JSON License and Apache Projects
Posted by Martin Grigorov <mg...@apache.org>.
We do not depend on it but use a copy of it:
https://github.com/apache/wicket/tree/master/wicket-core/src/main/java/org/apache/wicket/ajax/json
Martin Grigorov
Wicket Training and Consulting
https://twitter.com/mtgrigorov
On Wed, Nov 23, 2016 at 4:36 PM, Martijn Dashorst <da...@apache.org>
wrote:
> FYI: the json.org library for parsing and generating JSON documents
> is now category X, which means it is prohibited from being included
> in Apache releases.
>
> As far as I know we are not exposed, but we should be diligent and
> make note of this and replace if we do have a (transitive)
> dependency.
>
> The issue is the "don't use this for evil" clause, that makes it hard to
> get past legal departments without any issue. The license is also not
> approved by the OSI, and therefore moved to the category X.
>
> Martijn
>
>
>
> ---------- Forwarded message ----------
> From: Jim Jagielski <ji...@apache.org>
> Date: Wed, Nov 23, 2016 at 3:08 PM
> Subject: JSON License and Apache Projects
> To: legal-discuss@apache.org
>
>
> As some of you may know, recently the JSON License has been
> moved to Category X (https://www.apache.org/legal/resolved#category-x).
>
> I understand that this has impacted some projects, especially
> those in the midst of doing a release. I also understand that
> up until now, really, there has been no real "outcry" over our
> usage of it, especially from end-users and other consumers of
> our projects which use it.
>
> As compelling as that is, the fact is that the JSON license
> itself is not OSI approved and is therefore not, by definition,
> an "Open Source license" and, as such, cannot be considered as
> one which is acceptable as related to categories.
>
> Therefore, w/ my VP Legal hat on, I am making the following
> statements:
>
> o No new project, sub-project or codebase, which has not
> used JSON licensed jars (or similar), are allowed to use
> them. In other words, if you haven't been using them, you
> aren't allowed to start. It is Cat-X.
>
> o If you have been using it, and have done so in a *release*,
> AND there has been NO pushback from your community/eco-system,
> you have a temporary exclusion from the Cat-X classification thru
> April 30, 2017. At that point in time, ANY and ALL usage
> of these JSON licensed artifacts are DISALLOWED. You must
> either find a suitably licensed replacement, or do without.
> There will be NO exceptions.
>
> o Any situation not covered by the above is an implicit
> DISALLOWAL of usage.
>
> Also please note that in the 2nd situation (where a temporary
> exclusion has been granted), you MUST ensure that NOTICE explicitly
> notifies the end-user that a JSON licensed artifact exists. They
> may not be aware of it up to now, and that MUST be addressed.
>
> If there are any questions, please ask on the legal-discuss@a.o
> list.
>
> --
> Jim Jagielski
> VP Legal Affairs
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> For additional commands, e-mail: legal-discuss-help@apache.org
>
Re: JSON License and Apache Projects
Posted by Maxim Solodovnik <so...@gmail.com>.
In case it is about this: org.json:json:jar:20090211 libarary
I'm afraid wicketstuff is affected
Could you please confirm it is about this library?
On Wed, Nov 23, 2016 at 10:36 PM, Martijn Dashorst <da...@apache.org>
wrote:
> FYI: the json.org library for parsing and generating JSON documents
> is now category X, which means it is prohibited from being included
> in Apache releases.
>
> As far as I know we are not exposed, but we should be diligent and
> make note of this and replace if we do have a (transitive)
> dependency.
>
> The issue is the "don't use this for evil" clause, that makes it hard to
> get past legal departments without any issue. The license is also not
> approved by the OSI, and therefore moved to the category X.
>
> Martijn
>
>
>
> ---------- Forwarded message ----------
> From: Jim Jagielski <ji...@apache.org>
> Date: Wed, Nov 23, 2016 at 3:08 PM
> Subject: JSON License and Apache Projects
> To: legal-discuss@apache.org
>
>
> As some of you may know, recently the JSON License has been
> moved to Category X (https://www.apache.org/legal/resolved#category-x).
>
> I understand that this has impacted some projects, especially
> those in the midst of doing a release. I also understand that
> up until now, really, there has been no real "outcry" over our
> usage of it, especially from end-users and other consumers of
> our projects which use it.
>
> As compelling as that is, the fact is that the JSON license
> itself is not OSI approved and is therefore not, by definition,
> an "Open Source license" and, as such, cannot be considered as
> one which is acceptable as related to categories.
>
> Therefore, w/ my VP Legal hat on, I am making the following
> statements:
>
> o No new project, sub-project or codebase, which has not
> used JSON licensed jars (or similar), are allowed to use
> them. In other words, if you haven't been using them, you
> aren't allowed to start. It is Cat-X.
>
> o If you have been using it, and have done so in a *release*,
> AND there has been NO pushback from your community/eco-system,
> you have a temporary exclusion from the Cat-X classification thru
> April 30, 2017. At that point in time, ANY and ALL usage
> of these JSON licensed artifacts are DISALLOWED. You must
> either find a suitably licensed replacement, or do without.
> There will be NO exceptions.
>
> o Any situation not covered by the above is an implicit
> DISALLOWAL of usage.
>
> Also please note that in the 2nd situation (where a temporary
> exclusion has been granted), you MUST ensure that NOTICE explicitly
> notifies the end-user that a JSON licensed artifact exists. They
> may not be aware of it up to now, and that MUST be addressed.
>
> If there are any questions, please ask on the legal-discuss@a.o
> list.
>
> --
> Jim Jagielski
> VP Legal Affairs
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> For additional commands, e-mail: legal-discuss-help@apache.org
>
--
WBR
Maxim aka solomax
Re: JSON License and Apache Projects
Posted by Maxim Solodovnik <so...@gmail.com>.
In case it is about this: org.json:json:jar:20090211 libarary
I'm afraid wicketstuff is affected
Could you please confirm it is about this library?
On Wed, Nov 23, 2016 at 10:36 PM, Martijn Dashorst <da...@apache.org>
wrote:
> FYI: the json.org library for parsing and generating JSON documents
> is now category X, which means it is prohibited from being included
> in Apache releases.
>
> As far as I know we are not exposed, but we should be diligent and
> make note of this and replace if we do have a (transitive)
> dependency.
>
> The issue is the "don't use this for evil" clause, that makes it hard to
> get past legal departments without any issue. The license is also not
> approved by the OSI, and therefore moved to the category X.
>
> Martijn
>
>
>
> ---------- Forwarded message ----------
> From: Jim Jagielski <ji...@apache.org>
> Date: Wed, Nov 23, 2016 at 3:08 PM
> Subject: JSON License and Apache Projects
> To: legal-discuss@apache.org
>
>
> As some of you may know, recently the JSON License has been
> moved to Category X (https://www.apache.org/legal/resolved#category-x).
>
> I understand that this has impacted some projects, especially
> those in the midst of doing a release. I also understand that
> up until now, really, there has been no real "outcry" over our
> usage of it, especially from end-users and other consumers of
> our projects which use it.
>
> As compelling as that is, the fact is that the JSON license
> itself is not OSI approved and is therefore not, by definition,
> an "Open Source license" and, as such, cannot be considered as
> one which is acceptable as related to categories.
>
> Therefore, w/ my VP Legal hat on, I am making the following
> statements:
>
> o No new project, sub-project or codebase, which has not
> used JSON licensed jars (or similar), are allowed to use
> them. In other words, if you haven't been using them, you
> aren't allowed to start. It is Cat-X.
>
> o If you have been using it, and have done so in a *release*,
> AND there has been NO pushback from your community/eco-system,
> you have a temporary exclusion from the Cat-X classification thru
> April 30, 2017. At that point in time, ANY and ALL usage
> of these JSON licensed artifacts are DISALLOWED. You must
> either find a suitably licensed replacement, or do without.
> There will be NO exceptions.
>
> o Any situation not covered by the above is an implicit
> DISALLOWAL of usage.
>
> Also please note that in the 2nd situation (where a temporary
> exclusion has been granted), you MUST ensure that NOTICE explicitly
> notifies the end-user that a JSON licensed artifact exists. They
> may not be aware of it up to now, and that MUST be addressed.
>
> If there are any questions, please ask on the legal-discuss@a.o
> list.
>
> --
> Jim Jagielski
> VP Legal Affairs
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> For additional commands, e-mail: legal-discuss-help@apache.org
>
--
WBR
Maxim aka solomax
Re: JSON License and Apache Projects
Posted by Martin Grigorov <mg...@apache.org>.
We do not depend on it but use a copy of it:
https://github.com/apache/wicket/tree/master/wicket-core/src/main/java/org/apache/wicket/ajax/json
Martin Grigorov
Wicket Training and Consulting
https://twitter.com/mtgrigorov
On Wed, Nov 23, 2016 at 4:36 PM, Martijn Dashorst <da...@apache.org>
wrote:
> FYI: the json.org library for parsing and generating JSON documents
> is now category X, which means it is prohibited from being included
> in Apache releases.
>
> As far as I know we are not exposed, but we should be diligent and
> make note of this and replace if we do have a (transitive)
> dependency.
>
> The issue is the "don't use this for evil" clause, that makes it hard to
> get past legal departments without any issue. The license is also not
> approved by the OSI, and therefore moved to the category X.
>
> Martijn
>
>
>
> ---------- Forwarded message ----------
> From: Jim Jagielski <ji...@apache.org>
> Date: Wed, Nov 23, 2016 at 3:08 PM
> Subject: JSON License and Apache Projects
> To: legal-discuss@apache.org
>
>
> As some of you may know, recently the JSON License has been
> moved to Category X (https://www.apache.org/legal/resolved#category-x).
>
> I understand that this has impacted some projects, especially
> those in the midst of doing a release. I also understand that
> up until now, really, there has been no real "outcry" over our
> usage of it, especially from end-users and other consumers of
> our projects which use it.
>
> As compelling as that is, the fact is that the JSON license
> itself is not OSI approved and is therefore not, by definition,
> an "Open Source license" and, as such, cannot be considered as
> one which is acceptable as related to categories.
>
> Therefore, w/ my VP Legal hat on, I am making the following
> statements:
>
> o No new project, sub-project or codebase, which has not
> used JSON licensed jars (or similar), are allowed to use
> them. In other words, if you haven't been using them, you
> aren't allowed to start. It is Cat-X.
>
> o If you have been using it, and have done so in a *release*,
> AND there has been NO pushback from your community/eco-system,
> you have a temporary exclusion from the Cat-X classification thru
> April 30, 2017. At that point in time, ANY and ALL usage
> of these JSON licensed artifacts are DISALLOWED. You must
> either find a suitably licensed replacement, or do without.
> There will be NO exceptions.
>
> o Any situation not covered by the above is an implicit
> DISALLOWAL of usage.
>
> Also please note that in the 2nd situation (where a temporary
> exclusion has been granted), you MUST ensure that NOTICE explicitly
> notifies the end-user that a JSON licensed artifact exists. They
> may not be aware of it up to now, and that MUST be addressed.
>
> If there are any questions, please ask on the legal-discuss@a.o
> list.
>
> --
> Jim Jagielski
> VP Legal Affairs
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> For additional commands, e-mail: legal-discuss-help@apache.org
>
Fwd: JSON License and Apache Projects
Posted by Martijn Dashorst <da...@apache.org>.
FYI: the json.org library for parsing and generating JSON documents
is now category X, which means it is prohibited from being included
in Apache releases.
As far as I know we are not exposed, but we should be diligent and
make note of this and replace if we do have a (transitive)
dependency.
The issue is the "don't use this for evil" clause, that makes it hard to
get past legal departments without any issue. The license is also not
approved by the OSI, and therefore moved to the category X.
Martijn
---------- Forwarded message ----------
From: Jim Jagielski <ji...@apache.org>
Date: Wed, Nov 23, 2016 at 3:08 PM
Subject: JSON License and Apache Projects
To: legal-discuss@apache.org
As some of you may know, recently the JSON License has been
moved to Category X (https://www.apache.org/legal/resolved#category-x).
I understand that this has impacted some projects, especially
those in the midst of doing a release. I also understand that
up until now, really, there has been no real "outcry" over our
usage of it, especially from end-users and other consumers of
our projects which use it.
As compelling as that is, the fact is that the JSON license
itself is not OSI approved and is therefore not, by definition,
an "Open Source license" and, as such, cannot be considered as
one which is acceptable as related to categories.
Therefore, w/ my VP Legal hat on, I am making the following
statements:
o No new project, sub-project or codebase, which has not
used JSON licensed jars (or similar), are allowed to use
them. In other words, if you haven't been using them, you
aren't allowed to start. It is Cat-X.
o If you have been using it, and have done so in a *release*,
AND there has been NO pushback from your community/eco-system,
you have a temporary exclusion from the Cat-X classification thru
April 30, 2017. At that point in time, ANY and ALL usage
of these JSON licensed artifacts are DISALLOWED. You must
either find a suitably licensed replacement, or do without.
There will be NO exceptions.
o Any situation not covered by the above is an implicit
DISALLOWAL of usage.
Also please note that in the 2nd situation (where a temporary
exclusion has been granted), you MUST ensure that NOTICE explicitly
notifies the end-user that a JSON licensed artifact exists. They
may not be aware of it up to now, and that MUST be addressed.
If there are any questions, please ask on the legal-discuss@a.o
list.
--
Jim Jagielski
VP Legal Affairs
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org
Re: JSON License and Apache Projects
Posted by "P. Taylor Goetz" <pt...@gmail.com>.
(cc board@ so PMC chairs are included)
Thanks Jim for providing decisive, actionable guidance on the issue. Affected PMCs now have unambiguous paths forward for addressing the issue.
If Jim has no objections, I'd encourage PMC Chairs to forward this to their respective dev@ lists, whether affected or not. It's a good reminder of both the importance and difficulties of OSS licensing. It would also serve as a reminder of why the legal*@ lists exist and encourage more individuals to follow those discussions.
-Taylor
> On Nov 23, 2016, at 9:08 AM, Jim Jagielski <ji...@apache.org> wrote:
>
> As some of you may know, recently the JSON License has been
> moved to Category X (https://www.apache.org/legal/resolved#category-x).
>
> I understand that this has impacted some projects, especially
> those in the midst of doing a release. I also understand that
> up until now, really, there has been no real "outcry" over our
> usage of it, especially from end-users and other consumers of
> our projects which use it.
>
> As compelling as that is, the fact is that the JSON license
> itself is not OSI approved and is therefore not, by definition,
> an "Open Source license" and, as such, cannot be considered as
> one which is acceptable as related to categories.
>
> Therefore, w/ my VP Legal hat on, I am making the following
> statements:
>
> o No new project, sub-project or codebase, which has not
> used JSON licensed jars (or similar), are allowed to use
> them. In other words, if you haven't been using them, you
> aren't allowed to start. It is Cat-X.
>
> o If you have been using it, and have done so in a *release*,
> AND there has been NO pushback from your community/eco-system,
> you have a temporary exclusion from the Cat-X classification thru
> April 30, 2017. At that point in time, ANY and ALL usage
> of these JSON licensed artifacts are DISALLOWED. You must
> either find a suitably licensed replacement, or do without.
> There will be NO exceptions.
>
> o Any situation not covered by the above is an implicit
> DISALLOWAL of usage.
>
> Also please note that in the 2nd situation (where a temporary
> exclusion has been granted), you MUST ensure that NOTICE explicitly
> notifies the end-user that a JSON licensed artifact exists. They
> may not be aware of it up to now, and that MUST be addressed.
>
> If there are any questions, please ask on the legal-discuss@a.o
> list.
>
> --
> Jim Jagielski
> VP Legal Affairs
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> For additional commands, e-mail: legal-discuss-help@apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org
Fwd: JSON License and Apache Projects
Posted by Stian Soiland-Reyes <st...@apache.org>.
We need to check we are not using org.json as the JSON.org license has
been verified as NOT open source.
See below from Legal VP - tl;dr: "The Software shall be used for Good,
not Evil." is an ambiguous restriction of use!
It seems org.json is used in taverna-mobile -- possibly through the
Apache-licensed clean-room implementation of org.json (part of Android
SDK I believe), but that needs to be verified:
./incubator-taverna-mobile/app/src/main/java/org/apache/taverna/mobile/utils/WorkflowDB.java:import
org.json.JSONArray;
./incubator-taverna-mobile/app/src/main/java/org/apache/taverna/mobile/utils/WorkflowDB.java:import
org.json.JSONException;
./incubator-taverna-mobile/app/src/main/java/org/apache/taverna/mobile/utils/WorkflowDB.java:import
org.json.JSONObject;
(..)
./incubator-taverna-common-activities/taverna-interaction-activity/src/main/resources/json2.js
is also from json.org - but it has a permissive Public Domain license
(which has other issues) but otherwise is OK.
(as mentioned in LICENSE for incubator-taverna-common-activities)
(If you found the JSON license funny - see here:
---------- Forwarded message ----------
From: Jim Jagielski <ji...@apache.org>
Date: 23 November 2016 at 14:08
Subject: JSON License and Apache Projects
To: legal-discuss@apache.org
As some of you may know, recently the JSON License has been
moved to Category X (https://www.apache.org/legal/resolved#category-x).
I understand that this has impacted some projects, especially
those in the midst of doing a release. I also understand that
up until now, really, there has been no real "outcry" over our
usage of it, especially from end-users and other consumers of
our projects which use it.
As compelling as that is, the fact is that the JSON license
itself is not OSI approved and is therefore not, by definition,
an "Open Source license" and, as such, cannot be considered as
one which is acceptable as related to categories.
Therefore, w/ my VP Legal hat on, I am making the following
statements:
o No new project, sub-project or codebase, which has not
used JSON licensed jars (or similar), are allowed to use
them. In other words, if you haven't been using them, you
aren't allowed to start. It is Cat-X.
o If you have been using it, and have done so in a *release*,
AND there has been NO pushback from your community/eco-system,
you have a temporary exclusion from the Cat-X classification thru
April 30, 2017. At that point in time, ANY and ALL usage
of these JSON licensed artifacts are DISALLOWED. You must
either find a suitably licensed replacement, or do without.
There will be NO exceptions.
o Any situation not covered by the above is an implicit
DISALLOWAL of usage.
Also please note that in the 2nd situation (where a temporary
exclusion has been granted), you MUST ensure that NOTICE explicitly
notifies the end-user that a JSON licensed artifact exists. They
may not be aware of it up to now, and that MUST be addressed.
If there are any questions, please ask on the legal-discuss@a.o
list.
--
Jim Jagielski
VP Legal Affairs
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org
--
Stian Soiland-Reyes
http://orcid.org/0000-0001-9842-9718
Re: JSON License and Apache Projects
Posted by Jim Jagielski <ji...@jaguNET.com>.
Since 'OpenSSL+RSA license' is not in any way part of
this discussion, I have no idea what you are referring
to.
If you have a specific question, then please ask.
> On Nov 27, 2016, at 12:05 AM, William A Rowe Jr <wr...@rowe-clan.net> wrote:
>
> [Note private/public x-post]
>
> On Wed, Nov 23, 2016 at 8:08 AM, Jim Jagielski <ji...@apache.org> wrote:
>
> Therefore, w/ my VP Legal hat on, I am making the following
> statements:
>
> o If you have been using it, and have done so in a *release*,
> AND there has been NO pushback from your community/eco-system,
> you have a temporary exclusion from the Cat-X classification thru
> April 30, 2017. At that point in time, ANY and ALL usage
> of these JSON licensed artifacts are DISALLOWED. You must
> either find a suitably licensed replacement, or do without.
> There will be NO exceptions.
>
> So as we are to understand it, OpenSSL+RSA license with all of its
> wrinkles and warts, is similarly disallowed on an expedited timeframe,
> including removal of mod_ssl from httpd?
>
> Just want to ensure that I'm understanding how 'legal-hat' is applying
> policy equitably and fairly throughout the foundation's activities. I'm
> certain httpd project and others will also comply.
>
> Cheers,
>
> Bill
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org
Re: JSON License and Apache Projects
Posted by William A Rowe Jr <wr...@rowe-clan.net>.
[Note private/public x-post]
On Wed, Nov 23, 2016 at 8:08 AM, Jim Jagielski <ji...@apache.org> wrote:
>
> Therefore, w/ my VP Legal hat on, I am making the following
> statements:
>
> o If you have been using it, and have done so in a *release*,
> AND there has been NO pushback from your community/eco-system,
> you have a temporary exclusion from the Cat-X classification thru
> April 30, 2017. At that point in time, ANY and ALL usage
> of these JSON licensed artifacts are DISALLOWED. You must
> either find a suitably licensed replacement, or do without.
> There will be NO exceptions.
>
So as we are to understand it, OpenSSL+RSA license with all of its
wrinkles and warts, is similarly disallowed on an expedited timeframe,
including removal of mod_ssl from httpd?
Just want to ensure that I'm understanding how 'legal-hat' is applying
policy equitably and fairly throughout the foundation's activities. I'm
certain httpd project and others will also comply.
Cheers,
Bill