You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@wicket.apache.org by Martijn Dashorst <da...@apache.org> on 2016/11/23 15:36:02 UTC
Fwd: JSON License and Apache Projects
FYI: the json.org library for parsing and generating JSON documents
is now category X, which means it is prohibited from being included
in Apache releases.
As far as I know we are not exposed, but we should be diligent and
make note of this and replace if we do have a (transitive)
dependency.
The issue is the "don't use this for evil" clause, that makes it hard to
get past legal departments without any issue. The license is also not
approved by the OSI, and therefore moved to the category X.
Martijn
---------- Forwarded message ----------
From: Jim Jagielski <ji...@apache.org>
Date: Wed, Nov 23, 2016 at 3:08 PM
Subject: JSON License and Apache Projects
To: legal-discuss@apache.org
As some of you may know, recently the JSON License has been
moved to Category X (https://www.apache.org/legal/resolved#category-x).
I understand that this has impacted some projects, especially
those in the midst of doing a release. I also understand that
up until now, really, there has been no real "outcry" over our
usage of it, especially from end-users and other consumers of
our projects which use it.
As compelling as that is, the fact is that the JSON license
itself is not OSI approved and is therefore not, by definition,
an "Open Source license" and, as such, cannot be considered as
one which is acceptable as related to categories.
Therefore, w/ my VP Legal hat on, I am making the following
statements:
o No new project, sub-project or codebase, which has not
used JSON licensed jars (or similar), are allowed to use
them. In other words, if you haven't been using them, you
aren't allowed to start. It is Cat-X.
o If you have been using it, and have done so in a *release*,
AND there has been NO pushback from your community/eco-system,
you have a temporary exclusion from the Cat-X classification thru
April 30, 2017. At that point in time, ANY and ALL usage
of these JSON licensed artifacts are DISALLOWED. You must
either find a suitably licensed replacement, or do without.
There will be NO exceptions.
o Any situation not covered by the above is an implicit
DISALLOWAL of usage.
Also please note that in the 2nd situation (where a temporary
exclusion has been granted), you MUST ensure that NOTICE explicitly
notifies the end-user that a JSON licensed artifact exists. They
may not be aware of it up to now, and that MUST be addressed.
If there are any questions, please ask on the legal-discuss@a.o
list.
--
Jim Jagielski
VP Legal Affairs
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org
Re: JSON License and Apache Projects
Posted by Sebastien <se...@gmail.com>.
dsl-json seems to be fast, and the license seems to be compatible (BSD
3-Clause).
However, this is a quite new project, which is java-8 oriented AFAICS.
I guess the JSON library we will choose should be java 1.5, 6, 7 & 8
compatible...
On Wed, Nov 23, 2016 at 6:37 PM, Martin Grigorov <mg...@apache.org>
wrote:
> Better use https://github.com/fabienrenaud/java-json-benchmark
> The article by Takipi is both old and the testing approach is inaccurate.
>
> Martin Grigorov
> Wicket Training and Consulting
> https://twitter.com/mtgrigorov
>
> On Wed, Nov 23, 2016 at 6:25 PM, Tobias Soloschenko <
> tobiassoloschenko@googlemail.com> wrote:
>
> > Hi,
> >
> > we should also consider the performance impact, shouldn't we?
> >
> > http://blog.takipi.com/the-ultimate-json-library-json-simple
> > -vs-gson-vs-jackson-vs-json/
> >
> > kind regards
> >
> > Tobias
> >
> > Am 23.11.16 um 17:26 schrieb Sebastien:
> >
> > I'm +1 for jackson. We already use it in wicket-extensions
> >>
> >> https://github.com/apache/wicket/blob/master/wicket-extensio
> >> ns/src/main/java/org/apache/wicket/extensions/requestlogge
> >> r/JsonRequestLogger.java#L22
> >>
> >> Moreover, I'm personally fine to rely on a 3rd party library for JSON
> >> objects. That way you can use the same library back-end side and get the
> >> JSON objects back (no deserialization issues, which is not true if a
> >> specific JSON lib is front-end side only, like for our JSON internal
> lib)
> >>
> >>
> >> On Wed, Nov 23, 2016 at 5:16 PM, Martijn Dashorst <
> >> martijn.dashorst@gmail.com> wrote:
> >>
> >> Another option would be to use jackson and use the JSON classes in
> >>> Wicket as API wrappers.
> >>>
> >>> Martijn
> >>>
> >>>
> >
>
Re: JSON License and Apache Projects
Posted by Tobias Soloschenko <to...@googlemail.com>.
Hi Martin,
sadly there are classes not covered by open-json, but for all others we could make different PRs for 6.x and 7.x and copy them. In this case I would suggest to also let the name of JSONFunction to be like I renamed it.
kind regards
Tobias
> Am 24.11.2016 um 21:46 schrieb Martin Grigorov <mg...@apache.org>:
>
> Hi Tobias,
>
> This PR is OK for 8.x but as Emond said: making such change in 6.x and 7.x
> is a *BIG* API break.
> 1.5.x is not affected because we introduced JSON.org for the Ajax rework in
> Wicket 6.0.0.
> I believe the easier solution for 6.x and 7.x is to copy the classes from
> Open-JSON and replace the current ones.
>
> Martin Grigorov
> Wicket Training and Consulting
> https://twitter.com/mtgrigorov
>
> On Thu, Nov 24, 2016 at 7:01 PM, Tobias Soloschenko <
> tobiassoloschenko@googlemail.com> wrote:
>
>> Hi,
>>
>> to provide the most possible backward compatibility I think open-json is
>> great:
>>
>> https://github.com/apache/wicket/pull/193
>> https://github.com/tdunning/open-json/pull/1
>> https://github.com/apache/wicket/pull/193
>>
>> I also think that we should move the classes out and use the external lib.
>>
>> Libraries which are using Apache Wicket JSON only have to organize the
>> imports in most cases. If classes are used which are not ported yet - you
>> can exclude open-json and shift to json.org - or you can implement it
>> yourself.
>>
>> WDYT?
>>
>> kind regards
>>
>> Tobias
>>
>> 2016-11-23 21:26 GMT+01:00 Mark Struberg <st...@yahoo.de.invalid>:
>>
>>> Try Apache Johnzon.
>>> It is really tiny (< 100k) and already used in CXF and TomEE as well for
>>> example.
>>> It's based on the JSON-P specification, so it's even optional if you run
>>> Wicket on a EE7 server.
>>>
>>> LieGrue,
>>> strub
>>>
>>>
>>>> Am 23.11.2016 um 20:24 schrieb Emond Papegaaij <
>>> emond.papegaaij@gmail.com>:
>>>>
>>>> Hi,
>>>>
>>>> Does this mean we can no longer include these files in Wicket 6 and 7?
>>>> If so, that would mean a serious API break, or we need to duplicate
>>>> the entire API in new classes. The classes are part of the public API
>>>> of AbstractDefaultAjaxBehavior and the classes are publicly available.
>>>>
>>>> Looking at the usage of the classes in Wicket, I don't see why we need
>>>> a heavy weight library such as Jackson. Also, Jackson has a history of
>>>> breaking its API even in patch releases. It has proven one of the most
>>>> unreliable libraries in our applications over the past few years.
>>>>
>>>> Wicket only uses the JSON classes in 3 places:
>>>> AbstractDefaultAjaxBehavior, AtmosphereParameters and ModalWindow. I
>>>> think we should either find a lightweight substitute or write
>>>> something ourselves from scratch. As far as I can see, we only use the
>>>> classes to render Maps and arrays to JSON. We do not seem to be using
>>>> them for parsing.
>>>>
>>>> Best regards,
>>>> Emond
>>>>
>>>> On Wed, Nov 23, 2016 at 7:44 PM, Mark Struberg
>>>> <st...@yahoo.de.invalid> wrote:
>>>>> This benchmark is also not really correct.
>>>>> For Johnzon it creates a new JsonProvider for each and every
>>> invocation. This heavily slows down the performance.
>>>>>
>>>>> LieGrue,
>>>>> strub
>>>>>
>>>>>> Am 23.11.2016 um 18:37 schrieb Martin Grigorov <mgrigorov@apache.org
>>> :
>>>>>>
>>>>>> https://github.com/fabienrenaud/java-json-benchmark
>>>>>
>>>
>>>
>>
Re: JSON License and Apache Projects
Posted by Martin Grigorov <mg...@apache.org>.
Hi Tobias,
This PR is OK for 8.x but as Emond said: making such change in 6.x and 7.x
is a *BIG* API break.
1.5.x is not affected because we introduced JSON.org for the Ajax rework in
Wicket 6.0.0.
I believe the easier solution for 6.x and 7.x is to copy the classes from
Open-JSON and replace the current ones.
Martin Grigorov
Wicket Training and Consulting
https://twitter.com/mtgrigorov
On Thu, Nov 24, 2016 at 7:01 PM, Tobias Soloschenko <
tobiassoloschenko@googlemail.com> wrote:
> Hi,
>
> to provide the most possible backward compatibility I think open-json is
> great:
>
> https://github.com/apache/wicket/pull/193
> https://github.com/tdunning/open-json/pull/1
> https://github.com/apache/wicket/pull/193
>
> I also think that we should move the classes out and use the external lib.
>
> Libraries which are using Apache Wicket JSON only have to organize the
> imports in most cases. If classes are used which are not ported yet - you
> can exclude open-json and shift to json.org - or you can implement it
> yourself.
>
> WDYT?
>
> kind regards
>
> Tobias
>
> 2016-11-23 21:26 GMT+01:00 Mark Struberg <st...@yahoo.de.invalid>:
>
> > Try Apache Johnzon.
> > It is really tiny (< 100k) and already used in CXF and TomEE as well for
> > example.
> > It's based on the JSON-P specification, so it's even optional if you run
> > Wicket on a EE7 server.
> >
> > LieGrue,
> > strub
> >
> >
> > > Am 23.11.2016 um 20:24 schrieb Emond Papegaaij <
> > emond.papegaaij@gmail.com>:
> > >
> > > Hi,
> > >
> > > Does this mean we can no longer include these files in Wicket 6 and 7?
> > > If so, that would mean a serious API break, or we need to duplicate
> > > the entire API in new classes. The classes are part of the public API
> > > of AbstractDefaultAjaxBehavior and the classes are publicly available.
> > >
> > > Looking at the usage of the classes in Wicket, I don't see why we need
> > > a heavy weight library such as Jackson. Also, Jackson has a history of
> > > breaking its API even in patch releases. It has proven one of the most
> > > unreliable libraries in our applications over the past few years.
> > >
> > > Wicket only uses the JSON classes in 3 places:
> > > AbstractDefaultAjaxBehavior, AtmosphereParameters and ModalWindow. I
> > > think we should either find a lightweight substitute or write
> > > something ourselves from scratch. As far as I can see, we only use the
> > > classes to render Maps and arrays to JSON. We do not seem to be using
> > > them for parsing.
> > >
> > > Best regards,
> > > Emond
> > >
> > > On Wed, Nov 23, 2016 at 7:44 PM, Mark Struberg
> > > <st...@yahoo.de.invalid> wrote:
> > >> This benchmark is also not really correct.
> > >> For Johnzon it creates a new JsonProvider for each and every
> > invocation. This heavily slows down the performance.
> > >>
> > >> LieGrue,
> > >> strub
> > >>
> > >>> Am 23.11.2016 um 18:37 schrieb Martin Grigorov <mgrigorov@apache.org
> >:
> > >>>
> > >>> https://github.com/fabienrenaud/java-json-benchmark
> > >>
> >
> >
>
Re: JSON License and Apache Projects
Posted by Tobias Soloschenko <to...@googlemail.com>.
Hi,
to provide the most possible backward compatibility I think open-json is
great:
https://github.com/apache/wicket/pull/193
https://github.com/tdunning/open-json/pull/1
https://github.com/apache/wicket/pull/193
I also think that we should move the classes out and use the external lib.
Libraries which are using Apache Wicket JSON only have to organize the
imports in most cases. If classes are used which are not ported yet - you
can exclude open-json and shift to json.org - or you can implement it
yourself.
WDYT?
kind regards
Tobias
2016-11-23 21:26 GMT+01:00 Mark Struberg <st...@yahoo.de.invalid>:
> Try Apache Johnzon.
> It is really tiny (< 100k) and already used in CXF and TomEE as well for
> example.
> It's based on the JSON-P specification, so it's even optional if you run
> Wicket on a EE7 server.
>
> LieGrue,
> strub
>
>
> > Am 23.11.2016 um 20:24 schrieb Emond Papegaaij <
> emond.papegaaij@gmail.com>:
> >
> > Hi,
> >
> > Does this mean we can no longer include these files in Wicket 6 and 7?
> > If so, that would mean a serious API break, or we need to duplicate
> > the entire API in new classes. The classes are part of the public API
> > of AbstractDefaultAjaxBehavior and the classes are publicly available.
> >
> > Looking at the usage of the classes in Wicket, I don't see why we need
> > a heavy weight library such as Jackson. Also, Jackson has a history of
> > breaking its API even in patch releases. It has proven one of the most
> > unreliable libraries in our applications over the past few years.
> >
> > Wicket only uses the JSON classes in 3 places:
> > AbstractDefaultAjaxBehavior, AtmosphereParameters and ModalWindow. I
> > think we should either find a lightweight substitute or write
> > something ourselves from scratch. As far as I can see, we only use the
> > classes to render Maps and arrays to JSON. We do not seem to be using
> > them for parsing.
> >
> > Best regards,
> > Emond
> >
> > On Wed, Nov 23, 2016 at 7:44 PM, Mark Struberg
> > <st...@yahoo.de.invalid> wrote:
> >> This benchmark is also not really correct.
> >> For Johnzon it creates a new JsonProvider for each and every
> invocation. This heavily slows down the performance.
> >>
> >> LieGrue,
> >> strub
> >>
> >>> Am 23.11.2016 um 18:37 schrieb Martin Grigorov <mg...@apache.org>:
> >>>
> >>> https://github.com/fabienrenaud/java-json-benchmark
> >>
>
>
Re: JSON License and Apache Projects
Posted by Mark Struberg <st...@yahoo.de.INVALID>.
Try Apache Johnzon.
It is really tiny (< 100k) and already used in CXF and TomEE as well for example.
It's based on the JSON-P specification, so it's even optional if you run Wicket on a EE7 server.
LieGrue,
strub
> Am 23.11.2016 um 20:24 schrieb Emond Papegaaij <em...@gmail.com>:
>
> Hi,
>
> Does this mean we can no longer include these files in Wicket 6 and 7?
> If so, that would mean a serious API break, or we need to duplicate
> the entire API in new classes. The classes are part of the public API
> of AbstractDefaultAjaxBehavior and the classes are publicly available.
>
> Looking at the usage of the classes in Wicket, I don't see why we need
> a heavy weight library such as Jackson. Also, Jackson has a history of
> breaking its API even in patch releases. It has proven one of the most
> unreliable libraries in our applications over the past few years.
>
> Wicket only uses the JSON classes in 3 places:
> AbstractDefaultAjaxBehavior, AtmosphereParameters and ModalWindow. I
> think we should either find a lightweight substitute or write
> something ourselves from scratch. As far as I can see, we only use the
> classes to render Maps and arrays to JSON. We do not seem to be using
> them for parsing.
>
> Best regards,
> Emond
>
> On Wed, Nov 23, 2016 at 7:44 PM, Mark Struberg
> <st...@yahoo.de.invalid> wrote:
>> This benchmark is also not really correct.
>> For Johnzon it creates a new JsonProvider for each and every invocation. This heavily slows down the performance.
>>
>> LieGrue,
>> strub
>>
>>> Am 23.11.2016 um 18:37 schrieb Martin Grigorov <mg...@apache.org>:
>>>
>>> https://github.com/fabienrenaud/java-json-benchmark
>>
Re: JSON License and Apache Projects
Posted by Emond Papegaaij <em...@gmail.com>.
Hi,
Does this mean we can no longer include these files in Wicket 6 and 7?
If so, that would mean a serious API break, or we need to duplicate
the entire API in new classes. The classes are part of the public API
of AbstractDefaultAjaxBehavior and the classes are publicly available.
Looking at the usage of the classes in Wicket, I don't see why we need
a heavy weight library such as Jackson. Also, Jackson has a history of
breaking its API even in patch releases. It has proven one of the most
unreliable libraries in our applications over the past few years.
Wicket only uses the JSON classes in 3 places:
AbstractDefaultAjaxBehavior, AtmosphereParameters and ModalWindow. I
think we should either find a lightweight substitute or write
something ourselves from scratch. As far as I can see, we only use the
classes to render Maps and arrays to JSON. We do not seem to be using
them for parsing.
Best regards,
Emond
On Wed, Nov 23, 2016 at 7:44 PM, Mark Struberg
<st...@yahoo.de.invalid> wrote:
> This benchmark is also not really correct.
> For Johnzon it creates a new JsonProvider for each and every invocation. This heavily slows down the performance.
>
> LieGrue,
> strub
>
>> Am 23.11.2016 um 18:37 schrieb Martin Grigorov <mg...@apache.org>:
>>
>> https://github.com/fabienrenaud/java-json-benchmark
>
Re: JSON License and Apache Projects
Posted by Mark Struberg <st...@yahoo.de.INVALID>.
This benchmark is also not really correct.
For Johnzon it creates a new JsonProvider for each and every invocation. This heavily slows down the performance.
LieGrue,
strub
> Am 23.11.2016 um 18:37 schrieb Martin Grigorov <mg...@apache.org>:
>
> https://github.com/fabienrenaud/java-json-benchmark
Re: JSON License and Apache Projects
Posted by Martin Grigorov <mg...@apache.org>.
Better use https://github.com/fabienrenaud/java-json-benchmark
The article by Takipi is both old and the testing approach is inaccurate.
Martin Grigorov
Wicket Training and Consulting
https://twitter.com/mtgrigorov
On Wed, Nov 23, 2016 at 6:25 PM, Tobias Soloschenko <
tobiassoloschenko@googlemail.com> wrote:
> Hi,
>
> we should also consider the performance impact, shouldn't we?
>
> http://blog.takipi.com/the-ultimate-json-library-json-simple
> -vs-gson-vs-jackson-vs-json/
>
> kind regards
>
> Tobias
>
> Am 23.11.16 um 17:26 schrieb Sebastien:
>
> I'm +1 for jackson. We already use it in wicket-extensions
>>
>> https://github.com/apache/wicket/blob/master/wicket-extensio
>> ns/src/main/java/org/apache/wicket/extensions/requestlogge
>> r/JsonRequestLogger.java#L22
>>
>> Moreover, I'm personally fine to rely on a 3rd party library for JSON
>> objects. That way you can use the same library back-end side and get the
>> JSON objects back (no deserialization issues, which is not true if a
>> specific JSON lib is front-end side only, like for our JSON internal lib)
>>
>>
>> On Wed, Nov 23, 2016 at 5:16 PM, Martijn Dashorst <
>> martijn.dashorst@gmail.com> wrote:
>>
>> Another option would be to use jackson and use the JSON classes in
>>> Wicket as API wrappers.
>>>
>>> Martijn
>>>
>>>
>
Re: JSON License and Apache Projects
Posted by Tobias Soloschenko <to...@googlemail.com>.
Hi,
we should also consider the performance impact, shouldn't we?
http://blog.takipi.com/the-ultimate-json-library-json-simple-vs-gson-vs-jackson-vs-json/
kind regards
Tobias
Am 23.11.16 um 17:26 schrieb Sebastien:
> I'm +1 for jackson. We already use it in wicket-extensions
>
> https://github.com/apache/wicket/blob/master/wicket-extensions/src/main/java/org/apache/wicket/extensions/requestlogger/JsonRequestLogger.java#L22
>
> Moreover, I'm personally fine to rely on a 3rd party library for JSON
> objects. That way you can use the same library back-end side and get the
> JSON objects back (no deserialization issues, which is not true if a
> specific JSON lib is front-end side only, like for our JSON internal lib)
>
>
> On Wed, Nov 23, 2016 at 5:16 PM, Martijn Dashorst <
> martijn.dashorst@gmail.com> wrote:
>
>> Another option would be to use jackson and use the JSON classes in
>> Wicket as API wrappers.
>>
>> Martijn
>>
Re: JSON License and Apache Projects
Posted by Sebastien <se...@gmail.com>.
I'm +1 for jackson. We already use it in wicket-extensions
https://github.com/apache/wicket/blob/master/wicket-extensions/src/main/java/org/apache/wicket/extensions/requestlogger/JsonRequestLogger.java#L22
Moreover, I'm personally fine to rely on a 3rd party library for JSON
objects. That way you can use the same library back-end side and get the
JSON objects back (no deserialization issues, which is not true if a
specific JSON lib is front-end side only, like for our JSON internal lib)
On Wed, Nov 23, 2016 at 5:16 PM, Martijn Dashorst <
martijn.dashorst@gmail.com> wrote:
> Another option would be to use jackson and use the JSON classes in
> Wicket as API wrappers.
>
> Martijn
>
Re: JSON License and Apache Projects
Posted by Martijn Dashorst <ma...@gmail.com>.
Another option would be to use jackson and use the JSON classes in
Wicket as API wrappers.
Martijn
On Wed, Nov 23, 2016 at 5:16 PM, Martijn Dashorst
<ma...@gmail.com> wrote:
> Ted Dunning has created this package:
>
> https://github.com/tdunning/open-json
>
> Martijn
>
>
> On Wed, Nov 23, 2016 at 5:13 PM, Martijn Dashorst
> <ma...@gmail.com> wrote:
>> OK,
>>
>> So we need to exorcise the JSON code from our project. This has to be
>> done in all active branches.
>>
>> It also occurred to me that the licensing for these files is
>> incorrectly implemented: the JSON license should also be in /licenses
>> so that the release script will add it to the LICENSE file upon
>> release.
>>
>> Martijn
>>
>>
>> On Wed, Nov 23, 2016 at 4:51 PM, Sebastien <se...@gmail.com> wrote:
>>> Looking at
>>> https://github.com/apache/wicket/blob/master/wicket-core/src/main/java/org/apache/wicket/ajax/json/README
>>>
>>> The link https://github.com/douglascrockford/JSON-java redirects to
>>> https://github.com/stleary/JSON-java/
>>>
>>> And, https://github.com/stleary/JSON-java/blob/master/LICENSE indicates
>>> that the library is JSON.org licensed.
>>> So, is our copy be affected by the new license terms?
>>>
>>>
>>>
>>> On Wed, Nov 23, 2016 at 4:43 PM, Martin Grigorov <mg...@apache.org>
>>> wrote:
>>>
>>>> We do not depend on it but use a copy of it:
>>>> https://github.com/apache/wicket/tree/master/wicket-
>>>> core/src/main/java/org/apache/wicket/ajax/json
>>>>
>>>> Martin Grigorov
>>>> Wicket Training and Consulting
>>>> https://twitter.com/mtgrigorov
>>>>
>>>> On Wed, Nov 23, 2016 at 4:36 PM, Martijn Dashorst <da...@apache.org>
>>>> wrote:
>>>>
>>>> > FYI: the json.org library for parsing and generating JSON documents
>>>> > is now category X, which means it is prohibited from being included
>>>> > in Apache releases.
>>>> >
>>>> > As far as I know we are not exposed, but we should be diligent and
>>>> > make note of this and replace if we do have a (transitive)
>>>> > dependency.
>>>> >
>>>> > The issue is the "don't use this for evil" clause, that makes it hard to
>>>> > get past legal departments without any issue. The license is also not
>>>> > approved by the OSI, and therefore moved to the category X.
>>>> >
>>>> > Martijn
>>>> >
>>>> >
>>>> >
>>>> > ---------- Forwarded message ----------
>>>> > From: Jim Jagielski <ji...@apache.org>
>>>> > Date: Wed, Nov 23, 2016 at 3:08 PM
>>>> > Subject: JSON License and Apache Projects
>>>> > To: legal-discuss@apache.org
>>>> >
>>>> >
>>>> > As some of you may know, recently the JSON License has been
>>>> > moved to Category X (https://www.apache.org/legal/resolved#category-x).
>>>> >
>>>> > I understand that this has impacted some projects, especially
>>>> > those in the midst of doing a release. I also understand that
>>>> > up until now, really, there has been no real "outcry" over our
>>>> > usage of it, especially from end-users and other consumers of
>>>> > our projects which use it.
>>>> >
>>>> > As compelling as that is, the fact is that the JSON license
>>>> > itself is not OSI approved and is therefore not, by definition,
>>>> > an "Open Source license" and, as such, cannot be considered as
>>>> > one which is acceptable as related to categories.
>>>> >
>>>> > Therefore, w/ my VP Legal hat on, I am making the following
>>>> > statements:
>>>> >
>>>> > o No new project, sub-project or codebase, which has not
>>>> > used JSON licensed jars (or similar), are allowed to use
>>>> > them. In other words, if you haven't been using them, you
>>>> > aren't allowed to start. It is Cat-X.
>>>> >
>>>> > o If you have been using it, and have done so in a *release*,
>>>> > AND there has been NO pushback from your community/eco-system,
>>>> > you have a temporary exclusion from the Cat-X classification thru
>>>> > April 30, 2017. At that point in time, ANY and ALL usage
>>>> > of these JSON licensed artifacts are DISALLOWED. You must
>>>> > either find a suitably licensed replacement, or do without.
>>>> > There will be NO exceptions.
>>>> >
>>>> > o Any situation not covered by the above is an implicit
>>>> > DISALLOWAL of usage.
>>>> >
>>>> > Also please note that in the 2nd situation (where a temporary
>>>> > exclusion has been granted), you MUST ensure that NOTICE explicitly
>>>> > notifies the end-user that a JSON licensed artifact exists. They
>>>> > may not be aware of it up to now, and that MUST be addressed.
>>>> >
>>>> > If there are any questions, please ask on the legal-discuss@a.o
>>>> > list.
>>>> >
>>>> > --
>>>> > Jim Jagielski
>>>> > VP Legal Affairs
>>>> >
>>>> >
>>>> > ---------------------------------------------------------------------
>>>> > To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
>>>> > For additional commands, e-mail: legal-discuss-help@apache.org
>>>> >
>>>>
>>
>>
>>
>> --
>> Become a Wicket expert, learn from the best: http://wicketinaction.com
>
>
>
> --
> Become a Wicket expert, learn from the best: http://wicketinaction.com
--
Become a Wicket expert, learn from the best: http://wicketinaction.com
Re: JSON License and Apache Projects
Posted by Martijn Dashorst <ma...@gmail.com>.
Ted Dunning has created this package:
https://github.com/tdunning/open-json
Martijn
On Wed, Nov 23, 2016 at 5:13 PM, Martijn Dashorst
<ma...@gmail.com> wrote:
> OK,
>
> So we need to exorcise the JSON code from our project. This has to be
> done in all active branches.
>
> It also occurred to me that the licensing for these files is
> incorrectly implemented: the JSON license should also be in /licenses
> so that the release script will add it to the LICENSE file upon
> release.
>
> Martijn
>
>
> On Wed, Nov 23, 2016 at 4:51 PM, Sebastien <se...@gmail.com> wrote:
>> Looking at
>> https://github.com/apache/wicket/blob/master/wicket-core/src/main/java/org/apache/wicket/ajax/json/README
>>
>> The link https://github.com/douglascrockford/JSON-java redirects to
>> https://github.com/stleary/JSON-java/
>>
>> And, https://github.com/stleary/JSON-java/blob/master/LICENSE indicates
>> that the library is JSON.org licensed.
>> So, is our copy be affected by the new license terms?
>>
>>
>>
>> On Wed, Nov 23, 2016 at 4:43 PM, Martin Grigorov <mg...@apache.org>
>> wrote:
>>
>>> We do not depend on it but use a copy of it:
>>> https://github.com/apache/wicket/tree/master/wicket-
>>> core/src/main/java/org/apache/wicket/ajax/json
>>>
>>> Martin Grigorov
>>> Wicket Training and Consulting
>>> https://twitter.com/mtgrigorov
>>>
>>> On Wed, Nov 23, 2016 at 4:36 PM, Martijn Dashorst <da...@apache.org>
>>> wrote:
>>>
>>> > FYI: the json.org library for parsing and generating JSON documents
>>> > is now category X, which means it is prohibited from being included
>>> > in Apache releases.
>>> >
>>> > As far as I know we are not exposed, but we should be diligent and
>>> > make note of this and replace if we do have a (transitive)
>>> > dependency.
>>> >
>>> > The issue is the "don't use this for evil" clause, that makes it hard to
>>> > get past legal departments without any issue. The license is also not
>>> > approved by the OSI, and therefore moved to the category X.
>>> >
>>> > Martijn
>>> >
>>> >
>>> >
>>> > ---------- Forwarded message ----------
>>> > From: Jim Jagielski <ji...@apache.org>
>>> > Date: Wed, Nov 23, 2016 at 3:08 PM
>>> > Subject: JSON License and Apache Projects
>>> > To: legal-discuss@apache.org
>>> >
>>> >
>>> > As some of you may know, recently the JSON License has been
>>> > moved to Category X (https://www.apache.org/legal/resolved#category-x).
>>> >
>>> > I understand that this has impacted some projects, especially
>>> > those in the midst of doing a release. I also understand that
>>> > up until now, really, there has been no real "outcry" over our
>>> > usage of it, especially from end-users and other consumers of
>>> > our projects which use it.
>>> >
>>> > As compelling as that is, the fact is that the JSON license
>>> > itself is not OSI approved and is therefore not, by definition,
>>> > an "Open Source license" and, as such, cannot be considered as
>>> > one which is acceptable as related to categories.
>>> >
>>> > Therefore, w/ my VP Legal hat on, I am making the following
>>> > statements:
>>> >
>>> > o No new project, sub-project or codebase, which has not
>>> > used JSON licensed jars (or similar), are allowed to use
>>> > them. In other words, if you haven't been using them, you
>>> > aren't allowed to start. It is Cat-X.
>>> >
>>> > o If you have been using it, and have done so in a *release*,
>>> > AND there has been NO pushback from your community/eco-system,
>>> > you have a temporary exclusion from the Cat-X classification thru
>>> > April 30, 2017. At that point in time, ANY and ALL usage
>>> > of these JSON licensed artifacts are DISALLOWED. You must
>>> > either find a suitably licensed replacement, or do without.
>>> > There will be NO exceptions.
>>> >
>>> > o Any situation not covered by the above is an implicit
>>> > DISALLOWAL of usage.
>>> >
>>> > Also please note that in the 2nd situation (where a temporary
>>> > exclusion has been granted), you MUST ensure that NOTICE explicitly
>>> > notifies the end-user that a JSON licensed artifact exists. They
>>> > may not be aware of it up to now, and that MUST be addressed.
>>> >
>>> > If there are any questions, please ask on the legal-discuss@a.o
>>> > list.
>>> >
>>> > --
>>> > Jim Jagielski
>>> > VP Legal Affairs
>>> >
>>> >
>>> > ---------------------------------------------------------------------
>>> > To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
>>> > For additional commands, e-mail: legal-discuss-help@apache.org
>>> >
>>>
>
>
>
> --
> Become a Wicket expert, learn from the best: http://wicketinaction.com
--
Become a Wicket expert, learn from the best: http://wicketinaction.com
Re: JSON License and Apache Projects
Posted by Martijn Dashorst <ma...@gmail.com>.
OK,
So we need to exorcise the JSON code from our project. This has to be
done in all active branches.
It also occurred to me that the licensing for these files is
incorrectly implemented: the JSON license should also be in /licenses
so that the release script will add it to the LICENSE file upon
release.
Martijn
On Wed, Nov 23, 2016 at 4:51 PM, Sebastien <se...@gmail.com> wrote:
> Looking at
> https://github.com/apache/wicket/blob/master/wicket-core/src/main/java/org/apache/wicket/ajax/json/README
>
> The link https://github.com/douglascrockford/JSON-java redirects to
> https://github.com/stleary/JSON-java/
>
> And, https://github.com/stleary/JSON-java/blob/master/LICENSE indicates
> that the library is JSON.org licensed.
> So, is our copy be affected by the new license terms?
>
>
>
> On Wed, Nov 23, 2016 at 4:43 PM, Martin Grigorov <mg...@apache.org>
> wrote:
>
>> We do not depend on it but use a copy of it:
>> https://github.com/apache/wicket/tree/master/wicket-
>> core/src/main/java/org/apache/wicket/ajax/json
>>
>> Martin Grigorov
>> Wicket Training and Consulting
>> https://twitter.com/mtgrigorov
>>
>> On Wed, Nov 23, 2016 at 4:36 PM, Martijn Dashorst <da...@apache.org>
>> wrote:
>>
>> > FYI: the json.org library for parsing and generating JSON documents
>> > is now category X, which means it is prohibited from being included
>> > in Apache releases.
>> >
>> > As far as I know we are not exposed, but we should be diligent and
>> > make note of this and replace if we do have a (transitive)
>> > dependency.
>> >
>> > The issue is the "don't use this for evil" clause, that makes it hard to
>> > get past legal departments without any issue. The license is also not
>> > approved by the OSI, and therefore moved to the category X.
>> >
>> > Martijn
>> >
>> >
>> >
>> > ---------- Forwarded message ----------
>> > From: Jim Jagielski <ji...@apache.org>
>> > Date: Wed, Nov 23, 2016 at 3:08 PM
>> > Subject: JSON License and Apache Projects
>> > To: legal-discuss@apache.org
>> >
>> >
>> > As some of you may know, recently the JSON License has been
>> > moved to Category X (https://www.apache.org/legal/resolved#category-x).
>> >
>> > I understand that this has impacted some projects, especially
>> > those in the midst of doing a release. I also understand that
>> > up until now, really, there has been no real "outcry" over our
>> > usage of it, especially from end-users and other consumers of
>> > our projects which use it.
>> >
>> > As compelling as that is, the fact is that the JSON license
>> > itself is not OSI approved and is therefore not, by definition,
>> > an "Open Source license" and, as such, cannot be considered as
>> > one which is acceptable as related to categories.
>> >
>> > Therefore, w/ my VP Legal hat on, I am making the following
>> > statements:
>> >
>> > o No new project, sub-project or codebase, which has not
>> > used JSON licensed jars (or similar), are allowed to use
>> > them. In other words, if you haven't been using them, you
>> > aren't allowed to start. It is Cat-X.
>> >
>> > o If you have been using it, and have done so in a *release*,
>> > AND there has been NO pushback from your community/eco-system,
>> > you have a temporary exclusion from the Cat-X classification thru
>> > April 30, 2017. At that point in time, ANY and ALL usage
>> > of these JSON licensed artifacts are DISALLOWED. You must
>> > either find a suitably licensed replacement, or do without.
>> > There will be NO exceptions.
>> >
>> > o Any situation not covered by the above is an implicit
>> > DISALLOWAL of usage.
>> >
>> > Also please note that in the 2nd situation (where a temporary
>> > exclusion has been granted), you MUST ensure that NOTICE explicitly
>> > notifies the end-user that a JSON licensed artifact exists. They
>> > may not be aware of it up to now, and that MUST be addressed.
>> >
>> > If there are any questions, please ask on the legal-discuss@a.o
>> > list.
>> >
>> > --
>> > Jim Jagielski
>> > VP Legal Affairs
>> >
>> >
>> > ---------------------------------------------------------------------
>> > To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
>> > For additional commands, e-mail: legal-discuss-help@apache.org
>> >
>>
--
Become a Wicket expert, learn from the best: http://wicketinaction.com
Re: JSON License and Apache Projects
Posted by Sebastien <se...@gmail.com>.
Looking at
https://github.com/apache/wicket/blob/master/wicket-core/src/main/java/org/apache/wicket/ajax/json/README
The link https://github.com/douglascrockford/JSON-java redirects to
https://github.com/stleary/JSON-java/
And, https://github.com/stleary/JSON-java/blob/master/LICENSE indicates
that the library is JSON.org licensed.
So, is our copy be affected by the new license terms?
On Wed, Nov 23, 2016 at 4:43 PM, Martin Grigorov <mg...@apache.org>
wrote:
> We do not depend on it but use a copy of it:
> https://github.com/apache/wicket/tree/master/wicket-
> core/src/main/java/org/apache/wicket/ajax/json
>
> Martin Grigorov
> Wicket Training and Consulting
> https://twitter.com/mtgrigorov
>
> On Wed, Nov 23, 2016 at 4:36 PM, Martijn Dashorst <da...@apache.org>
> wrote:
>
> > FYI: the json.org library for parsing and generating JSON documents
> > is now category X, which means it is prohibited from being included
> > in Apache releases.
> >
> > As far as I know we are not exposed, but we should be diligent and
> > make note of this and replace if we do have a (transitive)
> > dependency.
> >
> > The issue is the "don't use this for evil" clause, that makes it hard to
> > get past legal departments without any issue. The license is also not
> > approved by the OSI, and therefore moved to the category X.
> >
> > Martijn
> >
> >
> >
> > ---------- Forwarded message ----------
> > From: Jim Jagielski <ji...@apache.org>
> > Date: Wed, Nov 23, 2016 at 3:08 PM
> > Subject: JSON License and Apache Projects
> > To: legal-discuss@apache.org
> >
> >
> > As some of you may know, recently the JSON License has been
> > moved to Category X (https://www.apache.org/legal/resolved#category-x).
> >
> > I understand that this has impacted some projects, especially
> > those in the midst of doing a release. I also understand that
> > up until now, really, there has been no real "outcry" over our
> > usage of it, especially from end-users and other consumers of
> > our projects which use it.
> >
> > As compelling as that is, the fact is that the JSON license
> > itself is not OSI approved and is therefore not, by definition,
> > an "Open Source license" and, as such, cannot be considered as
> > one which is acceptable as related to categories.
> >
> > Therefore, w/ my VP Legal hat on, I am making the following
> > statements:
> >
> > o No new project, sub-project or codebase, which has not
> > used JSON licensed jars (or similar), are allowed to use
> > them. In other words, if you haven't been using them, you
> > aren't allowed to start. It is Cat-X.
> >
> > o If you have been using it, and have done so in a *release*,
> > AND there has been NO pushback from your community/eco-system,
> > you have a temporary exclusion from the Cat-X classification thru
> > April 30, 2017. At that point in time, ANY and ALL usage
> > of these JSON licensed artifacts are DISALLOWED. You must
> > either find a suitably licensed replacement, or do without.
> > There will be NO exceptions.
> >
> > o Any situation not covered by the above is an implicit
> > DISALLOWAL of usage.
> >
> > Also please note that in the 2nd situation (where a temporary
> > exclusion has been granted), you MUST ensure that NOTICE explicitly
> > notifies the end-user that a JSON licensed artifact exists. They
> > may not be aware of it up to now, and that MUST be addressed.
> >
> > If there are any questions, please ask on the legal-discuss@a.o
> > list.
> >
> > --
> > Jim Jagielski
> > VP Legal Affairs
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> > For additional commands, e-mail: legal-discuss-help@apache.org
> >
>
Re: JSON License and Apache Projects
Posted by Sebastien <se...@gmail.com>.
Looking at
https://github.com/apache/wicket/blob/master/wicket-core/src/main/java/org/apache/wicket/ajax/json/README
The link https://github.com/douglascrockford/JSON-java redirects to
https://github.com/stleary/JSON-java/
And, https://github.com/stleary/JSON-java/blob/master/LICENSE indicates
that the library is JSON.org licensed.
So, is our copy be affected by the new license terms?
On Wed, Nov 23, 2016 at 4:43 PM, Martin Grigorov <mg...@apache.org>
wrote:
> We do not depend on it but use a copy of it:
> https://github.com/apache/wicket/tree/master/wicket-
> core/src/main/java/org/apache/wicket/ajax/json
>
> Martin Grigorov
> Wicket Training and Consulting
> https://twitter.com/mtgrigorov
>
> On Wed, Nov 23, 2016 at 4:36 PM, Martijn Dashorst <da...@apache.org>
> wrote:
>
> > FYI: the json.org library for parsing and generating JSON documents
> > is now category X, which means it is prohibited from being included
> > in Apache releases.
> >
> > As far as I know we are not exposed, but we should be diligent and
> > make note of this and replace if we do have a (transitive)
> > dependency.
> >
> > The issue is the "don't use this for evil" clause, that makes it hard to
> > get past legal departments without any issue. The license is also not
> > approved by the OSI, and therefore moved to the category X.
> >
> > Martijn
> >
> >
> >
> > ---------- Forwarded message ----------
> > From: Jim Jagielski <ji...@apache.org>
> > Date: Wed, Nov 23, 2016 at 3:08 PM
> > Subject: JSON License and Apache Projects
> > To: legal-discuss@apache.org
> >
> >
> > As some of you may know, recently the JSON License has been
> > moved to Category X (https://www.apache.org/legal/resolved#category-x).
> >
> > I understand that this has impacted some projects, especially
> > those in the midst of doing a release. I also understand that
> > up until now, really, there has been no real "outcry" over our
> > usage of it, especially from end-users and other consumers of
> > our projects which use it.
> >
> > As compelling as that is, the fact is that the JSON license
> > itself is not OSI approved and is therefore not, by definition,
> > an "Open Source license" and, as such, cannot be considered as
> > one which is acceptable as related to categories.
> >
> > Therefore, w/ my VP Legal hat on, I am making the following
> > statements:
> >
> > o No new project, sub-project or codebase, which has not
> > used JSON licensed jars (or similar), are allowed to use
> > them. In other words, if you haven't been using them, you
> > aren't allowed to start. It is Cat-X.
> >
> > o If you have been using it, and have done so in a *release*,
> > AND there has been NO pushback from your community/eco-system,
> > you have a temporary exclusion from the Cat-X classification thru
> > April 30, 2017. At that point in time, ANY and ALL usage
> > of these JSON licensed artifacts are DISALLOWED. You must
> > either find a suitably licensed replacement, or do without.
> > There will be NO exceptions.
> >
> > o Any situation not covered by the above is an implicit
> > DISALLOWAL of usage.
> >
> > Also please note that in the 2nd situation (where a temporary
> > exclusion has been granted), you MUST ensure that NOTICE explicitly
> > notifies the end-user that a JSON licensed artifact exists. They
> > may not be aware of it up to now, and that MUST be addressed.
> >
> > If there are any questions, please ask on the legal-discuss@a.o
> > list.
> >
> > --
> > Jim Jagielski
> > VP Legal Affairs
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> > For additional commands, e-mail: legal-discuss-help@apache.org
> >
>
Re: JSON License and Apache Projects
Posted by Martin Grigorov <mg...@apache.org>.
We do not depend on it but use a copy of it:
https://github.com/apache/wicket/tree/master/wicket-core/src/main/java/org/apache/wicket/ajax/json
Martin Grigorov
Wicket Training and Consulting
https://twitter.com/mtgrigorov
On Wed, Nov 23, 2016 at 4:36 PM, Martijn Dashorst <da...@apache.org>
wrote:
> FYI: the json.org library for parsing and generating JSON documents
> is now category X, which means it is prohibited from being included
> in Apache releases.
>
> As far as I know we are not exposed, but we should be diligent and
> make note of this and replace if we do have a (transitive)
> dependency.
>
> The issue is the "don't use this for evil" clause, that makes it hard to
> get past legal departments without any issue. The license is also not
> approved by the OSI, and therefore moved to the category X.
>
> Martijn
>
>
>
> ---------- Forwarded message ----------
> From: Jim Jagielski <ji...@apache.org>
> Date: Wed, Nov 23, 2016 at 3:08 PM
> Subject: JSON License and Apache Projects
> To: legal-discuss@apache.org
>
>
> As some of you may know, recently the JSON License has been
> moved to Category X (https://www.apache.org/legal/resolved#category-x).
>
> I understand that this has impacted some projects, especially
> those in the midst of doing a release. I also understand that
> up until now, really, there has been no real "outcry" over our
> usage of it, especially from end-users and other consumers of
> our projects which use it.
>
> As compelling as that is, the fact is that the JSON license
> itself is not OSI approved and is therefore not, by definition,
> an "Open Source license" and, as such, cannot be considered as
> one which is acceptable as related to categories.
>
> Therefore, w/ my VP Legal hat on, I am making the following
> statements:
>
> o No new project, sub-project or codebase, which has not
> used JSON licensed jars (or similar), are allowed to use
> them. In other words, if you haven't been using them, you
> aren't allowed to start. It is Cat-X.
>
> o If you have been using it, and have done so in a *release*,
> AND there has been NO pushback from your community/eco-system,
> you have a temporary exclusion from the Cat-X classification thru
> April 30, 2017. At that point in time, ANY and ALL usage
> of these JSON licensed artifacts are DISALLOWED. You must
> either find a suitably licensed replacement, or do without.
> There will be NO exceptions.
>
> o Any situation not covered by the above is an implicit
> DISALLOWAL of usage.
>
> Also please note that in the 2nd situation (where a temporary
> exclusion has been granted), you MUST ensure that NOTICE explicitly
> notifies the end-user that a JSON licensed artifact exists. They
> may not be aware of it up to now, and that MUST be addressed.
>
> If there are any questions, please ask on the legal-discuss@a.o
> list.
>
> --
> Jim Jagielski
> VP Legal Affairs
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> For additional commands, e-mail: legal-discuss-help@apache.org
>
Re: JSON License and Apache Projects
Posted by Maxim Solodovnik <so...@gmail.com>.
In case it is about this: org.json:json:jar:20090211 libarary
I'm afraid wicketstuff is affected
Could you please confirm it is about this library?
On Wed, Nov 23, 2016 at 10:36 PM, Martijn Dashorst <da...@apache.org>
wrote:
> FYI: the json.org library for parsing and generating JSON documents
> is now category X, which means it is prohibited from being included
> in Apache releases.
>
> As far as I know we are not exposed, but we should be diligent and
> make note of this and replace if we do have a (transitive)
> dependency.
>
> The issue is the "don't use this for evil" clause, that makes it hard to
> get past legal departments without any issue. The license is also not
> approved by the OSI, and therefore moved to the category X.
>
> Martijn
>
>
>
> ---------- Forwarded message ----------
> From: Jim Jagielski <ji...@apache.org>
> Date: Wed, Nov 23, 2016 at 3:08 PM
> Subject: JSON License and Apache Projects
> To: legal-discuss@apache.org
>
>
> As some of you may know, recently the JSON License has been
> moved to Category X (https://www.apache.org/legal/resolved#category-x).
>
> I understand that this has impacted some projects, especially
> those in the midst of doing a release. I also understand that
> up until now, really, there has been no real "outcry" over our
> usage of it, especially from end-users and other consumers of
> our projects which use it.
>
> As compelling as that is, the fact is that the JSON license
> itself is not OSI approved and is therefore not, by definition,
> an "Open Source license" and, as such, cannot be considered as
> one which is acceptable as related to categories.
>
> Therefore, w/ my VP Legal hat on, I am making the following
> statements:
>
> o No new project, sub-project or codebase, which has not
> used JSON licensed jars (or similar), are allowed to use
> them. In other words, if you haven't been using them, you
> aren't allowed to start. It is Cat-X.
>
> o If you have been using it, and have done so in a *release*,
> AND there has been NO pushback from your community/eco-system,
> you have a temporary exclusion from the Cat-X classification thru
> April 30, 2017. At that point in time, ANY and ALL usage
> of these JSON licensed artifacts are DISALLOWED. You must
> either find a suitably licensed replacement, or do without.
> There will be NO exceptions.
>
> o Any situation not covered by the above is an implicit
> DISALLOWAL of usage.
>
> Also please note that in the 2nd situation (where a temporary
> exclusion has been granted), you MUST ensure that NOTICE explicitly
> notifies the end-user that a JSON licensed artifact exists. They
> may not be aware of it up to now, and that MUST be addressed.
>
> If there are any questions, please ask on the legal-discuss@a.o
> list.
>
> --
> Jim Jagielski
> VP Legal Affairs
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> For additional commands, e-mail: legal-discuss-help@apache.org
>
--
WBR
Maxim aka solomax
Re: JSON License and Apache Projects
Posted by Maxim Solodovnik <so...@gmail.com>.
In case it is about this: org.json:json:jar:20090211 libarary
I'm afraid wicketstuff is affected
Could you please confirm it is about this library?
On Wed, Nov 23, 2016 at 10:36 PM, Martijn Dashorst <da...@apache.org>
wrote:
> FYI: the json.org library for parsing and generating JSON documents
> is now category X, which means it is prohibited from being included
> in Apache releases.
>
> As far as I know we are not exposed, but we should be diligent and
> make note of this and replace if we do have a (transitive)
> dependency.
>
> The issue is the "don't use this for evil" clause, that makes it hard to
> get past legal departments without any issue. The license is also not
> approved by the OSI, and therefore moved to the category X.
>
> Martijn
>
>
>
> ---------- Forwarded message ----------
> From: Jim Jagielski <ji...@apache.org>
> Date: Wed, Nov 23, 2016 at 3:08 PM
> Subject: JSON License and Apache Projects
> To: legal-discuss@apache.org
>
>
> As some of you may know, recently the JSON License has been
> moved to Category X (https://www.apache.org/legal/resolved#category-x).
>
> I understand that this has impacted some projects, especially
> those in the midst of doing a release. I also understand that
> up until now, really, there has been no real "outcry" over our
> usage of it, especially from end-users and other consumers of
> our projects which use it.
>
> As compelling as that is, the fact is that the JSON license
> itself is not OSI approved and is therefore not, by definition,
> an "Open Source license" and, as such, cannot be considered as
> one which is acceptable as related to categories.
>
> Therefore, w/ my VP Legal hat on, I am making the following
> statements:
>
> o No new project, sub-project or codebase, which has not
> used JSON licensed jars (or similar), are allowed to use
> them. In other words, if you haven't been using them, you
> aren't allowed to start. It is Cat-X.
>
> o If you have been using it, and have done so in a *release*,
> AND there has been NO pushback from your community/eco-system,
> you have a temporary exclusion from the Cat-X classification thru
> April 30, 2017. At that point in time, ANY and ALL usage
> of these JSON licensed artifacts are DISALLOWED. You must
> either find a suitably licensed replacement, or do without.
> There will be NO exceptions.
>
> o Any situation not covered by the above is an implicit
> DISALLOWAL of usage.
>
> Also please note that in the 2nd situation (where a temporary
> exclusion has been granted), you MUST ensure that NOTICE explicitly
> notifies the end-user that a JSON licensed artifact exists. They
> may not be aware of it up to now, and that MUST be addressed.
>
> If there are any questions, please ask on the legal-discuss@a.o
> list.
>
> --
> Jim Jagielski
> VP Legal Affairs
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> For additional commands, e-mail: legal-discuss-help@apache.org
>
--
WBR
Maxim aka solomax
Re: JSON License and Apache Projects
Posted by Martin Grigorov <mg...@apache.org>.
We do not depend on it but use a copy of it:
https://github.com/apache/wicket/tree/master/wicket-core/src/main/java/org/apache/wicket/ajax/json
Martin Grigorov
Wicket Training and Consulting
https://twitter.com/mtgrigorov
On Wed, Nov 23, 2016 at 4:36 PM, Martijn Dashorst <da...@apache.org>
wrote:
> FYI: the json.org library for parsing and generating JSON documents
> is now category X, which means it is prohibited from being included
> in Apache releases.
>
> As far as I know we are not exposed, but we should be diligent and
> make note of this and replace if we do have a (transitive)
> dependency.
>
> The issue is the "don't use this for evil" clause, that makes it hard to
> get past legal departments without any issue. The license is also not
> approved by the OSI, and therefore moved to the category X.
>
> Martijn
>
>
>
> ---------- Forwarded message ----------
> From: Jim Jagielski <ji...@apache.org>
> Date: Wed, Nov 23, 2016 at 3:08 PM
> Subject: JSON License and Apache Projects
> To: legal-discuss@apache.org
>
>
> As some of you may know, recently the JSON License has been
> moved to Category X (https://www.apache.org/legal/resolved#category-x).
>
> I understand that this has impacted some projects, especially
> those in the midst of doing a release. I also understand that
> up until now, really, there has been no real "outcry" over our
> usage of it, especially from end-users and other consumers of
> our projects which use it.
>
> As compelling as that is, the fact is that the JSON license
> itself is not OSI approved and is therefore not, by definition,
> an "Open Source license" and, as such, cannot be considered as
> one which is acceptable as related to categories.
>
> Therefore, w/ my VP Legal hat on, I am making the following
> statements:
>
> o No new project, sub-project or codebase, which has not
> used JSON licensed jars (or similar), are allowed to use
> them. In other words, if you haven't been using them, you
> aren't allowed to start. It is Cat-X.
>
> o If you have been using it, and have done so in a *release*,
> AND there has been NO pushback from your community/eco-system,
> you have a temporary exclusion from the Cat-X classification thru
> April 30, 2017. At that point in time, ANY and ALL usage
> of these JSON licensed artifacts are DISALLOWED. You must
> either find a suitably licensed replacement, or do without.
> There will be NO exceptions.
>
> o Any situation not covered by the above is an implicit
> DISALLOWAL of usage.
>
> Also please note that in the 2nd situation (where a temporary
> exclusion has been granted), you MUST ensure that NOTICE explicitly
> notifies the end-user that a JSON licensed artifact exists. They
> may not be aware of it up to now, and that MUST be addressed.
>
> If there are any questions, please ask on the legal-discuss@a.o
> list.
>
> --
> Jim Jagielski
> VP Legal Affairs
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> For additional commands, e-mail: legal-discuss-help@apache.org
>