You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Sean Mackrory (JIRA)" <ji...@apache.org> on 2017/12/05 16:24:01 UTC
[jira] [Comment Edited] (HADOOP-15080) Cat-X dependency on org.json
via derived json-lib
[ https://issues.apache.org/jira/browse/HADOOP-15080?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16278809#comment-16278809 ]
Sean Mackrory edited comment on HADOOP-15080 at 12/5/17 4:23 PM:
-----------------------------------------------------------------
{quote}explicitly add it as a test-scoped dependency{quote}
Ah - I was wondering if you could conditionally exclude a dependency or change the scope of a transitive one. I guess that's how you do it.
I thought I had seen a specific exception for "weak copyleft" licenses for use in build, development and testing, hence my idea that Jersey's CDDL was much safer than category X. But if we're already using category X in testing, then perhaps the explicit test-scoped dependency is okay (plus I can't find that exception now). My only remaining concern then is that most category X licenses dictate how you're allowed to distribute stuff. json-lib dictates how you *use* stuff, so there's still the ambiguity as far as ASF's liability is concerned. But if it's okay with whoever needs to make that call, then yeah, just a maven hack to prevent this from being included while the OSS folks work on a more elegant solution is fine by me too.
was (Author: mackrorysd):
{quote}explicitly add it as a test-scoped dependency{quote}
Ah - I was wondering if you could selectively exlude a dependency of change the scope of a transitive one. I guess that's how you do it.
I thought I had seen a specific exception for "weak copyleft" licenses for use in build, development and testing, hence my idea that Jersey's CDDL was much safer than category X. But if we're already using category X in testing, then perhaps the explicit test-scoped dependency is okay. My only remaining concern then is that most category X licenses dictate how you're allowed to distribute stuff. json-lib dictates how you *use* stuff, so there's still the ambiguity. But if it's okay with whoever needs to make that call, then yeah, just a maven hack to prevent this from being included while the OSS folks work on a more elegant solution is fine by me too.
> Cat-X dependency on org.json via derived json-lib
> -------------------------------------------------
>
> Key: HADOOP-15080
> URL: https://issues.apache.org/jira/browse/HADOOP-15080
> Project: Hadoop Common
> Issue Type: Bug
> Components: fs/oss
> Affects Versions: 3.0.0-beta1
> Reporter: Chris Douglas
> Priority: Blocker
> Attachments: HADOOP-15080-branch-3.0.0.001.patch
>
>
> The OSS SDK has a dependency on json-lib. In LEGAL-245, the org.json library (from which json-lib may be derived) is released under a [category-x|https://www.apache.org/legal/resolved.html#json] license.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org