hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Wei-Chiu Chuang (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-15874) Add Bouncy Castle License
Date Tue, 23 Oct 2018 17:39:00 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-15874?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16661024#comment-16661024

Wei-Chiu Chuang commented on HADOOP-15874:

It seems the license of Bouncy Castle changed from MIT License to Bouncy Castle License some
time ago. The license mentioned in NOTICE.txt states Bouncy Castle is licensed under MIT License.

> Add Bouncy Castle License
> -------------------------
>                 Key: HADOOP-15874
>                 URL: https://issues.apache.org/jira/browse/HADOOP-15874
>             Project: Hadoop Common
>          Issue Type: Bug
>            Reporter: Wei-Chiu Chuang
>            Priority: Blocker
> Compiling HBase against Hadoop trunk tells me Bouncy Castle license is used.
> {quote}
> This product includes Bouncy Castle PKIX, CMS, EAC, TSP, PKCS, OCSP, CMP, and CRMF APIs
licensed under the Bouncy Castle Licence.
> ERROR: Please check ^^^^^^^^^^^^ this License for acceptability here:
> https://www.apache.org/legal/resolved
> If it is okay, then update the list named 'non_aggregate_fine' in the LICENSE.vm file.
> If it isn't okay, then revert the change that added the dependency.
> More info on the dependency:
> <groupId>org.bouncycastle</groupId>
> <artifactId>bcpkix-jdk15on</artifactId>
> <version>1.60</version>
> maven central search
> g:org.bouncycastle AND a:bcpkix-jdk15on AND v:1.60
> project website
> http://www.bouncycastle.org/java.html
> project source
> https://github.com/bcgit/bc-java
> {quote}
> According to the project website, Bouncy Castle License is the same as MIT license.
> https://www.bouncycastle.org/licence.html
> {quote}
> Please note this should be read in the same way as the MIT license.
> {quote}
> Shall we seek Apache Software Foundation's legal advice? Per ASF legal, Bouncy Castle
is not listed as an includable license: https://www.apache.org/legal/resolved#category-a
> Not sure why it only surfaced in Hadoop trunk (aka branch 3.3) since Bouncy Castle was
included long time ago. Maybe a recent change made by [~rkanter] in YARN-8857 updated the
version and changed the license?

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org

View raw message