hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Kanter (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-15874) Add Bouncy Castle License
Date Tue, 23 Oct 2018 18:37:00 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-15874?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16661101#comment-16661101
] 

Robert Kanter commented on HADOOP-15874:
----------------------------------------

It looks like the license was the same in the previous (really really old) version of BouncyCastle
that we were using:
https://search.maven.org/artifact/org.bouncycastle/bcprov-jdk16/1.46/jar

HADOOP-15832 added the bcpkix artifact (we used to only have the bcprov artifact) and maybe
that's what triggered this?  It looks like it's only complaining about that artifact.  

As [~stevel@apache.org] said, the license, which applies to both artifacts, is mentioned in
the NOTICE.txt.  
And as for ASF compatibility, the Bouncy Castle License is identical to the MIT license (not
sure why they didn't just use MIT), so it should be fine.
https://www.bouncycastle.org/licence.html
https://opensource.org/licenses/MIT

> Add Bouncy Castle License
> -------------------------
>
>                 Key: HADOOP-15874
>                 URL: https://issues.apache.org/jira/browse/HADOOP-15874
>             Project: Hadoop Common
>          Issue Type: Bug
>            Reporter: Wei-Chiu Chuang
>            Priority: Blocker
>
> Compiling HBase against Hadoop trunk tells me Bouncy Castle license is used.
> {quote}
> This product includes Bouncy Castle PKIX, CMS, EAC, TSP, PKCS, OCSP, CMP, and CRMF APIs
licensed under the Bouncy Castle Licence.
> ERROR: Please check ^^^^^^^^^^^^ this License for acceptability here:
> https://www.apache.org/legal/resolved
> If it is okay, then update the list named 'non_aggregate_fine' in the LICENSE.vm file.
> If it isn't okay, then revert the change that added the dependency.
> More info on the dependency:
> <groupId>org.bouncycastle</groupId>
> <artifactId>bcpkix-jdk15on</artifactId>
> <version>1.60</version>
> maven central search
> g:org.bouncycastle AND a:bcpkix-jdk15on AND v:1.60
> project website
> http://www.bouncycastle.org/java.html
> project source
> https://github.com/bcgit/bc-java
> {quote}
> According to the project website, Bouncy Castle License is the same as MIT license.
> https://www.bouncycastle.org/licence.html
> {quote}
> Please note this should be read in the same way as the MIT license.
> {quote}
> Shall we seek Apache Software Foundation's legal advice? Per ASF legal, Bouncy Castle
is not listed as an includable license: https://www.apache.org/legal/resolved#category-a
> Not sure why it only surfaced in Hadoop trunk (aka branch 3.3) since Bouncy Castle was
included long time ago. Maybe a recent change made by [~rkanter] in YARN-8857 updated the
version and changed the license?



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org


Mime
View raw message