Hi, > I reviewed this JSON license we've mentioned in license file: (The JSON > License) JSON in Java (org.json:json:20140107 - > https://github.com/douglascrockford/JSON-java > <https://github.com/douglascrockford/JSON-java>) > It is transitive dependency from org.apache.hive:hive-metastore:jar:1.2.1 > (The Apache Software License, Version 2.0), we use hive metastore APIs and > mentioned in pom.xml, but did not use org.json libraries directly. And it is > bundled after built in runtime. > - I also checked license file of hive, it announced JSON license for org.json > library. (https://github.com/apache/hive/blob/release-1.2.1/LICENSE#L308 > <https://github.com/apache/hive/blob/release-1.2.1/LICENSE#L308>)
JSON license was made a category X license a year or two ago. [1] [2] ALv2 content depends on something with a category X license unless it’s optional or for some build tools. [3] PMC’s were given some time to comply with this and perhaps a more recent version of Hive does? > For those CDDL and EPL licenses dependencies, we also just need them in > runtime. And being category B that would be fine but they shouldn’t be mentioned in the source license. [4] The license file for the source release and the binary is likely to be different. > The dependencies are not bundled in the source code, so we don't need to > announce any dependencies' licenses in source release? Correct. Thanks, Justin 1. http://www.apache.org/legal/resolved.html#json 2. https://lists.apache.org/thread.html/195d6e14bbcfcbb8d0a90492a81b311efaa5d6d15bc81b239a32dcb7@%3Cgeneral.incubator.apache.org%3E 3. https://www.apache.org/legal/resolved.html#prohibited 4. http://www.apache.org/dev/licensing-howto.html#binary
