[
https://issues.apache.org/jira/browse/HADOOP-12893?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15229471#comment-15229471
]
Colin Patrick McCabe commented on HADOOP-12893:
-----------------------------------------------
We do not statically link OpenSSL into anything. It's not part of
libhadooppipes.a, and it's not included in libhadoop.so or libhadoop.a. It's
not even a depedency of libhadoop, but is accessed via {{dlopen}} / {{dlsym}}.
You can see the dependencies of libhadoop.so easily via:
{code}
cmccabe@mirabilis:~/hadoop> ldd
./hadoop-dist/target/hadoop-3.0.0-SNAPSHOT/lib/native/libhadoop.so
linux-vdso.so.1 (0x00007ffdd072f000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007f240717d000)
libjvm.so => /usr/java/latest/jre/lib/amd64/server/libjvm.so
(0x00007f2406457000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f2406239000)
libc.so.6 => /lib64/libc.so.6 (0x00007f2405e8b000)
/lib64/ld-linux-x86-64.so.2 (0x00007f24075a6000)
libm.so.6 => /lib64/libm.so.6 (0x00007f2405b88000)
{code}
libdl, libpthread, libc, ld-linux-x86-64.so.2, and libm are system libraries,
and libjvm.so comes from the JVM which is installed.
>From http://www.apache.org/dev/licensing-howto.html:
{code}
THE SIMPLE CASE -- NO BUNDLED DEPENDENCIES
For a source tree which consists entirely of code licensed to the ASF by the
copyright holders and which has no bundled dependencies, LICENSE should contain
the text of the ALv2 -- no more, no less.
NOTICE should contain only the following text, adapted with the product's name
and copyright dates:
Apache [PRODUCT_NAME]
Copyright [XXXX-20XX] The Apache Software Foundation
This product includes software developed at
The Apache Software Foundation (http://www.apache.org/).
{code}
The way we handle the native dependencies in the LICENSE and NOTICE files right
now is correct.
The javascript libraries are indeed bundled, and should be added to LICENSE and
NOTICE.
{{find -name '*.js'}} reveals that we have bundled at least dust.js, moment.js,
jquery, bootstrap, and d3.
> Verify LICENSE.txt and NOTICE.txt
> ---------------------------------
>
> Key: HADOOP-12893
> URL: https://issues.apache.org/jira/browse/HADOOP-12893
> Project: Hadoop Common
> Issue Type: Bug
> Affects Versions: 2.8.0, 3.0.0, 2.7.3, 2.6.5
> Reporter: Allen Wittenauer
> Priority: Blocker
>
> We need to verify that we're abiding by the legal terms set forth by all of
> our dependencies. We need to make sure that our LICENSE.txt and NOTICE.txt
> list all the licenses as appropriate for source and binary artifacts. In
> particular, we statically link several libraries like OpenSSL into libhadoop,
> libhdfs, pipes, and probably others when -Pnative is used but have no
> reference at all to their licensing terms.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
