[
https://issues.apache.org/jira/browse/HADOOP-12893?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15229621#comment-15229621
]
Allen Wittenauer commented on HADOOP-12893:
-------------------------------------------
bq. Can you be clearer about what licensing issues you think exist beyond the
javascript?
I do not have a complete list, but let's see if we can find one.
Download
https://dist.apache.org/repos/dist/release/hadoop/common/hadoop-2.7.2/hadoop-2.7.2.tar.gz
. There are a jars *in binary form* in there that we are redistributing.
Let's grab one and see what it's license is...
I know, how about protobuf-java-*.jar? Surely that should be safe given we've
been pushing tarballs with it for a few years now, right? With a bit of
searching we find this link to the license:
https://github.com/google/protobuf/blob/master/LICENSE
Taking a look at that, we'll find a modified BSD 3-clause license, which
contains this text:
{code}
* Redistributions in binary form must reproduce the above
copyright notice, this list of conditions and the following disclaimer
in the documentation and/or other materials provided with the
distribution.
{code}
Do you see us reference protobuf's license terms and conditions anywhere in the
above tar.gz file? No? Me neither. IANAL, but I'm pretty sure that's a
violation of protobuf's license.
> Verify LICENSE.txt and NOTICE.txt
> ---------------------------------
>
> Key: HADOOP-12893
> URL: https://issues.apache.org/jira/browse/HADOOP-12893
> Project: Hadoop Common
> Issue Type: Bug
> Affects Versions: 2.8.0, 3.0.0, 2.7.3, 2.6.5
> Reporter: Allen Wittenauer
> Priority: Blocker
>
> We have many bundled dependencies in both the source and the binary artifacts
> that are not in LICENSE.txt and NOTICE.txt.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
