[
https://issues.apache.org/jira/browse/HADOOP-15874?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16661101#comment-16661101
]
Robert Kanter commented on HADOOP-15874:
----------------------------------------
It looks like the license was the same in the previous (really really old)
version of BouncyCastle that we were using:
https://search.maven.org/artifact/org.bouncycastle/bcprov-jdk16/1.46/jar
HADOOP-15832 added the bcpkix artifact (we used to only have the bcprov
artifact) and maybe that's what triggered this? It looks like it's only
complaining about that artifact.
As [[email protected]] said, the license, which applies to both artifacts, is
mentioned in the NOTICE.txt.
And as for ASF compatibility, the Bouncy Castle License is identical to the MIT
license (not sure why they didn't just use MIT), so it should be fine.
https://www.bouncycastle.org/licence.html
https://opensource.org/licenses/MIT
> Add Bouncy Castle License
> -------------------------
>
> Key: HADOOP-15874
> URL: https://issues.apache.org/jira/browse/HADOOP-15874
> Project: Hadoop Common
> Issue Type: Bug
> Reporter: Wei-Chiu Chuang
> Priority: Blocker
>
> Compiling HBase against Hadoop trunk tells me Bouncy Castle license is used.
> {quote}
> This product includes Bouncy Castle PKIX, CMS, EAC, TSP, PKCS, OCSP, CMP, and
> CRMF APIs licensed under the Bouncy Castle Licence.
> ERROR: Please check ^^^^^^^^^^^^ this License for acceptability here:
> https://www.apache.org/legal/resolved
> If it is okay, then update the list named 'non_aggregate_fine' in the
> LICENSE.vm file.
> If it isn't okay, then revert the change that added the dependency.
> More info on the dependency:
> <groupId>org.bouncycastle</groupId>
> <artifactId>bcpkix-jdk15on</artifactId>
> <version>1.60</version>
> maven central search
> g:org.bouncycastle AND a:bcpkix-jdk15on AND v:1.60
> project website
> http://www.bouncycastle.org/java.html
> project source
> https://github.com/bcgit/bc-java
> {quote}
> According to the project website, Bouncy Castle License is the same as MIT
> license.
> https://www.bouncycastle.org/licence.html
> {quote}
> Please note this should be read in the same way as the MIT license.
> {quote}
> Shall we seek Apache Software Foundation's legal advice? Per ASF legal,
> Bouncy Castle is not listed as an includable license:
> https://www.apache.org/legal/resolved#category-a
> Not sure why it only surfaced in Hadoop trunk (aka branch 3.3) since Bouncy
> Castle was included long time ago. Maybe a recent change made by [~rkanter]
> in YARN-8857 updated the version and changed the license?
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
