[
https://issues.apache.org/jira/browse/HADOOP-18086?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17479260#comment-17479260
]
Akira Ajisaka commented on HADOOP-18086:
----------------------------------------
checker-qual become MIT license since 3.0.0 release according to the commit:
[https://github.com/typetools/checker-framework/commit/e0538bfe10d2105fcd881a18694edf638f038cab]
hadoop-thirdparty 1.1.1 contains checker-qual 3.8.0, so it is not a problem.
{code:java}
[INFO] --- maven-dependency-plugin:3.0.2:tree (default-cli) @
hadoop-shaded-guava ---
[INFO] org.apache.hadoop.thirdparty:hadoop-shaded-guava:jar:1.1.1
[INFO] \- com.google.guava:guava:jar:30.1.1-jre:compile
[INFO] +- com.google.guava:failureaccess:jar:1.0.1:compile
[INFO] +-
com.google.guava:listenablefuture:jar:9999.0-empty-to-avoid-conflict-with-guava:compile
[INFO] +- com.google.code.findbugs:jsr305:jar:3.0.2:compile
[INFO] +- org.checkerframework:checker-qual:jar:3.8.0:compile
[INFO] +- com.google.errorprone:error_prone_annotations:jar:2.5.1:compile
[INFO] \- com.google.j2objc:j2objc-annotations:jar:1.3:compile {code}
> Remove org.checkerframework.dataflow from hadoop-shaded-guava artifact (GNU
> GPLv2 license)
> ------------------------------------------------------------------------------------------
>
> Key: HADOOP-18086
> URL: https://issues.apache.org/jira/browse/HADOOP-18086
> Project: Hadoop Common
> Issue Type: Bug
> Components: build
> Reporter: László Bodor
> Priority: Major
>
> Please refer to TEZ-4378 for further details:
> {code}
> jar tf
> ./hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-applications-catalog/hadoop-yarn-applications-catalog-webapp/target/app/WEB-INF/lib/hadoop-shaded-guava-1.1.1.jar
> | grep "dataflow"
> org/apache/hadoop/thirdparty/org/checkerframework/dataflow/
> org/apache/hadoop/thirdparty/org/checkerframework/dataflow/qual/
> org/apache/hadoop/thirdparty/org/checkerframework/dataflow/qual/Deterministic.class
> org/apache/hadoop/thirdparty/org/checkerframework/dataflow/qual/Pure$Kind.class
> org/apache/hadoop/thirdparty/org/checkerframework/dataflow/qual/Pure.class
> org/apache/hadoop/thirdparty/org/checkerframework/dataflow/qual/SideEffectFree.class
> org/apache/hadoop/thirdparty/org/checkerframework/dataflow/qual/TerminatesExecution.class
> {code}
> I can see that checker-qual LICENSE.txt was removed in the scope of
> HADOOP-17648, but it has nothing to do with the license itself, only for
> [resolving a shading
> error|https://github.com/apache/hadoop-thirdparty/pull/9#issuecomment-822398949]
> my understanding is that in the current way an Apache licensed package (guava
> shaded jar) will contain a GPLv2 licensed software, which makes it a subject
> of GPLv2, also triggers license violations in security tools (like BlackDuck)
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
