[
https://issues.apache.org/jira/browse/AMQ-3491?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13152910#comment-13152910
]
Michael Hayes edited comment on AMQ-3491 at 11/18/11 2:54 PM:
--------------------------------------------------------------
Additional info. indicating that jaffl and jffi later versions are now Apache
V2-licensed, and that jnr-posix is triple-licensed. Details below.
The two main FOSSes of concern are the LGPL licensed jaffl and jffi in the
Camel Web Console component.
jaffl 0.5.1 has the LGPLv3 license for the included version:
http://mvnrepository.com/artifact/org.jruby.extras/jaffl/0.5.1
The latest jaffl 0.5.11
http://mvnrepository.com/artifact/org.jruby.extras/jaffl/0.5.11 is Apache v2
licensed, and it has been so since jaffl 0.5.9, see
http://mvnrepository.com/artifact/org.jruby.extras/jaffl
Jaffl depends on jffi, which WAS LGPL licensed up to 1.0.6 (version 1.0.1 is in
AMQ 5.4.1). From 1.0.7 it is Apache V2 licensed:
http://mvnrepository.com/artifact/org.jruby.extras/jffi/1.0.7
Another component of concern is mentioned: org.jruby.ext.posix:jnr-posix which
appears to be triple-licensed: CPL/GPL/LGPL and depends on multiple other
components: http://mvnrepository.com/artifact/com.github.jnr/jnr-posix/2.0. The
CPL license would be appropriate.
was (Author: hick hayes):
Additional info. indicating that jaffl and jffi later versions are now
Apache V2-licensed, and that jnr-posix is triple-licensed. Details below.
The two main FOSSes of concern are the LGPL licensed jaffl and jffi in the
Camel Web Console component.
jaffl 0.5.1 has the LGPLv3 license for the included version:
http://mvnrepository.com/artifact/org.jruby.extras/jaffl/0.5.1
The latest jaffl 0.5.11
http://mvnrepository.com/artifact/org.jruby.extras/jaffl/0.5.11 is Apache v2
licensed, and it has been so since jaffl 0.5.9, see
http://mvnrepository.com/artifact/org.jruby.extras/jaffl
Jaffl depends on jffi, which WAS LGPL licensed up to 1.0.6 (version 1.0.1 is in
AMQ 5.4.1). From 1.0.7 it is Apache V2 licensed:
http://mvnrepository.com/artifact/org.jruby.extras/jffi/1.0.7
Another component of concern is mentioned: org.jruby.ext.posix:jnr-posix which
appears to be triple-licensed: CPL/GPL/LGPL and depends on multiple other
components: http://mvnrepository.com/artifact/com.github.jnr/jnr-posix/2.0. The
CPL license would appropriate.
> Investigate and resolve LGPL dependency via camel-web
> -----------------------------------------------------
>
> Key: AMQ-3491
> URL: https://issues.apache.org/jira/browse/AMQ-3491
> Project: ActiveMQ
> Issue Type: Task
> Affects Versions: 5.4.0, 5.5.0
> Reporter: Gary Tully
> Assignee: Gary Tully
> Priority: Blocker
> Fix For: 5.4.3, 5.5.1, 5.6.0
>
>
> May be related to trimmed down distro that uses old camel web.
> see: https://issues.apache.org/jira/browse/AMQ-3329
> ActiveMQ 5.5.0's distro includes Jaffl 0.5.1 which is
> LGPL. I traced this down to the distro containing an unpacked
> camel-web 2.4.0 war, which has several org.jruby:jruby dependencies in
> it. My read is that this is a problem because of:
> http://www.apache.org/legal/resolved#category-x
> I also noted that the distro includes org.jruby.ext.posix:jnr-posix
> which may be LGPL/GPL and also org.jruby.extras:jffi:1.0.1 which
> appears to be LGPL as well.
> The following artifacts have gaffl in them:
> +---------------------+----------------------+---------+
> | groupid | artifactid | version |
> +---------------------+----------------------+---------+
> | org.apache.activemq | apache-activemq | 5.4.2 |
> | org.apache.activemq | apache-activemq | 5.4.0 |
> | org.apache.activemq | apache-activemq | 5.4.1 |
> | org.apache.activemq | apache-activemq | 5.5.0 |
> | org.apache.camel | camel-web-standalone | 2.4.0 |
> | org.apache.camel | camel-web | 2.4.0 |
> +---------------------+----------------------+---------+
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
