+1 to bock a release because of this. Agree with Jan’s arguments. — Alexey
> On 10 May 2021, at 16:02, Jan Lukavský <je...@seznam.cz> wrote: > > +1 for blocking the release - I think we should not release something about > which we _know_ that it might be legally problematic. And we should > definitely create a check in the build process that will warn about such > issues in the future. > > Jan > > On 5/10/21 3:44 PM, Ismaël Mejía wrote: >> Tomo just confirmed in the ticket that if we update the gRPC vendored >> version we won't need the JBoss dependency anymore so we should be good to >> go with the upgrade. The open question is if this should be blocking for the >> upcoming Beam 2.31.0 release or we can fix it afterwards. >> >> >> On Mon, May 10, 2021 at 2:46 PM Ismaël Mejía <ieme...@gmail.com >> <mailto:ieme...@gmail.com>> wrote: >> We have been discussing about updating the vendored dependency in BEAM-11227 >> <https://issues.apache.org/jira/browse/BEAM-11227>, if I remember correctly >> the newer version of gRPC does not require the jboss dependency, so probably >> is the best upgrade path, can you confirm Tomo Suzuki >> <https://issues.apache.org/jira/secure/ViewProfile.jspa?name=suztomo> ? >> >> On Mon, May 10, 2021 at 2:33 PM Jarek Potiuk <ja...@potiuk.com >> <mailto:ja...@potiuk.com>> wrote: >> Also we have very similar discussion about it in >> https://issues.apache.org/jira/browse/LEGAL-572 >> <https://issues.apache.org/jira/browse/LEGAL-572> >> Just to be clear about the context of it, it's not a legal requirement of >> Apache Licence, it's Apache Software Foundation policy, that we should not >> limit our users in using our software. If the LGPL dependency is "optional", >> it's fine to add such optional dependency. If it is "required" to run your >> software, then it is not allowed as it limits the users of ASF software in >> further redistributing the software in the way they want (this is at least >> my understanding of it). >> >> On Mon, May 10, 2021 at 12:58 PM JB Onofré <j...@nanthrax.net >> <mailto:j...@nanthrax.net>> wrote: >> Hi >> >> You can take a look on >> >> https://www.apache.org/legal/resolved.html >> <https://www.apache.org/legal/resolved.html> >> >> Regards >> JB >> >>> Le 10 mai 2021 à 12:56, Elliotte Rusty Harold <elh...@ibiblio.org >>> <mailto:elh...@ibiblio.org>> a écrit : >>> >>> Anyone have a link to the official Apache policy about this? Thanks. >>> >>> On Mon, May 10, 2021 at 10:07 AM Jan Lukavský <je...@seznam.cz >>> <mailto:je...@seznam.cz>> wrote: >>>> >>>> Hi, >>>> >>>> we are bundling dependencies with LGPL-2.1, according to license header >>>> in META-INF/maven/org.jboss.modules/jboss-modules/pom.xml. I think is >>>> might be an issue, already reported here: [1]. I created [2] to track it >>>> on our side. >>>> >>>> Jan >>>> >>>> [1] https://issues.apache.org/jira/browse/FLINK-22555 >>>> <https://issues.apache.org/jira/browse/FLINK-22555> >>>> >>>> [2] https://issues.apache.org/jira/browse/BEAM-12316 >>>> <https://issues.apache.org/jira/browse/BEAM-12316> >>>> >>> >>> >>> -- >>> Elliotte Rusty Harold >>> elh...@ibiblio.org <mailto:elh...@ibiblio.org> >> >> >> -- >> +48 660 796 129