+1 to bock a release because of this. Agree with Jan’s arguments.

—
Alexey

> On 10 May 2021, at 16:02, Jan Lukavský <je...@seznam.cz> wrote:
> 
> +1 for blocking the release - I think we should not release something about 
> which we _know_ that it might be legally problematic. And we should 
> definitely create a check in the build process that will warn about such 
> issues in the future.
> 
>  Jan
> 
> On 5/10/21 3:44 PM, Ismaël Mejía wrote:
>> Tomo just confirmed in the ticket that if we update the gRPC vendored 
>> version we won't need the JBoss dependency anymore so we should be good to 
>> go with the upgrade. The open question is if this should be blocking for the 
>> upcoming Beam 2.31.0 release or we can fix it afterwards.
>> 
>> 
>> On Mon, May 10, 2021 at 2:46 PM Ismaël Mejía <ieme...@gmail.com 
>> <mailto:ieme...@gmail.com>> wrote:
>> We have been discussing about updating the vendored dependency in BEAM-11227 
>> <https://issues.apache.org/jira/browse/BEAM-11227>, if I remember correctly 
>> the newer version of gRPC does not require the jboss dependency, so probably 
>> is the best upgrade path, can you confirm Tomo Suzuki 
>> <https://issues.apache.org/jira/secure/ViewProfile.jspa?name=suztomo> ?
>> 
>> On Mon, May 10, 2021 at 2:33 PM Jarek Potiuk <ja...@potiuk.com 
>> <mailto:ja...@potiuk.com>> wrote:
>> Also we have very similar discussion about it in 
>> https://issues.apache.org/jira/browse/LEGAL-572 
>> <https://issues.apache.org/jira/browse/LEGAL-572> 
>> Just to be clear about the context of it, it's not a legal requirement of 
>> Apache Licence, it's Apache Software Foundation policy, that we should not 
>> limit our users in using our software. If the LGPL dependency is "optional", 
>> it's fine to add such optional dependency. If it is "required" to run your 
>> software, then it is not allowed as it limits the users of ASF software in 
>> further redistributing the software in the way they want (this is at least 
>> my understanding of it). 
>> 
>> On Mon, May 10, 2021 at 12:58 PM JB Onofré <j...@nanthrax.net 
>> <mailto:j...@nanthrax.net>> wrote:
>> Hi
>> 
>> You can take a look on
>> 
>> https://www.apache.org/legal/resolved.html 
>> <https://www.apache.org/legal/resolved.html>
>> 
>> Regards 
>> JB
>> 
>>> Le 10 mai 2021 à 12:56, Elliotte Rusty Harold <elh...@ibiblio.org 
>>> <mailto:elh...@ibiblio.org>> a écrit :
>>> 
>>> Anyone have a link to the official Apache policy about this? Thanks.
>>> 
>>> On Mon, May 10, 2021 at 10:07 AM Jan Lukavský <je...@seznam.cz 
>>> <mailto:je...@seznam.cz>> wrote:
>>>> 
>>>> Hi,
>>>> 
>>>> we are bundling dependencies with LGPL-2.1, according to license header
>>>> in META-INF/maven/org.jboss.modules/jboss-modules/pom.xml. I think is
>>>> might be an issue, already reported here: [1]. I created [2] to track it
>>>> on our side.
>>>> 
>>>>  Jan
>>>> 
>>>> [1] https://issues.apache.org/jira/browse/FLINK-22555 
>>>> <https://issues.apache.org/jira/browse/FLINK-22555>
>>>> 
>>>> [2] https://issues.apache.org/jira/browse/BEAM-12316 
>>>> <https://issues.apache.org/jira/browse/BEAM-12316>
>>>> 
>>> 
>>> 
>>> -- 
>>> Elliotte Rusty Harold
>>> elh...@ibiblio.org <mailto:elh...@ibiblio.org>
>> 
>> 
>> -- 
>> +48 660 796 129

Reply via email to