As I sent in the separate email about https://github.com/apache/beam/pull/14833, now the Beam's master branch depends on the newer version of the vendored gRPC, which does not include the problematic jboss artifacts.
On Tue, May 11, 2021 at 12:39 PM Kenneth Knowles <[email protected]> wrote: > +1 > > It seems we are pretty close on the upgrade. The same tricky problem as > before, but it seems to be narrowed down. > > Kenn > > On Mon, May 10, 2021 at 8:26 AM Jean-Baptiste Onofre <[email protected]> > wrote: > >> +1 fully agree. >> >> Regards >> JB >> >> Le 10 mai 2021 à 16:02, Jan Lukavský <[email protected]> a écrit : >> >> +1 for blocking the release - I think we should not release something >> about which we _know_ that it might be legally problematic. And we should >> definitely create a check in the build process that will warn about such >> issues in the future. >> >> Jan >> On 5/10/21 3:44 PM, Ismaël Mejía wrote: >> >> Tomo just confirmed in the ticket that if we update the gRPC vendored >> version we won't need the JBoss dependency anymore so we should be good to >> go with the upgrade. The open question is if this should be blocking for >> the upcoming Beam 2.31.0 release or we can fix it afterwards. >> >> >> On Mon, May 10, 2021 at 2:46 PM Ismaël Mejía <[email protected]> wrote: >> >>> We have been discussing about updating the vendored dependency in >>> BEAM-11227 <https://issues.apache.org/jira/browse/BEAM-11227>, if I >>> remember correctly the newer version of gRPC does not require the jboss >>> dependency, so probably is the best upgrade path, can you confirm Tomo >>> Suzuki >>> <https://issues.apache.org/jira/secure/ViewProfile.jspa?name=suztomo> ? >>> >>> On Mon, May 10, 2021 at 2:33 PM Jarek Potiuk <[email protected]> wrote: >>> >>>> Also we have very similar discussion about it in >>>> https://issues.apache.org/jira/browse/LEGAL-572 >>>> Just to be clear about the context of it, it's not a legal requirement >>>> of Apache Licence, it's Apache Software Foundation policy, that we should >>>> not limit our users in using our software. If the LGPL dependency is >>>> "optional", it's fine to add such optional dependency. If it is "required" >>>> to run your software, then it is not allowed as it limits the users of ASF >>>> software in further redistributing the software in the way they want (this >>>> is at least my understanding of it). >>>> >>>> On Mon, May 10, 2021 at 12:58 PM JB Onofré <[email protected]> wrote: >>>> >>>>> Hi >>>>> >>>>> You can take a look on >>>>> >>>>> https://www.apache.org/legal/resolved.html >>>>> >>>>> Regards >>>>> JB >>>>> >>>>> Le 10 mai 2021 à 12:56, Elliotte Rusty Harold <[email protected]> a >>>>> écrit : >>>>> >>>>> Anyone have a link to the official Apache policy about this? Thanks. >>>>> >>>>> On Mon, May 10, 2021 at 10:07 AM Jan Lukavský <[email protected]> wrote: >>>>> >>>>> >>>>> Hi, >>>>> >>>>> >>>>> we are bundling dependencies with LGPL-2.1, according to license header >>>>> >>>>> in META-INF/maven/org.jboss.modules/jboss-modules/pom.xml. I think is >>>>> >>>>> might be an issue, already reported here: [1]. I created [2] to track >>>>> it >>>>> >>>>> on our side. >>>>> >>>>> >>>>> Jan >>>>> >>>>> >>>>> [1] https://issues.apache.org/jira/browse/FLINK-22555 >>>>> >>>>> >>>>> [2] https://issues.apache.org/jira/browse/BEAM-12316 >>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Elliotte Rusty Harold >>>>> [email protected] >>>>> >>>>> >>>> >>>> -- >>>> +48 660 796 129 <+48%20660%20796%20129> >>>> >>> >> -- Regards, Tomo
