On 2016-11-28 11:36, Michael Dürig wrote:
Hi,
The JSON License has recently been moved to the list of licenses not
allowed to be included in Apache products (Category X) [1, 2].
For the Jackrabbit PMC this means that we have to remove all
dependencies to org.json:json within the grace period, which ends April
30th 2017. This affects all our products and branches we still do
release from, namely Jackrabbit 2, Jackrabbit Oak, FileVault. A quick
check on trunk revealed dependencies from Jackrabbit Oak oak-remote and
Jackrabbit 2 jcr-commons. FileVault doesn't seem to be affected. Didn't
check the branches.
I suggest to open respective blocker issues for all our products and
versions to ensure no JSON dependency slips into a release after April
30th 2017. WDYT?
Michael
Awesome. Well, if we have to do it, we have to do it.
In the meantime, it seems, that we need to warn our users, as per:
"Also please note that in the 2nd situation (where a temporary
exclusion has been granted), you MUST ensure that NOTICE explicitly
notifies the end-user that a JSON licensed artifact exists. They
may not be aware of it up to now, and that MUST be addressed." --
<http://mail-archives.apache.org/mod_mbox/www-legal-discuss/201611.mbox/%3C0CE2E8C9-D9B7-404D-93EF-A1F8B07189BF%40apache.org%3E>
...and that applies to releases we do before April, as well, right?
Best regards, Julian
