Sorry for the spam, just wanted to note that this dependency was added by Steve in SOLR-6130 to resolve improper Tika 1.4->1.5 upgrade.
The core issue lies with Tika IMO (they shouldn't rely on LGPL code too I believe), but I am not sure if it's OK that we distribute this .jar ourselves. Shai On Fri, Mar 20, 2015 at 7:17 AM, Shai Erera <[email protected]> wrote: > One update, I did find this dependency is explicitly set in > solr/contrib/extraction/ivy.xml, under the Tika dependencies section: > > <!-- Tika dependencies - see > http://tika.apache.org/1.3/gettingstarted.html#Using_Tika_as_a_Maven_dependency > --> > <!-- When upgrading Tika, upgrade dependencies versions and add any > new ones > (except slf4j-api, commons-codec, commons-logging, > commons-httpclient, geronimo-stax-api_1.0_spec, jcip-annotations, xml-apis, > asm) > WARNING: Don't add netcdf / unidataCommon (partially LGPL code) > --> > ... > <dependency org="com.uwyn" name="jhighlight" > rev="${/com.uwyn/jhighlight}" conf="compile"/> > > So it does seem like needed by Tika only and I guess it's a runtime > dependency, so if we don't want to release this LGPL library, we can omit > it and put a section in the NOTICE file? > > Shai > > On Fri, Mar 20, 2015 at 7:11 AM, Shai Erera <[email protected]> wrote: > >> Hi >> >> Solr's contrib/extraction contains jhighlight-1.0.jar which declares >> itself as dual CDDL or LGPL license. However, some of its classes are >> distributed only under LGPL, e.g. >> >> com.uwyn.jhighlight.highlighter. >> CppHighlighter.java >> GroovyHighlighter.java >> JavaHighlighter.java >> XmlHighlighter.java >> >> I downloaded the sources from Maven ( >> http://search.maven.org/remotecontent?filepath=com/uwyn/jhighlight/1.0/jhighlight-1.0-sources.jar) >> to confirm that, and also found this SVN repo: >> http://svn.rifers.org/jhighlight/tags/release-1.0, though the project's >> website seems to not exist anymore (https://jhighlight.dev.java.net/). >> >> I didn't find any direct usage of it in our code, so I guess it's >> probably needed by a 3rd party dependency, such as Tika. Therefore if we >> e.g. omit it, things will compile, but may fail at runtime. >> >> Is it OK that we distribute this .jar? >> >> Shai >> > >
