On Fri, 2016-10-28 at 08:08 +0000, Felix Meschberger wrote: > Hi all > > Over at legal-discuss there is a discussion of whether the json.org > library with the amended MIT license (remember the „use for good not > evil“ clause ?) should be „banned“ by reconsidering the „A“ rating of > this license (assuming the clause is just a joke) and turning it into > an „X“ rating (don’t use based on Debian’s and other’s > considerations: > > https://wiki.debian.org/qa.debian.org/jsonevil > https://www.cnet.com/news/dont-be-evil-google-spurns-no-evil-software > / > > It is not decided yet. But we should probably be prepared.
We reference org.json in too many bundles bundles, a quick grep revelead: - bundles/commons/log-webconsole - bundles/commons/metrics - contrib/extensions/slf4j-mdc - launchpad/builder ( SmokeIT ) - tooling/ide So the effort would not be too great. I guess each of these can get blocker issues for the next release, so we don't forget to remove the dependency when releasing. More problematic however is the bundles/common/json situation, where we include the source of some of the json.org classes, which all include the provision "The Software shall be used for Good, not Evil." . I am not sure what we need to do about that, if anything. > Plenty of alternatives exist: Jackson, GSon, and IMHO quite > interesting javax.json (https://json-processing-spec.java.net/) with > a RI from glassfish (https://jsonp.java.net/). For the sake of being complete, there's also http://johnzon.apache.org/ which implements JSR-353 ( JSON processing 1.0 ) and also targets JSR- 374 ( JSON processing 1.1, which is due to be released in Q3 2016 ). "Someone" will have to take a look at the libraries and suggest a replacement though, there's no point in deploying multiple libraries for the same thing. > Assuming we would have to change things, I suggest we reimplement the > API of our refactoring of the json.org library with javax.json. We > could use the RI form glassfish (which is OSGi-ready and includes the > API) or implement our own version. +1 But I rather hope that the legal situation is cleared up and we don't need to do anything about it. Robert > > WDYT ? > > Regards > Felix
