[
https://issues.apache.org/jira/browse/TEZ-4378?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
László Bodor resolved TEZ-4378.
-------------------------------
Fix Version/s: 0.10.3
Resolution: Resolved
> tez-dist: org.checkerframework.dataflow is included with GNU GPLv2 license
> --------------------------------------------------------------------------
>
> Key: TEZ-4378
> URL: https://issues.apache.org/jira/browse/TEZ-4378
> Project: Apache Tez
> Issue Type: Bug
> Reporter: László Bodor
> Assignee: László Bodor
> Priority: Major
> Fix For: 0.10.3
>
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> dataflow license is GNU GPL2:
> https://mvnrepository.com/artifact/org.checkerframework/dataflow
> Apache vs GNU GPL: according to this
> [source|https://www.whitesourcesoftware.com/resources/blog/top-10-apache-license-questions-answered/]
> {code}
> 4. What is the difference between the Apache License 2.0 and the GNU GPL?
> The GNU GPL is a copyleft license. So software that uses any GPL-licensed
> component has to release its full source code and all rights to modify and
> distribute the entire code. The Apache License 2.0 doesn’t impose any such
> terms. You’re not forced to release your modified version. Besides, you can
> choose to release your modified version under a different license (however,
> you’re required to retain the Apache License for the unmodified parts of the
> code).
> 5. Is the Apache License compatible with the GNU GPL?
> Apache License 2.0 is compatible with GPLv3, so you can freely mix the code
> that’s released under these two licenses. The resulting software, however,
> must be released under GPLv3.
> However, the Apache License 2.0 in incompatible with GPLv2 due to the
> restriction that terminates the grant of patent rights if the license sues
> over patent infringement. Previous Apache versions, being heavily based on
> the BSD license, are compatible.
> {code}
> in the current state, dataflow is included in the tez dist package, which
> makes anyone using tez need to comply with GPL license
> {code}
> grep -iRH "org.checkerframework.dataflow" --include="*.jar"
> ggrep:
> tez-plugins/tez-yarn-timeline-cache-plugin/target/tez-yarn-timeline-cache-plugin-0.10.2-SNAPSHOT-jar-with-dependencies.jar:
> binary file matches
> ggrep:
> tez-plugins/tez-history-parser/target/tez-history-parser-0.10.2-SNAPSHOT-jar-with-dependencies.jar:
> binary file matches
> ggrep: tez-dist/target/tez-0.10.2-SNAPSHOT/lib/checker-qual-2.5.2.jar: binary
> file matches
> ggrep: tez-dist/target/tez-0.10.2-SNAPSHOT/lib/hadoop-shaded-guava-1.1.1.jar:
> binary file matches
> {code}
> if I look at the checker-qual jar for example:
> {code}
> jar -tf tez-dist/target/tez-0.10.2-SNAPSHOT/lib/checker-qual-2.5.2.jar | grep
> dataflow
> org/checkerframework/dataflow/
> org/checkerframework/dataflow/qual/
> org/checkerframework/dataflow/qual/Pure$Kind.class
> org/checkerframework/dataflow/qual/TerminatesExecution.class
> org/checkerframework/dataflow/qual/SideEffectFree.class
> org/checkerframework/dataflow/qual/Pure.class
> org/checkerframework/dataflow/qual/Deterministic.class
> {code}
> the problem is that's dangerous to remove hadoop-shaded-guava alltogether
> from the distribution as other hadoop jars will directly depend on them
> without a hadoop solution, we should try to manually remove the problematic
> package from hadoop-shaded-guava.jar and every other
> *jar-with-dependencies.jar that was built by tez
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
