FYI: the json.org library for parsing and generating JSON documents is now category X, which means it is prohibited from being included in Apache releases.
As far as I know we are not exposed, but we should be diligent and make note of this and replace if we do have a (transitive) dependency. The issue is the "don't use this for evil" clause, that makes it hard to get past legal departments without any issue. The license is also not approved by the OSI, and therefore moved to the category X. Martijn ---------- Forwarded message ---------- From: Jim Jagielski <[email protected]> Date: Wed, Nov 23, 2016 at 3:08 PM Subject: JSON License and Apache Projects To: [email protected] As some of you may know, recently the JSON License has been moved to Category X (https://www.apache.org/legal/resolved#category-x). I understand that this has impacted some projects, especially those in the midst of doing a release. I also understand that up until now, really, there has been no real "outcry" over our usage of it, especially from end-users and other consumers of our projects which use it. As compelling as that is, the fact is that the JSON license itself is not OSI approved and is therefore not, by definition, an "Open Source license" and, as such, cannot be considered as one which is acceptable as related to categories. Therefore, w/ my VP Legal hat on, I am making the following statements: o No new project, sub-project or codebase, which has not used JSON licensed jars (or similar), are allowed to use them. In other words, if you haven't been using them, you aren't allowed to start. It is Cat-X. o If you have been using it, and have done so in a *release*, AND there has been NO pushback from your community/eco-system, you have a temporary exclusion from the Cat-X classification thru April 30, 2017. At that point in time, ANY and ALL usage of these JSON licensed artifacts are DISALLOWED. You must either find a suitably licensed replacement, or do without. There will be NO exceptions. o Any situation not covered by the above is an implicit DISALLOWAL of usage. Also please note that in the 2nd situation (where a temporary exclusion has been granted), you MUST ensure that NOTICE explicitly notifies the end-user that a JSON licensed artifact exists. They may not be aware of it up to now, and that MUST be addressed. If there are any questions, please ask on the [email protected] list. -- Jim Jagielski VP Legal Affairs --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
