
On Mon, Jan 17, 2022 at 1:18 PM Justin Mclean <jus...@classsoftware.com>

> Hi,
> > Some source code files are cherry picked from that 'mxparser' library and
> > redistributed, both in Source and Binary forms, as part of that 'stax'
> > library.
> Which may be fine it just depends on the license of each file in question.
> Knowing where they are originally from is nice but not always needed.

I've seen that that legal JIRA [1] has been closed concluding that the
"Indiana University Extreme! Lab Software" license is category A ? Cool!

> > I am trying to reach out for this developer on LinkedIn.
> Which is good approach to take.

Tatu accepted my LinkedIn connection request which allowed me to see his
contact email. Did email him and here is his response:

>>> START <<<

> Hi Tatu,

Hi there!

> 1st of all thanks for accepting my connection request on LinkedIn.
> My name is Mohammad Noureldin, and I am a member of the Apache Software
> Foundation (ASF) [1] and it's Apache Incubator [2] community.
> We need your help shedding some lights on the license of a couple of
> source code files you've contributed to as part of the Stax library version
> 1.2.0 [3].
> I am referring to these specific 2 files:
> - com/bea/xml/stream/events/NotationDeclarationEvent.java
> - com/bea/xml/stream/events/EntityDeclarationEvent.java

Interesting. I never worked for BEA and do not recall their asking for
inclusion permissions.
(I would not have minded and would have given permission just fine -- I
just do not remember being asked)

I assume these must have come from the Woodstox library by copy-paste.
Woodstox is licensed under Apache License 2.0, and so should the
contributions be.

> Where we found these headers on both of them:
> /**
>  * Simple implementation of {@link NotationDeclaration}.
>  *
>  * @author Tatu Saloranta
>  */
> /**
>  * Simple implementation of {@link EntityDeclaration}. Since no external
>  * or unparsed entities are supported (yet?), this is quite simplistic
>  * implementation.
>  *
>  * @author Tatu Saloranta
>  */
> Knowing under which license your contributions were made will help us
> deciding on a release of one of our Incubator Projects [4], namely the
> Apache Datalab [5].
> The main issue arises from that we are not able to find under which
> license the whole library [3] is released. If you can shed some light on
> that as well, that would be great!
> Looking forward to your reply
> [1] https://www.apache.org
> [2] https://incubator.apache.org
> [3] https://repo1.maven.org/maven2/stax/stax/1.2.0/
> [4] https://lists.apache.org/thread/p755rqsttwjgk650xsoftotcwbm47omp
> [5] https://datalab.apache.org
> --
> Thanks
> - Mohammad Noureldin

Ok. So, contributions would have been made under Apache License 2.0.

Given that Stax API has been part of JDK since Java 6, it would probably
make sense to drop dependency to `stax-1.2.0`, however. Stax implementation
included therein is ancient and buggy, but might be used instead of
JDK-provided one. :)

I hope this helps,

-+ Tatu +-

>>> END <<<

I believe this concludes the questions over the license of Stax 1.2.0 ?
That at least all of the code of concern included is of Category A.

But question, given all the details we have now, can we safely say that
Stax 1.2.0 is AL v2.0 licensed ?

And a question to the Apache Datalab project community, is it possible in
future releases to look into getting rid of that outdated/old (transitive)
dependency ?

> Kind Regards,
> Justin
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
> For additional commands, e-mail: general-h...@incubator.apache.org
[1] https://issues.apache.org/jira/browse/LEGAL-592

- Mohammad Noureldin
"Life is like riding a bicycle. To keep your balance you must keep moving"
- Albert Einstein

Reply via email to