[
https://issues.apache.org/jira/browse/HBASE-12894?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15691286#comment-15691286
]
Sean Busbey commented on HBASE-12894:
-------------------------------------
Unfortunately, it's a judgement call. I generally don't trust POMs in maven
central (especially when you're talking a license from an inherited parent pom
section).
# If there's license information in the actual JAR artifact, that should
probably be used
# If none from above, but there's license information in the source code
repository, that should probably be used
# if none from above, but there's license information on individual source
files, that should probably be used (hopefully they agree?)
# If none from above, but there's a project page with license info, that should
probably be used. I'd favor project created website info over
project-aggregator information. In your hk2 example above, that means I'd favor
the license from hk2.java.net over the one java.net project description.
# If none from above, but there's license information in maven metadata, that
should be used. Naturally with immediate pom entries carrying more weight than
those from parent poms.
When these things disagree, it's a good idea for us to document that they
disagree in the comments for our supplemental-info file and file issues with
the source project to fix their ambiguity.
When these things disagree too much, we should probably jettison the dependency
until the source project fixes things. (an example would be if one of the
sources of information claims that only a category-x license is allowed.)
> Upgrade Jetty to 9.2.6
> ----------------------
>
> Key: HBASE-12894
> URL: https://issues.apache.org/jira/browse/HBASE-12894
> Project: HBase
> Issue Type: Improvement
> Components: REST, UI
> Affects Versions: 0.98.0
> Reporter: Rick Hallihan
> Assignee: Guang Yang
> Priority: Critical
> Labels: MicrosoftSupport
> Fix For: 2.0.0
>
> Attachments: HBASE-12894_Jetty9_v0.patch,
> HBASE-12894_Jetty9_v1.patch, HBASE-12894_Jetty9_v1.patch,
> HBASE-12894_Jetty9_v2.patch, HBASE-12894_Jetty9_v3.patch,
> HBASE-12894_Jetty9_v4.patch, HBASE-12894_Jetty9_v5.patch,
> HBASE-12894_Jetty9_v6.patch, HBASE-12894_Jetty9_v7.patch,
> HBASE-12894_Jetty9_v8.patch, dependency_list_after, dependency_list_before
>
>
> The Jetty component that is used for the HBase Stargate REST endpoint is
> version 6.1.26 and is fairly outdated. We recently had a customer inquire
> about enabling cross-origin resource sharing (CORS) for the REST endpoint and
> found that this older version does not include the necessary filter or
> configuration options, highlighted at:
> http://wiki.eclipse.org/Jetty/Feature/Cross_Origin_Filter
> The Jetty project has had significant updates through versions 7, 8 and 9,
> including a transition to be an Eclipse subproject, so updating to the latest
> version may be non-trivial. The last update to the Jetty component in
> https://issues.apache.org/jira/browse/HBASE-3377 was a minor version update
> and did not require significant work. This update will include a package
> namespace update so there will likely be a larger number of required changes.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
