joewitt commented on pull request #4242: URL: https://github.com/apache/nifi/pull/4242#issuecomment-623581676
The library h2o-3 using ALv2 is a good start. But if we do end up including that with NiFi we need to concern ourselves with the License and Notice considerations of how it is included in *any* form. For instance we need to understand the difference between a source dependency and binary dependencies. Our source is the 'thing we vote on and officially release'. It is java class files and text files and poms/etc... It is not jars and so on. Jars are part of the binary dependencies and this we do also share in the form of a convenience binary. This is the tar.gz which people can download and untar/copmress and run nifi with. We must adhere to ASF requirements for the types of open source licenses which are allowed. So again in h2o-3 case we aren't apparently planning to pull in source so no problem. But lets say we're going to pull in h2o-3.jar. That must be ALv2 or an otherwise Category A or Category-B item. However, we need to ensure grabbing h2o-3.jar doesn't also cause us to pull 'problematic-licensed-dependency.jar' too. We have to check *every* single jar/etc.. it is a lot of work to get right and important that we do. So just keep that in mind for any subsequent PRs. Thanks ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
