[jira] [Commented] (RYA-372) Replace org.json:json library with a compatibly licensed alternative

[ASF GitHub Bot (JIRA)]

    [ 
https://issues.apache.org/jira/browse/RYA-372?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16170468#comment-16170468
 ] 

ASF GitHub Bot commented on RYA-372:
------------------------------------

Github user jdasch commented on a diff in the pull request:

    https://github.com/apache/incubator-rya/pull/227#discussion_r139505373
  
    --- Diff: extras/rya.giraph/pom.xml ---
    @@ -35,6 +35,13 @@ under the License.
                 <groupId>org.apache.giraph</groupId>
                 <artifactId>giraph-core</artifactId>
                 <version>1.2.0</version>
    +            <exclusions>
    +                   <!-- exclude for incompatible license -->
    +                <exclusion>
    +                    <artifactId>json</artifactId>
    +                    <groupId>org.json</groupId>
    +                </exclusion>
    +            </exclusions>
    --- End diff --
    
    This change should be sufficient:
    ```
        <dependencies>
    <!--         
            Uncomment the following drop-in replacement if the exclusion
            of the dependency org.json:json causes issues at runtime.
            <dependency>
                <groupId>com.tdunning</groupId>
                <artifactId>json</artifactId>
                <version>1.8</version>
                <scope>runtime</scope>
            </dependency>
     -->       
            <dependency>
                <groupId>org.apache.giraph</groupId>
                <artifactId>giraph-core</artifactId>
                <version>1.2.0</version>
                <exclusions>
                    <!-- org.json:json excluded for incompatible license -->
                    <exclusion>
                        <groupId>org.json</groupId>
                        <artifactId>json</artifactId>
                    </exclusion>
                </exclusions>
            </dependency>
            <dependency>
                <groupId>org.apache.giraph</groupId>
                <artifactId>giraph-accumulo</artifactId>
                <version>1.2.0</version>
                <exclusions>
                    <!-- org.json:json excluded for incompatible license -->
                    <exclusion>
                        <groupId>org.json</groupId>
                        <artifactId>json</artifactId>
                    </exclusion>
                </exclusions>
            </dependency>
    ```


> Replace org.json:json library with a compatibly licensed alternative
> --------------------------------------------------------------------
>
>                 Key: RYA-372
>                 URL: https://issues.apache.org/jira/browse/RYA-372
>             Project: Rya
>          Issue Type: Task
>    Affects Versions: 3.2.10
>            Reporter: David W. Lotts
>            Assignee: David W. Lotts
>            Priority: Minor
>             Fix For: 3.2.12
>
>
> the JSON library that we use is not compatible and should be replaced.
> As of 2016-11-03 this has been moved to the 'Category X' license list
> "The Software shall be used for Good, not Evil."  from 
> http://www.json.org/license.html 
> Consider replacing with this drop in replacement:
> https://mvnrepository.com/artifact/com.tdunning/json
> from: https://stackoverflow.com/questions/10396176/org-json-jar-provisioning
> other alternatives:
> https://wiki.debian.org/qa.debian.org/jsonevil
>   (provided without support or warranty) JSON (JavaScript Object Notation) 
> (org.json:json:20090211 - http://www.json.org/java/index.html)
> See 36 other apache projects that have done this:
> https://issues.apache.org/jira/issues/?jql=text%20~%20%22JSON%20EVIL%22



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)