Re: JSON License and Apache Projects
Looking at https://github.com/apache/wicket/blob/master/wicket-core/src/main/java/org/apache/wicket/ajax/json/README The link https://github.com/douglascrockford/JSON-java redirects to https://github.com/stleary/JSON-java/ And, https://github.com/stleary/JSON-java/blob/master/LICENSE indicates that the library is JSON.org licensed. So, is our copy be affected by the new license terms? On Wed, Nov 23, 2016 at 4:43 PM, Martin Grigorov wrote: > We do not depend on it but use a copy of it: > https://github.com/apache/wicket/tree/master/wicket- > core/src/main/java/org/apache/wicket/ajax/json > > Martin Grigorov > Wicket Training and Consulting > https://twitter.com/mtgrigorov > > On Wed, Nov 23, 2016 at 4:36 PM, Martijn Dashorst > wrote: > > > FYI: the json.org library for parsing and generating JSON documents > > is now category X, which means it is prohibited from being included > > in Apache releases. > > > > As far as I know we are not exposed, but we should be diligent and > > make note of this and replace if we do have a (transitive) > > dependency. > > > > The issue is the "don't use this for evil" clause, that makes it hard to > > get past legal departments without any issue. The license is also not > > approved by the OSI, and therefore moved to the category X. > > > > Martijn > > > > > > > > -- Forwarded message -- > > From: Jim Jagielski > > Date: Wed, Nov 23, 2016 at 3:08 PM > > Subject: JSON License and Apache Projects > > To: legal-disc...@apache.org > > > > > > As some of you may know, recently the JSON License has been > > moved to Category X (https://www.apache.org/legal/resolved#category-x). > > > > I understand that this has impacted some projects, especially > > those in the midst of doing a release. I also understand that > > up until now, really, there has been no real "outcry" over our > > usage of it, especially from end-users and other consumers of > > our projects which use it. > > > > As compelling as that is, the fact is that the JSON license > > itself is not OSI approved and is therefore not, by definition, > > an "Open Source license" and, as such, cannot be considered as > > one which is acceptable as related to categories. > > > > Therefore, w/ my VP Legal hat on, I am making the following > > statements: > > > > o No new project, sub-project or codebase, which has not > > used JSON licensed jars (or similar), are allowed to use > > them. In other words, if you haven't been using them, you > > aren't allowed to start. It is Cat-X. > > > > o If you have been using it, and have done so in a *release*, > > AND there has been NO pushback from your community/eco-system, > > you have a temporary exclusion from the Cat-X classification thru > > April 30, 2017. At that point in time, ANY and ALL usage > > of these JSON licensed artifacts are DISALLOWED. You must > > either find a suitably licensed replacement, or do without. > > There will be NO exceptions. > > > > o Any situation not covered by the above is an implicit > > DISALLOWAL of usage. > > > > Also please note that in the 2nd situation (where a temporary > > exclusion has been granted), you MUST ensure that NOTICE explicitly > > notifies the end-user that a JSON licensed artifact exists. They > > may not be aware of it up to now, and that MUST be addressed. > > > > If there are any questions, please ask on the legal-discuss@a.o > > list. > > > > -- > > Jim Jagielski > > VP Legal Affairs > > > > > > - > > To unsubscribe, e-mail: legal-discuss-unsubscr...@apache.org > > For additional commands, e-mail: legal-discuss-h...@apache.org > > >
Re: JSON License and Apache Projects
We do not depend on it but use a copy of it: https://github.com/apache/wicket/tree/master/wicket-core/src/main/java/org/apache/wicket/ajax/json Martin Grigorov Wicket Training and Consulting https://twitter.com/mtgrigorov On Wed, Nov 23, 2016 at 4:36 PM, Martijn Dashorst wrote: > FYI: the json.org library for parsing and generating JSON documents > is now category X, which means it is prohibited from being included > in Apache releases. > > As far as I know we are not exposed, but we should be diligent and > make note of this and replace if we do have a (transitive) > dependency. > > The issue is the "don't use this for evil" clause, that makes it hard to > get past legal departments without any issue. The license is also not > approved by the OSI, and therefore moved to the category X. > > Martijn > > > > -- Forwarded message -- > From: Jim Jagielski > Date: Wed, Nov 23, 2016 at 3:08 PM > Subject: JSON License and Apache Projects > To: legal-disc...@apache.org > > > As some of you may know, recently the JSON License has been > moved to Category X (https://www.apache.org/legal/resolved#category-x). > > I understand that this has impacted some projects, especially > those in the midst of doing a release. I also understand that > up until now, really, there has been no real "outcry" over our > usage of it, especially from end-users and other consumers of > our projects which use it. > > As compelling as that is, the fact is that the JSON license > itself is not OSI approved and is therefore not, by definition, > an "Open Source license" and, as such, cannot be considered as > one which is acceptable as related to categories. > > Therefore, w/ my VP Legal hat on, I am making the following > statements: > > o No new project, sub-project or codebase, which has not > used JSON licensed jars (or similar), are allowed to use > them. In other words, if you haven't been using them, you > aren't allowed to start. It is Cat-X. > > o If you have been using it, and have done so in a *release*, > AND there has been NO pushback from your community/eco-system, > you have a temporary exclusion from the Cat-X classification thru > April 30, 2017. At that point in time, ANY and ALL usage > of these JSON licensed artifacts are DISALLOWED. You must > either find a suitably licensed replacement, or do without. > There will be NO exceptions. > > o Any situation not covered by the above is an implicit > DISALLOWAL of usage. > > Also please note that in the 2nd situation (where a temporary > exclusion has been granted), you MUST ensure that NOTICE explicitly > notifies the end-user that a JSON licensed artifact exists. They > may not be aware of it up to now, and that MUST be addressed. > > If there are any questions, please ask on the legal-discuss@a.o > list. > > -- > Jim Jagielski > VP Legal Affairs > > > - > To unsubscribe, e-mail: legal-discuss-unsubscr...@apache.org > For additional commands, e-mail: legal-discuss-h...@apache.org >
Re: JSON License and Apache Projects
In case it is about this: org.json:json:jar:20090211 libarary I'm afraid wicketstuff is affected Could you please confirm it is about this library? On Wed, Nov 23, 2016 at 10:36 PM, Martijn Dashorst wrote: > FYI: the json.org library for parsing and generating JSON documents > is now category X, which means it is prohibited from being included > in Apache releases. > > As far as I know we are not exposed, but we should be diligent and > make note of this and replace if we do have a (transitive) > dependency. > > The issue is the "don't use this for evil" clause, that makes it hard to > get past legal departments without any issue. The license is also not > approved by the OSI, and therefore moved to the category X. > > Martijn > > > > -- Forwarded message -- > From: Jim Jagielski > Date: Wed, Nov 23, 2016 at 3:08 PM > Subject: JSON License and Apache Projects > To: legal-disc...@apache.org > > > As some of you may know, recently the JSON License has been > moved to Category X (https://www.apache.org/legal/resolved#category-x). > > I understand that this has impacted some projects, especially > those in the midst of doing a release. I also understand that > up until now, really, there has been no real "outcry" over our > usage of it, especially from end-users and other consumers of > our projects which use it. > > As compelling as that is, the fact is that the JSON license > itself is not OSI approved and is therefore not, by definition, > an "Open Source license" and, as such, cannot be considered as > one which is acceptable as related to categories. > > Therefore, w/ my VP Legal hat on, I am making the following > statements: > > o No new project, sub-project or codebase, which has not > used JSON licensed jars (or similar), are allowed to use > them. In other words, if you haven't been using them, you > aren't allowed to start. It is Cat-X. > > o If you have been using it, and have done so in a *release*, > AND there has been NO pushback from your community/eco-system, > you have a temporary exclusion from the Cat-X classification thru > April 30, 2017. At that point in time, ANY and ALL usage > of these JSON licensed artifacts are DISALLOWED. You must > either find a suitably licensed replacement, or do without. > There will be NO exceptions. > > o Any situation not covered by the above is an implicit > DISALLOWAL of usage. > > Also please note that in the 2nd situation (where a temporary > exclusion has been granted), you MUST ensure that NOTICE explicitly > notifies the end-user that a JSON licensed artifact exists. They > may not be aware of it up to now, and that MUST be addressed. > > If there are any questions, please ask on the legal-discuss@a.o > list. > > -- > Jim Jagielski > VP Legal Affairs > > > - > To unsubscribe, e-mail: legal-discuss-unsubscr...@apache.org > For additional commands, e-mail: legal-discuss-h...@apache.org > -- WBR Maxim aka solomax