-
Notifications
You must be signed in to change notification settings - Fork 174
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Concerning license in the javadoc jar #1635
Comments
Hi @hyandell , thanks for bring up this issue. I checked out the 0.5.1 draft release, the jar https://repository.apache.org/content/repositories/orgapachefury-1007/org/apache/fury/fury-core/0.5.1/fury-core-0.5.1-javadoc.jar contains same issue : I never think about the javadoc jar would introduce an legal issue. I used oracle jdk8 for release fury 0.5.0 jar. I tested with openjdk 1.8, everything is fine. I will create a PR to validate the release packages and add checks to fury release document. |
Thanks Shawn that sounds great. And leaves a need for a "Please make releases with OpenJDK" or some instruction; or at least "Do not use Oracle to make Apache releases". I'll take that to the licensing side to headscratch on that. |
Search before asking
Version
0.5.0 - https://repo1.maven.org/maven2/org/apache/fury/fury-core/0.5.0/fury-core-0.5.0-javadoc.jar
Component(s)
Java
Minimal reproduce step
Hi there from the ASF Legal Committee side of the house (though this came up initially at work) :)
The javadoc jar has an Oracle Proprietary license in legal/LICENSE - "Oracle No-Fee Terms and Conditions (NFTC)". This should not be in there, and neither (perhaps) should any content it relates to. I see the following on files within the documentation jar:
From initial inspection, I don't see how it gets there. It's not in the GitHub source. I've looked at the 0.5.1 draft release, but I don't see a javadoc jar there to review.
I'm definitely interested if this is something being introduced by an Oracle JDK. We knew that they were injecting other open source licenses (see: https://www.apache.org/legal/resolved.html#from-java-9-onwards-javadoc-can-include-search-functionality-that-includes-javascript-under-other-open-source-licenses-can-apache-projects-include-this-javadoc ) but this is the first time I've seen proprietary potentially injected. Perhaps it comes down to the JVM/JDK used to make the release and we need rules about that.
What did you expect to see?
That an Apache release did not include proprietary licensing.
What did you see instead?
:)
Anything Else?
No response
Are you willing to submit a PR?
The text was updated successfully, but these errors were encountered: