Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Concerning license in the javadoc jar #1635

Open
1 of 2 tasks
hyandell opened this issue May 16, 2024 · 2 comments
Open
1 of 2 tasks

Concerning license in the javadoc jar #1635

hyandell opened this issue May 16, 2024 · 2 comments
Labels
bug Something isn't working

Comments

@hyandell
Copy link

Search before asking

  • I had searched in the issues and found no similar issues.

Version

0.5.0 - https://repo1.maven.org/maven2/org/apache/fury/fury-core/0.5.0/fury-core-0.5.0-javadoc.jar

Component(s)

Java

Minimal reproduce step

Hi there from the ASF Legal Committee side of the house (though this came up initially at work) :)

The javadoc jar has an Oracle Proprietary license in legal/LICENSE - "Oracle No-Fee Terms and Conditions (NFTC)". This should not be in there, and neither (perhaps) should any content it relates to. I see the following on files within the documentation jar:

  • ./link.svg: ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
  • ./copy.svg: ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
  • ./script.js: * ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
  • ./search-page.js: * ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
  • ./search.js: * ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.

From initial inspection, I don't see how it gets there. It's not in the GitHub source. I've looked at the 0.5.1 draft release, but I don't see a javadoc jar there to review.

I'm definitely interested if this is something being introduced by an Oracle JDK. We knew that they were injecting other open source licenses (see: https://www.apache.org/legal/resolved.html#from-java-9-onwards-javadoc-can-include-search-functionality-that-includes-javascript-under-other-open-source-licenses-can-apache-projects-include-this-javadoc ) but this is the first time I've seen proprietary potentially injected. Perhaps it comes down to the JVM/JDK used to make the release and we need rules about that.

What did you expect to see?

That an Apache release did not include proprietary licensing.

What did you see instead?

:)

Anything Else?

No response

Are you willing to submit a PR?

  • I'm willing to submit a PR!
@hyandell hyandell added the bug Something isn't working label May 16, 2024
@chaokunyang
Copy link
Collaborator

Hi @hyandell , thanks for bring up this issue. I checked out the 0.5.1 draft release, the jar https://repository.apache.org/content/repositories/orgapachefury-1007/org/apache/fury/fury-core/0.5.1/fury-core-0.5.1-javadoc.jar contains same issue :
image

I never think about the javadoc jar would introduce an legal issue.

I used oracle jdk8 for release fury 0.5.0 jar.

I tested with openjdk 1.8, everything is fine.
image

I will create a PR to validate the release packages and add checks to fury release document.

@hyandell
Copy link
Author

Thanks Shawn that sounds great.

And leaves a need for a "Please make releases with OpenJDK" or some instruction; or at least "Do not use Oracle to make Apache releases". I'll take that to the licensing side to headscratch on that.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hyandell @chaokunyang