Details
-
Bug
-
Status: Resolved
-
Blocker
-
Resolution: Won't Fix
-
None
-
None
-
None
-
None
Description
Compiling HBase against Hadoop trunk tells me Bouncy Castle license is used.
This product includes Bouncy Castle PKIX, CMS, EAC, TSP, PKCS, OCSP, CMP, and CRMF APIs licensed under the Bouncy Castle Licence.
ERROR: Please check ^^^^^^^^^^^^ this License for acceptability here:
https://www.apache.org/legal/resolved
If it is okay, then update the list named 'non_aggregate_fine' in the LICENSE.vm file.
If it isn't okay, then revert the change that added the dependency.More info on the dependency:
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk15on</artifactId>
<version>1.60</version>maven central search
g:org.bouncycastle AND a:bcpkix-jdk15on AND v:1.60project website
http://www.bouncycastle.org/java.html
project source
https://github.com/bcgit/bc-java
According to the project website, Bouncy Castle License is the same as MIT license.
https://www.bouncycastle.org/licence.html
Please note this should be read in the same way as the MIT license.
Shall we seek Apache Software Foundation's legal advice? Per ASF legal, Bouncy Castle is not listed as an includable license: https://www.apache.org/legal/resolved#category-a
Not sure why it only surfaced in Hadoop trunk (aka branch 3.3) since Bouncy Castle was included long time ago. Maybe a recent change made by rkanter in YARN-8857 updated the version and changed the license?
Attachments
Issue Links
- is related to
-
-
- Resolved
-
- relates to
-
HADOOP-15832 Upgrade BouncyCastle to 1.60
-
- Resolved
-