Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Not A Problem
-
None
-
None
-
None
Description
Please refer to TEZ-4378 for further details:
jar tf ./hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-applications-catalog/hadoop-yarn-applications-catalog-webapp/target/app/WEB-INF/lib/hadoop-shaded-guava-1.1.1.jar | grep "dataflow"
org/apache/hadoop/thirdparty/org/checkerframework/dataflow/
org/apache/hadoop/thirdparty/org/checkerframework/dataflow/qual/
org/apache/hadoop/thirdparty/org/checkerframework/dataflow/qual/Deterministic.class
org/apache/hadoop/thirdparty/org/checkerframework/dataflow/qual/Pure$Kind.class
org/apache/hadoop/thirdparty/org/checkerframework/dataflow/qual/Pure.class
org/apache/hadoop/thirdparty/org/checkerframework/dataflow/qual/SideEffectFree.class
org/apache/hadoop/thirdparty/org/checkerframework/dataflow/qual/TerminatesExecution.class
I can see that checker-qual LICENSE.txt was removed in the scope of HADOOP-17648, but it has nothing to do with the license itself, only for resolving a shading error
my understanding is that in the current way an Apache licensed package (guava shaded jar) will contain a GPLv2 licensed software, which makes it a subject of GPLv2, also triggers license violations in security tools (like BlackDuck)
Attachments
Issue Links
- is related to
-
HADOOP-17648 Update guava to 30.1.1-jre
-
- Resolved
-
- relates to
-
-
- Resolved
-