Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The hazelcast 5.3.2 THIRD-PARTY.txt incorrectly includes the JSON license #25343

Closed
lfradin opened this issue Aug 31, 2023 · 1 comment · Fixed by #25943
Closed

The hazelcast 5.3.2 THIRD-PARTY.txt incorrectly includes the JSON license #25343

lfradin opened this issue Aug 31, 2023 · 1 comment · Fixed by #25943
Assignees
@JackPGreen
Labels
Type: Defect

Comments

@lfradin
Copy link

lfradin commented Aug 31, 2023

Describe the bug
In the hazelcast 5.3.2 jar, the THIRD-PARTY.txt file listing the license of the 3rd party components correctly lists JSON-java version 20230227 as being a public domain license (as seen in the official project directory here https://github.com/stleary/JSON-java/blob/20230227/LICENSE).
Indeed this JSON-java project changed its license from the JSON license to a "Public Domain" license back in version 20220924.

However, hazelcast 5.3.2 still includes the JSON license in the THIRD-PARTY.txt file, which it does not need to.

This triggers alarms on our licensing analysis tools, as our company forbids the use of anything using the JSON license. We will get a waiver, following our analysis, but it would be best to remove the JSON license from the file.

Expected behavior
We expect a THIRD-PARTY.txt file not containing the JSON license text.

To Reproduce
Just get the hazelcast-5.3.2.jar (for example from maven central), open it as a zip file to extract and view the THIRD-PARTY.txt file at the root. In this file, search for "JSON License", which will lead to the section that should be removed.

Additonnal Information
The text seems to come from the following source file:
hazelcast-build-utils/src/main/resources/hazelcast-thirdparty-template.ftl
@nishaatr
Copy link
Contributor

nishaatr commented Aug 31, 2023
edited
Loading

Hi @lfradin

Thank you for reporting this.

You are correct about JSON license is set in https://github.com/hazelcast/hazelcast/blob/master/hazelcast-build-utils/src/main/resources/hazelcast-thirdparty-template.ftl. So I believe its just a question of removing 'The JSON License' from the FTL template

I am just highlighting this here and best wait for Hazelcast engineering team to pick this up and comment

Thanks
Nishaat

@JackPGreen JackPGreen mentioned this issue Nov 8, 2023
Merged
@JackPGreen JackPGreen self-assigned this Nov 20, 2023
vbekiaris pushed a commit to vbekiaris/hazelcast that referenced this issue Nov 20, 2023
@JackPGreen
Remove references to JSON License (hazelcast#25943)
999805c 
The JSON license was included for the `org.json` transitive dependency,
but that [no longer uses this
license](stleary/JSON-java#688).

Changes:
- Removed support for this license (so that the build will fail if
re-introduced)
- Removed license text from `thirdparty-template`

Fixes hazelcast#25343
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@JackPGreen JackPGreen

Labels
Type: Defect
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Remove references to JSON License JackPGreen/hazelcast
3 participants
@lfradin @JackPGreen @nishaatr