You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi there from the ASF Legal Committee side of the house (though this came up initially at work) :)
The javadoc jar has an Oracle Proprietary license in legal/LICENSE - "Oracle No-Fee Terms and Conditions (NFTC)". This should not be in there, and neither (perhaps) should any content it relates to. I see the following on files within the documentation jar:
./link.svg: ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
./copy.svg: ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
./script.js: * ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
./search-page.js: * ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
./search.js: * ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
From initial inspection, I don't see how it gets there. It's not in the GitHub source. I've looked at the 0.5.1 draft release, but I don't see a javadoc jar there to review.
And leaves a need for a "Please make releases with OpenJDK" or some instruction; or at least "Do not use Oracle to make Apache releases". I'll take that to the licensing side to headscratch on that.
Search before asking
Version
0.5.0 - https://repo1.maven.org/maven2/org/apache/fury/fury-core/0.5.0/fury-core-0.5.0-javadoc.jar
Component(s)
Java
Minimal reproduce step
Hi there from the ASF Legal Committee side of the house (though this came up initially at work) :)
The javadoc jar has an Oracle Proprietary license in legal/LICENSE - "Oracle No-Fee Terms and Conditions (NFTC)". This should not be in there, and neither (perhaps) should any content it relates to. I see the following on files within the documentation jar:
From initial inspection, I don't see how it gets there. It's not in the GitHub source. I've looked at the 0.5.1 draft release, but I don't see a javadoc jar there to review.
I'm definitely interested if this is something being introduced by an Oracle JDK. We knew that they were injecting other open source licenses (see: https://www.apache.org/legal/resolved.html#from-java-9-onwards-javadoc-can-include-search-functionality-that-includes-javascript-under-other-open-source-licenses-can-apache-projects-include-this-javadoc ) but this is the first time I've seen proprietary potentially injected. Perhaps it comes down to the JVM/JDK used to make the release and we need rules about that.
What did you expect to see?
That an Apache release did not include proprietary licensing.
What did you see instead?
:)
Anything Else?
No response
Are you willing to submit a PR?
The text was updated successfully, but these errors were encountered: