Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 976180 - dom4j: contains possibly non-free code
Summary: dom4j: contains possibly non-free code
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: dom4j
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Michal Srb
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: FE-Legal
TreeView+ depends on / blocked
 
Reported: 2013-06-20 05:23 UTC by Michal Srb
Modified: 2013-07-02 12:45 UTC (History)
5 users (show)

Fixed In Version: 1.6.1-15
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-07-02 12:45:03 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description Michal Srb 2013-06-20 05:23:24 UTC 
Description of problem:

dom4j contains at least one class taken most probably from Doug Lea's "util.concurrent" project [1]:

src/java/org/dom4j/tree/ConcurrentReaderHashMap.java

This file contains following header:
" Written by Doug Lea. Adapted and released, under explicit
 permission, from JDK1.2 HashMap.java and Hashtable.java which
 carries the following copyright:

 * Copyright 1997 by Sun Microsystems, Inc.,
 * 901 San Antonio Road, Palo Alto, California, 94303, U.S.A.
 * All rights reserved.
 *
 * This software is the confidential and proprietary information
 * of Sun Microsystems, Inc. ("Confidential Information").  You                                           
 * shall not disclose such Confidential Information and shall use
 * it only in accordance with the terms of the license agreement
 * you entered into with Sun."

Lea's util.concurrent project is under public domain, however quoting from [1]:
"All classes are released to the public domain and may be used for any purpose whatsoever without permission or acknowledgment. Portions of the CopyOnWriteArrayList and ConcurrentReaderHashMap classes are adapted from Sun JDK source code. These are copyright of Sun Microsystems, Inc, and are used with their kind permission, as described in this license."

Text of the license is available [2]. It also contains infamous "nuclear" clause.

I am opening this bug, because I am not 100% sure whether licensing is OK or not.


[1]: http://gee.cs.oswego.edu/dl/classes/EDU/oswego/cs/dl/util/concurrent/intro.html
[2]: http://gee.cs.oswego.edu/dl/classes/EDU/oswego/cs/dl/util/sun-u.c.license.pdf
Comment 1 Tom "spot" Callaway 2013-06-20 18:37:25 UTC 
Just a thought, but it is possible that the Sun JDK code this is based on has been relicensed. If so, we can ask Oracle to make the same license change on this copied code.
Comment 2 Michal Srb 2013-06-21 07:34:09 UTC 
(In reply to Tom "spot" Callaway from comment #1)
> Just a thought, but it is possible that the Sun JDK code this is based on
> has been relicensed.

Indeed, ArrayList.java and HashMap.java are both in our java-1.7.0-openjdk package and they are now licensed under GPLv2.

Interesting thing is that the same class (ConcurrentReaderHashMap.java) is also present in groovy package, but it's licensed under ASL 2.0. And it looks like groovy upstream just replaced original header:

https://github.com/groovy/groovy-core/commit/547f55790d0338b09fede88d3358efca5392b557
Comment 3 Tom "spot" Callaway 2013-07-01 20:37:12 UTC 
I think we should simply ask upstream for this to adjust the header. We'll treat it as being GPLv2.
Comment 4 Michal Srb 2013-07-02 12:05:10 UTC 
It looks like we can remove this whole file. dom4j probably doesn't use it anyway. It can be easily patched out. This class is there only as a fallback, normally JDK's java.util.concurrent.ConcurrentHashMap is used.
Comment 5 Michal Srb 2013-07-02 12:45:03 UTC 
Fixed in dom4j-1.6.1-15. Thanks for your time Tom, and sorry for the false alarm.
Note You need to log in before you can comment on or make changes to this bug.