XStream
  1. XStream
  2. XSTR-763

Replace usage of non-free org.json:json library

          Details

          • Type: Bug Bug
          • Status: Open Open
          • Priority: Minor Minor
          • Resolution: Unresolved
          • Affects Version/s: None
          • Fix Version/s: None
          • Component/s: IO
          • Labels:
            None

            Description

            Xstream's tests use Douglas Crockford's org.json:json library for JSON parsing. The library has a modified MIT license with additional "evil" clause that makes it non-free sofware from legal point of view. There are many different JSON parsers for Java that offer the same or better functionality. Please consider swithing to different implementation without licensing issues. I'm attaching a patch that should port affected tests to Google Gson library.

              Activity

              Hide
              Permalink
              Jörg Schaible added a comment -

              Why is the license critical for a test dependency? No XStream user is affected. Note: XStream 1.4.x still supports Java 1.4 and gson does not.

              Show
              Jörg Schaible added a comment - Why is the license critical for a test dependency? No XStream user is affected. Note: XStream 1.4.x still supports Java 1.4 and gson does not.
              Hide
              Permalink
              Michael Simacek added a comment -

              It's not critical, I just wanted to make you aware of the fact that it's non-free. XStream's users might be affected because even though it's a test-only dependency, it's not marked as such and therefore ends up being pulled in at runtime. So if you're fine with the license, ignore the patch and please just add <scope>test</scope> to the dependency.

              Show
              Michael Simacek added a comment - It's not critical, I just wanted to make you aware of the fact that it's non-free. XStream's users might be affected because even though it's a test-only dependency, it's not marked as such and therefore ends up being pulled in at runtime. So if you're fine with the license, ignore the patch and please just add <scope>test</scope> to the dependency.
              Hide
              Permalink
              Jörg Schaible added a comment -

              Hi Michael,

              it's declared optional, therefore it is not pulled in automatically by clients of XStream. However, you're right, declaring it with the proper scope should have been done from the beginning, since it is only used in the tests. I'll consider a switch for the 1.5.x line nevertheless.

              Thanks for heads-up,
              Jörg

              Show
              Jörg Schaible added a comment - Hi Michael, it's declared optional, therefore it is not pulled in automatically by clients of XStream. However, you're right, declaring it with the proper scope should have been done from the beginning, since it is only used in the tests. I'll consider a switch for the 1.5.x line nevertheless. Thanks for heads-up, Jörg

                People

                • Assignee:
                  Jörg Schaible
                  Reporter:
                  Michael Simacek
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  2 Start watching this issue

                  Dates

                  • Created:
                    Updated: