Hi Justin, How about the following modifications:
> 1. Why is license information being mentioned in NOTICE? All license information should go in LICENSE. Remove all license information out of NOTICE, and copy all content of NOTICEs from all bundled dependencies to our NOTICE? > 2. Why is the General Public License (GPL) license mentioned? (It’s a Category X license) I check the content and find that we use `javax.annotation`, which uses CDDL and GPL double license. I think it is ok that we use the dependence according to CDDL. So just removing the content about GPL is ok, I think. > 3. Why are dependancies (JUnit / Hamscrest) which I assume are not bundled mentioned? I think we can remove them out of the NOTICE and LICENSE. > 4. Why are the binaries mentioned in the source release? Please make seperate LICENSE and NOTICE for the source and binary releases. Do we need to maintain 4 files: LICENSE, NOTICE, LICENSE-binary, and NOTICE-binary? > In LICENSE it also seem you are listing dependancies rather than what is bundled in the source release? According to [1] (BUNDLED VS. NON-BUNDLED DEPENDENCIES), only the (binary) jars and java (source) files that written by the third part are bundled. The dependencies that claimed in pom.xml will be downloaded automatically from the Maven Repository when the user compile the source code, so they can be considered as non-bundled. Are these dependencies can be removed from the LICENSE? [1] http://www.apache.org/dev/licensing-howto.html#mod-notice Best, ----------------------------------- Xiangdong Huang School of Software, Tsinghua University 黄向东 清华大学 软件学院 Justin Mclean <jus...@classsoftware.com> 于2019年7月24日周三 上午6:47写道: > HI, > > I took a quick look at NOTICE and something is not right: > 1. Why is license information being mentioned in NOTICE? All license > information should go in LICENSE. > 2. Why is the General Public License (GPL) license mentioned? (It’s a > Category X license) > 3. Why are dependancies (JUnit / Hamscrest) which I assume are not bundled > mentioned? > 4. Why are the binaries mentioned in the source release? Please make > seperate LICENSE and NOTICE for the source and binary releases. > > In LICENSE it also seem you are listing dependancies rather than what is > bundled in the source release? > > Thanks, > Justin
