Hey Justin, Can you clarify a few things?
- On the first point, the only thing I see is zstd, which we do not, in fact, ship the library itself, just the jni bindings. Was there anything else you saw? - On the second point, I checked the src download from the RC and afaict we use this header and include validation in the build for at least java files https://github.com/apache/kafka/commit/d0e436c471ba4122ddcc0f7a1624546f97c4a517. There are a couple of java files where we maintain in lineage and copyright information, but in a separate comment where it should be clear that is what's happening. So I think what you're referring to is mainly some scala files under the streams/streams-scala package? I think those are probably crept in via the 2 or 3 original contributors of that code, which started as an independent Apache licensed project https://github.com/lightbend/kafka-streams-scala but was merged in. I think these could be cleaned up similarly to Java examples so lineage/attribution can be maintained but in a separate comment that makes it clear it's historical information and not part of the current license for the file. - On the third point, this does seem to be the case, we only have about 3 dependencies listed there but pull in close to 90 jars (though some of those jars may be released/licensed together). These should be cleaned up. -Ewen On Fri, Mar 19, 2021 at 6:51 PM Justin Mclean <jmcl...@apache.org> wrote: > Hi, > > I was taking a look at this release candidate and noticed a number of > things from a licensing compliance point of view the set a little odd. Now > there may be some history here that I'm unaware of and a good reason why > things are like this. I can see: > - The LICENSE files include things that are not in the release but are > dependancies [1] this shouldn't be mentioned in the LICNSE file. > - A large number of headers have "licensed to the ASF" but include a > copyright line, I would expect this header to be used [2] and no copyright > line. If these are 3rd party files then I'd expect them to be mentioned in > LICENSE. > - Some 3rd party software is included in the software release but is not > mentioned in the license file [3] > > One of the issue we run into in the Incubator is podlings copy popular top > level projects approach to their LICENSE and NOTICE files and this can > cause a bit of confusion. > > As I said there may be good reason for above that I'm unaware of, however > I have reviewed 100's of releases at the ASF and the above seems a little > odd to me. I'm happy to help out in fixing these issues. > > Kind Regards, > Justin > > 1. https://infra.apache.org/licensing-howto.html#guiding > 2. https://www.apache.org/legal/src-headers.html#headers > 3. https://infra.apache.org/licensing-howto.html#alv2-dep >