Hi, Looks like the source LICENSE are missing the MIT and BSD bundled software.
Can you list out what software is bundled into the source release that is MIT or BSD licensed? From a quick search I see that these have MIT licenses: ./contrib/native/client/src/clientlib/y2038/time64.c ./contrib/native/client/src/clientlib/y2038/time64.h ./contrib/native/client/src/clientlib/y2038/time64_config.h ./contrib/native/client/src/clientlib/y2038/time64_limits.h It's hard to check the rat report as there over 300 files that don't have headers, while most of these a json and the like it makes it hard to review and know what's going on. From rat I get 1897 standards, 1569 Apache licensed and 315 unknown (or missing) licenses. 1897 - 1569 - 315 = 13 files that have other licences. I've only found 4 above, so what are the other 9 files? Just follow the instructions at [1] and your project mentors should be able to help with this. The binary LICENSE and NOTICE look better, but I think they are still including too much, for example the LICENSE states: "This product bundles JUnit (junit:junit:4.11 - http://junit.org)" Does it actually bundle jars or source code from JUnit or does it just contain tests that are run by JUnit? If it bundles the JUnit jar does it really need to? There's also (IMO) an issue with how you've bundleding CDDL, EPL and MPL licensed software in the binary release, see Category B licenses at [2]. They need to be clearly marked and you need to prompt the user to accept their license (or not include them in the binary if that's at all possible). I would also put them in another directory separate form the category A licensed binaries if they do need to be bundled. Thanks, Justin 1. http://www.apache.org/dev/licensing-howto.html#permissive-deps 2. http://www.apache.org/legal/3party.html
