Hi Justin Thanks for the vote, here is some thing that I want to clear about the NOTICE file.
I just checked some projects Notice file, it looks like some projects[1][2] list the License information about the third party dependencies in the Notice file, and some of them[3] just list bundled NOTICE files. I guess spark and hadoop are trying they best to list all the legal statements of third party dependencies in the NOTICE file to avoid the violation of the Open Source License. Could you give us some guide about how to keep the NOTICE file simple and without introducing any legal issues? As you may know the Service Center project is developed with Go language. Go language need to compile the source code to build whole exe binary. So we list all the third party dependencies code copyrights in the Notice file. I just found there are some guideline about the copyright notification here[4]. "However, elements such as the copyright notifications embedded within BSD and MIT licenses need <https://issues.apache.org/jira/browse/LEGAL-59> not <https://issues.apache.org/jira/browse/LEGAL-62> be duplicated in NOTICE -- it suffices to leave those notices in their original locations." As the lot of Go codes just put the License in the root directory, the source code doesn't have the License header, it could be a challenge for us to do the explicit statement without adding the copyright to NOTICE file. Finally We will add the src postfix to the source zip for user to find out it easily. [1]https://github.com/apache/spark/blob/master/NOTICE [2]https://github.com/apache/hadoop/blob/trunk/NOTICE.txt [3] https://github.com/apache/camel/blob/master/apache-camel/src/main/release/NOTICE.txt [4]http://www.apache.org/dev/licensing-howto.html#guiding-principle Willem Jiang Blog: http://willemjiang.blogspot.com (English) http://jnn.iteye.com (Chinese) Twitter: willemjiang Weibo: 姜宁willem On Fri, Mar 2, 2018 at 4:26 PM, Justin Mclean <justinmcl...@me.com> wrote: > Hi, > > -1 (binding) as there is incorrect and far too much information in NOTICE. > License information goes in LICENSE not NOTICE. [1] Also only things that > are actually bundled need to be mentioned not dependancies. [2] > > BTW it's not entirely clear which of the releases artefacts are source > release and what aren’t without carefully looking at them. > > I checked: > - signatures and hash correct > - disclaimer exists > - LICENSE is missing things > - NOTICE is not correct > - no unexpected binaries > - source code have ASF headers > > Thanks, > Justin > > 1. http://www.apache.org/dev/licensing-howto.html#permissive-deps > 2. http://www.apache.org/dev/licensing-howto.html#guiding-principle > --------------------------------------------------------------------- > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org > >