The LICENSE file is for the distribution contents, which in case of the source release distribution means source files, but in case of a convience binary distribution means it also includes distributed dependencies.
It is typical to include (/reference an included file for) the dependency licences in the LICENSE file if they differ from the ASLv2 'for the project', to that ensure people are aware of the appropriate licence for the included contents, and also cover most required third party notices. Very little need go in the NOTICE file actually, as most things are covered by the LICENSE file: "When a release contains third party works, the licenses covering those works may ask that consumers are informed in certain specific fashions. These third party notices vary from license to license. Apache releases should contain a copy of each license, usually contained in the LICENSE document. For many licenses this is a sufficient notice." http://www.apache.org/legal/resolved.html#required-third-party-notices Specificaly to your earlier questions though, GNU LGPL 2, 2.1, 3 are considered Category X per the prev link and so this becomes irrelevant in that case as such dependencies may not even be distributed: "Apache projects may not distribute Category X licensed components, be it in source or binary form; and be it in ASF source code or convenience binaries." http://www.apache.org/legal/resolved.html#prohibited (Though to be clear, that restriction did not apply to the case which started this thread since it actually had no LGPL content) Robbie On Sun, 9 Jun 2019 at 18:03, Arthur Naseef <a...@amlinv.com> wrote: > > Hey Robbie - the LICENSE file is the license for the project itself, not > dependencies. See http://www.apache.org/dev/apply-license.html > > Art > > Sent from my iPhone > > > On Jun 7, 2019, at 2:27 AM, Robbie Gemmell <robbie.gemm...@gmail.com> wrote: > > > > GNU LGPL 2, 2.1, 3 are considered Category X > > (https://apache.org/legal/resolved.html#category-x) and so files under > > these would not typically be 'included' in an Apache project, which is > > to say we could not distribute them in a source release or any related > > binary convenience artifacts. > > > > That said, Category X files are allowed for use with optional > > functionality where a user can be instructed how to themselves attain > > and use them. There are also some rare cases for specific > > purposes/uses (around defacto build tools) where incompatible licenced > > files can be included. > > > > (Aside: LICENCE details would be called out in the LICENCE file, not NOTICE) > > > > Robbie > > > >> On Fri, 7 Jun 2019 at 00:21, Arthur Naseef <a...@amlinv.com> wrote: > >> > >> Looking for clarification here. Our projects can depend on LGPL'ed > >> dependencies, right? Here is my understanding... > >> > >> LGPL is not GPL, so using it as a library in our project should not force > >> the license on our software - i.e. we can still release under the Apache > >> License. We do need to include a NOTICE file mentioning the dependency and > >> its license as part of the release - that's an Apache standard, right? > >> > >> If this is just a test dependency as @jbertram mentioned, then it's really > >> not a problem and doesn't require and NOTICE. > >> > >> Art > >> > >> > >>> On Thu, Jun 6, 2019 at 1:17 PM Justin Bertram <jbert...@apache.org> wrote: > >>> > >>> The file you referenced [1] is just a test and isn't distributed so it's > >>> not in the jar of our dependency. My guess is that it was a mistake and > >>> they can send a commit to re-license the file with ASL 2. > >>> > >>> I still don't see a problem, but it's worth checking all the files. > >>> > >>> > >>> Justin > >>> > >>> [1] > >>> > >>> https://github.com/wildfly/wildfly-common/blob/d8397e1174a193aaab5db510da514f6039be6742/src/test/java/org/wildfly/common/string/CompositeCharSequenceTestCase.java > >>> > >>> On Thu, Jun 6, 2019 at 3:12 PM Michael André Pearce > >>> <michael.andre.pea...@me.com.invalid> wrote: > >>> > >>>> I haven’t checked all the files, i don’t have time. But simply the parent > >>>> wildfly project is LPGL and I’ve found one file with LGPL, this is a > >>>> concern, and going forwards this is risky as they may move more files > >>> from > >>>> Wildfly project into it. > >>>> > >>>>> On 6 Jun 2019, at 21:10, Michael André Pearce < > >>>> michael.andre.pea...@me.com> wrote: > >>>>> > >>>>> There is a class in there which was taken from wildfly but keeps its > >>> gnu > >>>> license (as it has to) > >>>>> > >>>> > >>> https://github.com/wildfly/wildfly-common/blob/d8397e1174a193aaab5db510da514f6039be6742/src/test/java/org/wildfly/common/string/CompositeCharSequenceTestCase.java > >>>>> > >>>>> As such even so they declare it Apache, it isn’t because inside is code > >>>> that is LPGL from wildly. > >>>>> > >>>>>> On 6 Jun 2019, at 21:06, Justin Bertram <jbert...@apache.org> wrote: > >>>>>> > >>>>>> This was the dependency added: > >>>>>> > >>>>>> <dependency> > >>>>>> <groupId>org.wildfly.common</groupId> > >>>>>> <artifactId>wildfly-common</artifactId> > >>>>>> </dependency> > >>>>>> > >>>>>> Wildfly Common is ASL 2. See > >>>>>> https://github.com/wildfly/wildfly-common/blob/master/LICENSE. > >>>>>> > >>>>>> I could see your point if a dependency on org.wildfly:wildfly-parent > >>> was > >>>>>> added as that is LGPL as you noted. > >>>>>> > >>>>>> At this point I don't see a problem. > >>>>>> > >>>>>> > >>>>>> Justin > >>>>>> > >>>>>> On Thu, Jun 6, 2019 at 3:02 PM Michael André Pearce > >>>>>> <michael.andre.pea...@me.com.invalid> wrote: > >>>>>> > >>>>>>> Wildfly project: > >>>>>>> > >>>>>>> https://github.com/wildfly/wildfly/blob/master/LICENSE.txt > >>>>>>> > >>>>>>> > >>>>>>>> On 6 Jun 2019, at 21:01, Justin Bertram <jbert...@apache.org> > >>> wrote: > >>>>>>>> > >>>>>>>> Are you sure about that? Wildfly Common is ASL 2. See > >>>>>>>> https://github.com/wildfly/wildfly-common. > >>>>>>>> > >>>>>>>> > >>>>>>>> Justin > >>>>>>>> > >>>>>>>> On Thu, Jun 6, 2019 at 2:47 PM Michael André Pearce > >>>>>>>> <michael.andre.pea...@me.com.invalid> wrote: > >>>>>>>> > >>>>>>>>> http://www.apache.org/legal/resolved.html > >>>>>>>>> > >>>>>>>>> It’s a category x, in my understanding. > >>>>>>>>> > >>>>>>>>>> On 6 Jun 2019, at 20:46, Michael André Pearce < > >>>>>>>>> michael.andre.pea...@me.com> wrote: > >>>>>>>>>> > >>>>>>>>>> Hi All, > >>>>>>>>>> > >>>>>>>>>> It seems https://github.com/apache/activemq-artemis/pull/2661 > >>>>>>>>> introduced an LPGL dependency into ActiveMQ Artemis. > >>>>>>>>>> > >>>>>>>>>> Can we please revert this. > >>>>>>>>>> > >>>>>>>>>> Thanks > >>>>>>>>>> Mike > >>>>>>>>> > >>>>>>>>> > >>>>>>> > >>>>>>> > >>>>> > >>>> > >>>> > >>>