Note sure where to start with this, but we do need to make sure we've gotten our LICENSE/NOTICE straight for gremlin-go if we are to make a release of any sort. My understanding is that the tagging of the repo with the pattern `v3.5.3` (or the like) will allow go users to make use of that version. I further believe that in referencing that version, it will trigger the download of the entire TinkerPop repository - i.e. the source code for all of TinkerPop, despite only really needing the gremlin-go part of it.
I looked at Apache Arrow which has a golang package and I'm not completely sure that their pattern is the one to follow (a dangerous game to assume the other Apache project did it right), but it did help me think through our particular situation. The LICENSE/NOTICE should only be modified to address bundled bits. and gremlin-go does not have any source code that is from a third party (please correct me if I'm wrong). The only third-party code is that which is unrelated to gremlin-go and is already listed in the root NOTICE. We cover the licenses for those items already in our root LICENSE and /licenses directory. Since the user gets the whole repo downloaded to include those files, I would think those root files are enough to satisfy ASF concerns. The NOTICE file currently proposed for gremlin-go in particular, doesn't seem necessary as none of the items in there are "bundled bits". They are additional dependencies that come separate to what we say are in our package. I think that file can be removed.
