Hi, > I just checked some projects Notice file, it looks like some projects[1][2] > list the License information about the third party dependencies in the > Notice file
Which would be incorrect to do so. What you are seeing here in the Hadoop case is an upstream project have extra information in NOTICE files and if you bundle code from an ALv2 licensed project you need to propagate the NOTICE file into your NOTICE file. That different from listing the 3rd party dependancies in NOTICE. The Space NOTICE file is IMO a poor one to copy from. There may be other historical reasons for why these NOTICE files are the way they are. This I also point out the not the first time that Hadoop and Sparks NOTICE file have cases some confusion for incubating projects. > and some of them[3] just list bundled NOTICE files. Which would be correct. > I guess spark and hadoop are trying they best to list all the legal > statements of third party dependencies in the NOTICE file to avoid the > violation of the Open Source License. No NOTICE is not for that, only required notices [1] and relocated copyrights need to be put in NOTICE. The NOTICE file is for informational purposes only and doesn't modify any of the license terms. [2] License information should be listed in LICENSE. > Could you give us some guide about how to keep the NOTICE file simple and > without introducing any legal issues? Remove all mention Apache, BSD and MIT software [3] and remove all mention any anything that is not bundled. [4] See also [7] > As you may know the Service Center project is developed with Go language. > Go language need to compile the source code to build whole exe binary. So > we list all the third party dependencies code copyrights in the Notice > file. In that case the binary would have a different LICENCE and NOTICE content than the source release. [5] > As the lot of Go codes just put the License in the root directory, the > source code doesn't have the License header, it could be a challenge for us > to do the explicit statement without adding the copyright to NOTICE file. They don’t need to be put in NOTICE they should be listed in LICENSE either with the full text or preferably with a pointer to the full text of the license in question. [6] Thanks, Justin 1. https://www.apache.org/legal/resolved.html#required-third-party-notices <https://www.apache.org/legal/resolved.html#required-third-party-notices> 2. https://www.apache.org/licenses/LICENSE-2.0#redistribution <https://www.apache.org/licenses/LICENSE-2.0#redistribution> 3. http://www.apache.org/dev/licensing-howto.html#permissive-deps <http://www.apache.org/dev/licensing-howto.html#permissive-deps> 4. http://www.apache.org/dev/licensing-howto.html#guiding-principle <http://www.apache.org/dev/licensing-howto.html#guiding-principle> 5. http://www.apache.org/dev/licensing-howto.html#binary <http://www.apache.org/dev/licensing-howto.html#binary> 6. http://www.apache.org/dev/licensing-howto.html#permissive-deps <http://www.apache.org/dev/licensing-howto.html#permissive-deps> 7.http://www.apache.org/dev/licensing-howto.html#mod-notice <http://www.apache.org/dev/licensing-howto.html#mod-notice>