> I just checked some projects Notice file, it looks like some projects[1][2]
> list the License information about the third party dependencies in the
> Notice file

Which would be incorrect to do so. What you are seeing here in the Hadoop case 
is an upstream project have extra information in  NOTICE files and if you 
bundle code from an ALv2 licensed project you need to propagate the NOTICE file 
into your NOTICE file. That different from listing the 3rd party dependancies 
in NOTICE. The Space NOTICE file is IMO a poor one to copy from. There may be 
other historical reasons for why these NOTICE files are the way they are.

This I also point out the not the first time that Hadoop and Sparks NOTICE file 
have cases some confusion for incubating projects.

> and some of them[3] just list bundled NOTICE files.

Which would be correct.

> I guess spark and hadoop are trying they best to list all the legal
> statements of third party dependencies in the NOTICE file to avoid the
> violation of the Open Source License.

No NOTICE is not for that, only required notices [1] and relocated copyrights 
need to be put in NOTICE. The NOTICE file is for informational purposes only 
and doesn't modify any of the license terms. [2] License information should be 
listed in LICENSE.

> Could you give us some guide about how to keep the NOTICE file simple and
> without introducing any legal issues?

Remove all mention Apache, BSD and MIT software [3] and remove all mention any 
anything that is not bundled. [4] See also [7]

> As you may know the Service Center project is developed with Go language.
> Go language need to compile the source code to build whole exe binary. So
> we list all the third party dependencies code copyrights in the Notice
> file.

In  that case the binary would have a different LICENCE and NOTICE content than 
the source release. [5]

> As the lot of Go codes just put the License in the root directory, the
> source code doesn't have the License header, it could be a challenge for us
> to do the explicit statement without adding the copyright to NOTICE file.

They don’t need to be put in NOTICE they should be listed in LICENSE either 
with the full text or preferably with a pointer to the full text of the license 
in question. [6]


1. https://www.apache.org/legal/resolved.html#required-third-party-notices 
2. https://www.apache.org/licenses/LICENSE-2.0#redistribution 
3. http://www.apache.org/dev/licensing-howto.html#permissive-deps 
4. http://www.apache.org/dev/licensing-howto.html#guiding-principle 
5. http://www.apache.org/dev/licensing-howto.html#binary 
6. http://www.apache.org/dev/licensing-howto.html#permissive-deps 

Reply via email to