On 13 April 2018 at 03:37, Willem Jiang <willem.ji...@gmail.com> wrote:
> Hi Matt, > > I just have different idea about your your explanation. > > If my code has the compile dependency of the JSON library, as the JSON > library code is not bundled in the source code. > I don't think we should add the License of JSON library into my License > file. > Right. The source license file only applies to the source code that you directly include in the distribution artifact. Hence why the binaries here have a different license because they embed several 3rd party dependencies with different licenses or notices to include. Some licenses have different rules regarding source distribution versus binary distribution (these generally revolve around where and how to attribute the copyright holders). > If we use the LGPL license jar library in the test. > As this LGPL jar is not bundled in our source or binary release. we don't > need to update our License and Notice file for it. > That's my understanding. Essentially, any components that depend on LGPL code or similar need to be optional. As for license categories (which is relevant to this discussion in general), category A are all good for source and binary distribution, category B licenses can generally be used in binary distributions but not source distributions, and category X licenses cannot be included in source or binary distributions. Category X licensed software can be used in limited cases, but it can't be required for using the software. For example, maybe you have a component that integrates with some GPL component upstream. Provided you were legally able to write your component under ALv2 in the first place, then said component could be distributed as an optional component with instructions on installing the third party software. < https://www.apache.org/legal/resolved.html#optional> -- Matt Sicker <boa...@gmail.com>