Github user joewitt commented on the issue:
https://github.com/apache/nifi/pull/2588
@ottobackwards this describes how to handle code contributed to the ASF
https://www.apache.org/legal/src-headers.html#headers
In short that is when you add the header.
This describes how to handle code not contributed to but rather pulled into
ASF projects (third party works):
https://www.apache.org/legal/src-headers.html#3party
In short dont add the header.
So yes please remove the header from all files which are sourced
externally. If you were simply pulling in a code snippet/etc.. then it would
be ok to just cite it like you did and have the header but this case is pretty
simple.
Anyway, easy fix, just remove header and yes add RAT exclusions for each
and put a comment explaining in case someone flags it later.
Your comments about them not doing a release with the PR you did are fine.
It is ok to pull source in this case just obviously preferable to avoid it
where possible. So all good. The other rub here is the author doesn't tag
releases which helps us in terms of provenance. Can you please reference a
specific commit in the git repo you're pulling from in the notice entry. Not
strictly necessary but safer in terms of 'it was ALv2 licensed when i pulled
this'.
I'll try to look again when that is done
---
