Hi guys, I just updated our LICENSE of the binary distribution and noticed that we also list dependencies which are licensed under Apache-2.0. As far as I understand the ASF guidelines [1], this is not strictly necessary. Since it is a lot of work to keep the list up to date, I was wondering whether we want to remove Apache-2.0 dependencies from this list or not. I would be in favour of this if it does not contradict an ASF policy which I miss.
This might even have another advantage. Currently, we're shading in many modules the Guava and ASM dependency away. Thus their binary data is contained in nearly every jar we publish on maven. If we wanted to be consistent with our license policy then we would have to add in each of these jars a LICENSE/NOTICE file which lists these two dependencies, IMO. Cheers, Till [1] http://www.apache.org/dev/licensing-howto.html#mod-notice
