Hi Ryan, If it's "used" section is not strictly required in NOTICE from a legal perspective, the embedded dependencies should be mentioned (either under the Apache license as soon as they are not a ASF project), that's the "are not satisfied by either the text of LICENSE or the presence of licensing information embedded within the bundled dependency" part of the policy.
By embedded, I mean distributed in the source distribution but also in binary distributions (as soon as we publish/distribute it). For instance, here https://github.com/apache/karaf/blob/main/NOTICE you can see the included software (used software is not strictly required). Regards JB On Mon, Feb 19, 2024 at 5:52 PM Ryan Blue <b...@tabular.io> wrote: > > JB, > > Can you help me understand your rationale for updating NOTICE? We are strict > about what goes into the NOTICE file to comply with ASF guidance: > > The NOTICE file is reserved for a certain subset of legally required > notifications which are not satisfied by either the text of LICENSE or the > presence of licensing information embedded within the bundled dependency. > … > It is important to keep NOTICE as brief and simple as possible, as each > addition places a burden on downstream consumers. > > Do not add anything to NOTICE which is not legally required. > > It sounds like the content you’re talking about would be better located in > the README instead. > > Ryan > > > On Mon, Feb 19, 2024 at 2:27 AM Jean-Baptiste Onofré <j...@nanthrax.net> > wrote: >> >> +1 (non binding) >> >> I checked: >> - checksum and signature are correct >> - ASF headers are OK >> - no binary found in the source distribution >> - build is OK from the source distribution >> >> To be improved for next releases (not blocker at all): >> - NOTICE file should mention dependencies and tools used (not >> necessary included). I'm thinking about openapi, palantir plugins, aws >> sdk, jackson, ... I will do a PR about that. >> - doap.rdf file can be updated as part of the RC >> >> Thanks ! >> Regards >> JB >> >> On Mon, Feb 19, 2024 at 11:02 AM Ajantha Bhat <ajanthab...@gmail.com> wrote: >> > >> > Hi Everyone, >> > >> > I propose that we release the following RC as the official Apache Iceberg >> > 1.5.0 release. >> > >> > The commit ID is bff665278245128a71982ba5ac5981a9e71c4509 >> > * This corresponds to the tag: apache-iceberg-1.5.0-rc0 >> > * https://github.com/apache/iceberg/commits/apache-iceberg-1.5.0-rc0 >> > * >> > https://github.com/apache/iceberg/tree/bff665278245128a71982ba5ac5981a9e71c4509 >> > >> > The release tarball, signature, and checksums are here: >> > * https://dist.apache.org/repos/dist/dev/iceberg/apache-iceberg-1.5.0-rc0 >> > >> > You can find the KEYS file here: >> > * https://dist.apache.org/repos/dist/dev/iceberg/KEYS >> > >> > Convenience binary artifacts are staged on Nexus. The Maven repository URL >> > is: >> > * https://repository.apache.org/content/repositories/orgapacheiceberg-1150/ >> > >> > Please download, verify, and test. >> > >> > Please vote in the next 72 hours. >> > >> > [ ] +1 Release this as Apache Iceberg 1.5.0 >> > [ ] +0 >> > [ ] -1 Do not release this because... >> > >> > Only PMC members have binding votes, but other community members are >> > encouraged to cast >> > non-binding votes. This vote will pass if there are 3 binding +1 votes and >> > more binding >> > +1 votes than -1 votes. >> > >> > Special thanks to Eduard for helping out on publishing the release >> > artifacts. >> > >> > - Ajantha > > > > -- > Ryan Blue > Tabular
