There are two main issues with the presented arguments: 1. This isn't a bundled dependency, it is an attribution of a code snippet taken from another project 2. There is nothing in the NOTICE that would qualify as "relevant portions [to be] bubbled up"
You seem to be asserting that this is both a bundled dependency and that you've analyzed the notice statements and determined they apply. I don't believe either of those are accurate reflections of what the project contains. The PR comment describes this well: "Legally required notifications are things like attribution required by third-party licenses. We also include sections of other NOTICE files that need to be preserved because they apply to this project as well as the original project. License information should be included in the LICENSE file because it is the canonical place for license attribution. That's why the documentation states that NOTICE is for "notifications which are not satisfied by either the text of LICENSE or ..." It's fine if we don't ship code and should update LICENSE to reflect that, but we can't add this information to NOTICE." I don't consider this a blocker for the release. Best, Dan On Thu, Apr 4, 2024 at 7:02 PM Justin Mclean <jus...@classsoftware.com> wrote: > Hi, > > Also note that that comment you linked to also includes "Aside from > Apache-licensed dependencies which supply NOTICE files of their own, it is > uncommon for a dependency to require additions to NOTICE.” > > In this case, you do have Apache-licensed dependencies that do supply a > NOTICE file. > > Kind Regards, > Justin > > > On 5 Apr 2024, at 12:58 pm, Justin Mclean <jus...@classsoftware.com> > wrote: > > > > HI, > > > >> The ASF recommendation also clearly states: "Under normal > circumstances, there is no need to modify NOTICE to mention a bundled > dependency." > > > > If you read that document carefully, it states this: > > - Under normal circumstances, there is no need to modify NOTICE to > mention a bundled dependency. > > - If the dependency supplies a NOTICE file, its contents must be > analyzed and the relevant portions bubbled up into the top-level NOTICE > file. > > > > These two things are not at odds with each other. In this case, you have > included ALv2 source code that contains a NOTICE file, so its content needs > to be added to your notice file. The normal circumstances mentioned above > apply if you are bundling something under MIT or a BSD license or if the > bundled Apache-licensed software that doesn’t have a NOTICE file. > > > > Kind Regards, > > Justin > > >
