On 12 April 2018 at 22:43, Lionel Liu <lionel...@apache.org> wrote: > > 2. Only things that are actually bundled in the release should be mentioned > in LICENSE. [3][4] > > To my understanding, as a source release, all the dependencies are bundled > when it is built. > The dependencies are not bundled in the source code, so we don't need to > announce any dependencies' licenses in source release? >
The idea here is that the LICENSE file only needs to include licenses for anything that is included in that archive file. So for instance, if you have source files that are all developed at Apache and have dependencies that aren't included in the source zip, then you have the most simple distribution possible here. If you have source files that are licensed differently (e.g., copied code from an MIT licensed library), then things start to get complicated. As it is, your source license and notice should be relatively minimal right now since you're not bundling external dependencies in said source distribution. As for the JSON licensing issue, just take a look at the license. It says it can't be used for evil. While amusing, that's a terrible restriction to place on end users because it's extremely vague and violates the tenants of free software. -- Matt Sicker <boa...@gmail.com>
