Hi, > We have mentioned in NOTICE that under DEPENDENCIES file we keep track of all > the deps. While some of them might use e.g. BSD-3 -Clause or similar (like > passterm), we added these also to licenses directory. However, we only use > them as libraries (not binaries) in our source code - in such a case, do we > need anything else than the dependencies file (e.g. could we remove the > licenses directory)?
So, two things here: the license files need to state what is contained in the source release, external dependencies are mostly irrelevant, but if 3rd party code is in the source artifact, it needs to be mentioned in the license file. The notice file is generally for items not mentioned in the license file and is unrelated to licensing. See [1]. > By these 3rd party files do you have in mind the ones you listed from > ./foreign/java directory? Yes. >> - One unexpected binary file [1] > > Regarding the additional files in ./foreign/java, since we mostly use them to > build our Java SDK library, should they even be > part of the release artifact? And whether these are part of the release or > not, do we need to include either in LICENSE file or under ./licenses > directory the info about gradle-wrapper.jar being used (it's the only jar > file to be mentioned, correct)? A source release cannot contain compiled code; there should be no jars in it, but someone should be able to easily compile the source release. Yes, it’s the only jar file included. Kind Regards, Justin 1. https://infra.apache.org/licensing-howto.html
