Add relevant NOTICE portions from ALv2 bundled dependencies #12095
Conversation
aws-bundle/NOTICE
Outdated
| Copyright 2017-2025 The Apache Software Foundation | ||
|
|
||
| This product includes software developed at | ||
| The Apache Software Foundation (http://www.apache.org/). | ||
|
|
||
| -------------------------------------------------------------------------------- | ||
|
|
||
| NOTICE for Group: commons-codec Name: commons-codec Version: 1.17.1 | ||
| Apache HttpComponents Client |
There was a problem hiding this comment.
Shouldn't we copy in the whole NOTICE then? https://github.com/apache/httpcomponents-client/blob/master/NOTICE.txt
There was a problem hiding this comment.
We should copy "relevant" section of the NOTICE. If you go to the NOTICE in the correct version (https://github.com/apache/httpcomponents-client/blob/rel/v4.5.13/NOTICE.txt) bundled (according to :dependencies), it's good there.
There was a problem hiding this comment.
Thanks @jbonofre , I had to go through https://infra.apache.org/licensing-howto.htm a few times but these changes seem right to me now. I'll wait for @rdblue @Fokko input , especially since we need to make sure this is correct for the release.
jbonofre
force-pushed
the
notice-fix
branch
3 times, most recently
from
fc5395d to
b88d315
Compare
|
@amogh-jahagirdar @rdblue @Fokko I fixed the versions in the bundle jar files. I added fixed on flink-runtime. I'm checking/updating LICENSE/NOTICE in spark-runtime now. |
| This binary artifact includes Apache Parquet 1.15.0 with the following in its NOTICE file: | ||
|
|
There was a problem hiding this comment.
Do we need to do the same update for the older Flink versions?
There was a problem hiding this comment.
I propose to do a pass on latest versions (for Flink and Spark), and if we are all good with the changes, I will check deps versions in previous Flink/Spark versions.
Does it work for you ?
There was a problem hiding this comment.
Sure! I just wanted to make sure we didn't forget
|
FYI, I checked/fixed/updates spark-runtime |
| | | ||
| | C JSON parsing provided by Jansson and | ||
| | written by Petri Lehtinen. The original software is | ||
| |available from http://www.digip.org/jansson/. |
There was a problem hiding this comment.
nit space before available
| This binary artifact includes Apache Parquet 1.15.0 with the following in its NOTICE file: | ||
|
|
There was a problem hiding this comment.
Sure! I just wanted to make sure we didn't forget
| || Copyright 2013 Cloudera Inc. | ||
| || | ||
| || Licensed under the Apache License, Version 2.0 (the "License"); | ||
| || you may not use this file except in compliance with the License. | ||
| || You may obtain a copy of the License at | ||
| || | ||
| || http://www.apache.org/licenses/LICENSE-2.0 | ||
| || | ||
| || Unless required by applicable law or agreed to in writing, software | ||
| || distributed under the License is distributed on an "AS IS" BASIS, | ||
| || WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| || See the License for the specific language governing permissions and | ||
| || limitations under the License. |
There was a problem hiding this comment.
I think the formatting is a bit off with the double |
| | | ||
| || Copyright 2016 Netflix, Inc. | ||
| || | ||
| || Licensed under the Apache License, Version 2.0 (the "License"); |
|
|
||
| This binary artifact contains Caffeine by Ben Manes. | ||
|
|
||
| Group: com.github.ben-names.caffeine Name: caffeine Version: 3.0.5 |
There was a problem hiding this comment.
I'm seeing 2.9.3 in the runtimeClasspath for this dependency?
| Group: com.google.flatbuffers Name: flatbuffers-java Version: 23.5.26 | ||
| Copyright: 2013-2020 Google Inc. | ||
| Home page: https://google.github.io/flatbuffers/ |
There was a problem hiding this comment.
Is this actually bundled in the release? I know our LICENSE mentioned it prior to this change but it looks like this is part of the test runtime.
There was a problem hiding this comment.
Yes it's in the jar (I checked the deps in the jar directly).
Bundle jar files actually bundle a few ALv2 dependencies. These dependencies are correctly listed in the
LICENSEfile, but theNOTICEfile don't contain relevant portions when the dependency provides aNOTICE.I think it would be great to have both copyright and modified code from the dependencies in the
NOTICE.@Fokko @rdblue thoughts ?