This page provides guidance on accounting for third party works in LICENSE and NOTICE files.

Every source file should include the standard ASF license header [1].  Exceptions can be made for "non-creative” works or test files that must have an exact form.  These exclusions should be added to gradle/rat.gradle after community review.  

Source files containing third-party works should follow the rules in [2].

The primary format of a Geode release is the source distribution (this is true of all Apache projects).  Geode also provides a binary convenience distribution as well as Maven artifacts.  Each of these distributions must observe the rules described below for “bundled” software dependencies.  The rules dictate the content of the LICENSE and NOTICE files for each distribution type.

The source distribution is created in geode-assembly/build/distributions/apache-geode-src-${version}.*.  The contents of the source distribution closely reflect the files in source control with a few minor exclusions.  Code that has been copied either in part or in whole from other projects is considered bundled in the source distribution.  The LICENSE and NOTICE files for the source distribution can be found in the project root folder.

The binary distribution is created in geode-assembly/build/distributions/apache-geode-${version}.* .  The binary distribution contains the only the runtime artifacts as created by the build.  Dependencies that have copied into the distribution (such as jar files) should be considered bundled, in addition to the bundled dependencies of the source archive.  Some artifacts such as war files have embedded dependencies that must be considered as well.  The LICENSE and NOTICE files for the binary distribution can be found in geode-assembly/src/main/dist.

Each subproject of Geode generates at least one Maven artifact that is uploaded and available for download on Maven Central.  These artifacts follow a similar pattern to the binary distribution except that the bundled software is typically restricted to the individual subproject (unless the artifact is a WAR file with embedded jars).  The LICENSE and NOTICE files for Maven artifacts can be found in ${subproject}/src/main/resources/META-INF .

If the bundled dependency is present in the source distribution, the license must be a Category A license [3].

If the bundled dependency is present in a binary distribution, the license must be a Category A [3] or Category B license [4].  

Excepting ASLv2 dependencies, all dependencies should be listed in LICENSE.  Each entry should provide the homepage link as well as the license text.

For ASF project dependencies [6]:

     Include the copyright line and other portions of the NOTICE as needed

For ASLv2 dependencies [7]:

     If the dependency contains a NOTICE file, the contents should be reviewed and included as needed

For MIT, BSD, CC-A, OFL dependencies [8]:

     These do not require entries in NOTICE

For BSD with advertising clause:

     Incude the advertising clause in NOTICE

For Category B [4] dependencies:

     Include an entry in NOTICE, grouped by license type

     Provide a link to the homepage

[1] http://apache.org/legal/src-headers.html#headers

[4] http://www.apache.org/legal/resolved.html#category-b

[5] http://www.apache.org/legal/src-headers.html#notice

[6] http://www.apache.org/dev/licensing-howto.html#bundle-asf-product

[7] http://www.apache.org/dev/licensing-howto.html#alv2-dep

[8] http://www.apache.org/dev/licensing-howto.html#permissive-deps