json-schema-validator icon indicating copy to clipboard operation
json-schema-validator copied to clipboard

Published 20 hours ago verified publisher icon networknt

Missing attribution to Apache Foundation (needed because of vendored commons-lang3 code)

Open tazle opened this issue 3 years ago • 2 comments

Hi,

You seem to have vendored some commons-lang3 code under https://github.com/networknt/json-schema-validator/tree/master/src/main/java/com/networknt/schema/format, presumably for a good reason.

The code is licensed under Apache-2.0 license, so to distribute it, or its derivative works, you should comply with section 4 d of the license, and include its NOTICe file in your NOTICE file.

You seem to have done something like it (the licensing comment from these files is included), but the actual commons-lang3 NOTICE file (https://gitbox.apache.org/repos/asf?p=commons-lang.git;a=blob_plain;f=NOTICE.txt;hb=HEAD) is not.

Please include it.

tazle avatar Apr 07 '22 09:04 tazle

@tazle Could you please guide us on where to put the following header? I am guessing it is the NOTICE file in the root folder. We have this section in the file now.

-----------------
Commons-lang3
-----------------

Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements.  See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License.  You may obtain a copy of the License at

     http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

Should we can the above section to the below? Thanks a lot for your help.

Apache Commons Lang
Copyright 2001-2022 The Apache Software Foundation

This product includes software developed at
The Apache Software Foundation (https://www.apache.org/).

stevehu avatar Apr 12 '22 01:04 stevehu

My understanding is that you should include their NOTICE in your NOTICE verbatim. The commons-lang3 text you now have in your NOTICE file is in the listing of Maven dependencies (which I suppose don't actually need to be listed in NOTICE, you aren't actually distributing them). If you still wish to include their copyright notices, I would expect the NOTICE of vendored dependency to be in a separate section in your NOTICe file.

tazle avatar Apr 12 '22 18:04 tazle