- Assembling LICENSE and NOTICE
- Bundling Permissively-Licensed Dependencies
- Modifications to NOTICE
- Bundled vs. Non-bundled Dependencies
- Dependencies of Dependencies
- Binary Distributions
Assembling LICENSE and NOTICE
This document is a "how to" guide aimed at Apache Committers assembling
NOTICE files for an Apache product.
Overview of the
LICENSE file communicates the licensing of all content in an Apache
product distribution. It always contains the text of the Apache License, and
The complete requirements for
NOTICE are described
Location Within the Source Tree
The Simple Case -- No Bundled Dependencies
For a source tree which consists entirely of code licensed to the ASF by the
copyright holders and which has no bundled dependencies,
contain the text of the ALv2 --
no more, no less.
NOTICE should contain only the following
text, adapted with the
product's name and copyright dates:
Apache [PRODUCT_NAME] Copyright [XXXX-20XX] The Apache Software Foundation This product includes software developed at The Apache Software Foundation (http://www.apache.org/).
NOTICE files from scratch for products with more
complex requirements, follow these steps:
Start with boilerplate
NOTICEfiles, as above.
Add any mandatory legal notifications specific to the IP of your product to
For any dependency whose bits are bundled, consider whether
NOTICEneed to be modified. (DO NOT modify
NOTICEfor dependencies whose bits are not bundled.)
Bundling Permissively-Licensed Dependencies
Bundling a dependency which is issued under one of the following licenses is straightforward, assuming that said license applies uniformly to all files within the dependency:
- BSD (without advertising clause)
LICENSE, add a pointer to the dependency's
location within the source tree and a short note summarizing its licensing:
This product bundles SuperWidget 1.2.3, which is available under a "3-clause BSD" license. For details, see deps/superwidget/.
Under normal circumstances, there is no need to modify
Bundling an Apache-2.0-licensed Dependency
Assuming once again that that the dependency subtree contains no bundled
subcomponents under other licenses and thus the ALv2 applies uniformly to all
files, there is no need to modify
If the dependency supplies a
NOTICE file, its contents must be analyzed and
the relevant portions bubbled up into the top-level
Bundling Other ASF Products
It is not necessary to duplicate the line "This product includes software
developed at the Apache Software Foundation...", though the ASF copyright line
and any other portions of
NOTICE must be considered for propagation.
Modifications to NOTICE
NOTICE is reserved for a certain subset of legally required notifications
which are not satisfied by either the text of
LICENSE or the presence of
licensing information embedded within the dependency subtree. Aside from
Apache-licensed dependencies which supply
NOTICE files of their own, it is
uncommon for a dependency to require additions to
Copyright notifications which have been
relocated from source
files (rather than removed) must be preserved in
NOTICE. However, elements
such as the copyright notifications embedded within BSD and MIT licenses
not be duplicated in
NOTICE -- it suffices to leave those notices in their original locations.
It is important to keep
NOTICE as brief and simple as possible, as each
addition places a burden on downstream consumers. Do not add anything to
NOTICE which is not legally required.
Bundled vs. Non-bundled Dependencies
NOTICE must always be tailored to the content of the specific
distribution they reside within. Dependencies which are not included in the
distribution MUST NOT be added to
NOTICE. As far as
NOTICE are concerned, only bundled bits matter.
Example: If the only difference between
apache-foo-1.1.tgz is that one bundles SuperWidget while the other forces
users to download SuperWidget separately, then
NOTICE may very
well need to be modified to account for the different bundled bits.
Dependencies of Dependencies
Dependencies of dependencies (including so-called "transitive dependencies")
are no different from first-order dependencies for the purposes of assembling
NOTICE need only be modified to
accommodate them if and only if their bits are bundled.
What applies to canonical source distributions also applies to all redistributions, including binary redistributions:
Any redistribution must obey the licensing requirements of the contents.
The best way to do that will likely depend on the binary packaging form.
When assembling binary distributions, it is common to pull in and bundle
additional dependencies which are not bundled with the source distribution.
These additional dependencies must be accounted for in
As a result, the
NOTICE files for a binary distribution may
well differ from those in the source distribution it was built from.
In any case, the principle remains the same:
exactly represent the contents of the distribution they reside in.