chore: several fixes on the LICENSE/NOTICE by jbonofre · Pull Request #15449 · apache/iceberg

jbonofre · 2026-02-26T09:01:07Z

Important fixes
- include BSD/MIT license content inline in all LICENSE files
- update copyright year to 2026
- select a single license (when dual) in all LICENSE files
- remove dependency versions to relax the updates (dependabot)
Minor fixes
- Use the "This product bundles"/"This product includes code" wording everywhere
- Use the same AL v2 license wording everywhere

* Important fixes ** include BSD/MIT license content inline in all LICENSE files ** update copyright year to 2026 ** select a single license (when dual) in all LICENSE files ** remove dependency versions to relax the updates (dependabot) * Minor fixes ** Use the "This product bundles"/"This product includes code" wording everywhere ** Use the same AL v2 license wording everywhere

jbonofre · 2026-02-26T09:01:28Z

I'm also doing a full pass on the dependencies use.

…LICENSE file.

…bundles

jbonofre · 2026-02-26T17:15:41Z

@manuzhang I saw several missing dependencies missing in LICENSEs (flink-runtime, ...).

I'm doing a full pass.

It seems the GCP (BigQuery, ...) support added several dependencies but the LICENSE files have not been updated.

manuzhang · 2026-02-27T01:57:33Z

Is there a tool that can check whether license info of dependencies is missing?

jbonofre · 2026-02-27T05:53:21Z

@manuzhang I have scripts (using jar tvf/find to find what's bundled, etc). For this PR, I'm doing also manual checks/updated

- Reactive Streams: correct license label from MIT to MIT-0 (MIT No Attribution is a distinct SPDX identifier) - Findbugs jsr305: correct license from Apache 2.0 to BSD 3-Clause with inline text (per the project's own LICENSE file) - Google API Common/GAX/Auth Library: use BSD 3-Clause consistently in kafka-connect bundles to match gcp-bundle and actual repo LICENSE files - Jackson: update dead codehaus.org URL to github.com/FasterXML/jackson - Fix typos: "bt" -> "by", "prodduct" -> "product", "produt" -> "product" - Remove empty section artifact in azure-bundle LICENSE - Remove duplicate Animal Sniffer Annotations line in flink LICENSE files Made-with: Cursor

RussellSpitzer

Detailed review comments have been moved to the fix PR: jbonofre#1 (comment)

RussellSpitzer · 2026-03-02T19:45:24Z

Had Cursor go through and take a look for any discrepancies, they are in the PR above^

jbonofre · 2026-03-03T22:24:23Z

I just updated the PR to have all fixes there.

jbonofre · 2026-03-03T22:25:30Z

@RussellSpitzer @manuzhang I completed the full pass and fixes on all LICENSE and NOTICE.

manuzhang · 2026-03-04T01:51:54Z

-License (from POM): The Apache Software License, Version 2.0 - http://www.apache.org/licenses/LICENSE-2.0.txt
-
--------------------------------------------------------------------------------
+This product bundles Android Annotations.


This dependency looks strange to me.

In the kafka-connect runtime distribution (zip file), you can find lib/annotations-4.1.1.4.jar corresponding to this artifact: https://repo1.maven.org/maven2/com/google/android/annotations/4.1.1.4/
That's the reason why we have to "document" it in the LICENSE file.

RussellSpitzer · 2026-03-04T03:01:40Z

-Group: org.reactivestreams  Name: reactive-streams  Version: 1.0.4
 Project URL: http://reactive-streams.org
-License: CC0 - http://creativecommons.org/publicdomain/zero/1.0/
+License: MIT


Do we need this to be MIT-0 ?

This got flagged in azure-bundle, kafka-connect/main and kafka-connect/hive

According to https://github.com/reactive-streams/reactive-streams-jvm it's a MIT licenses, but https://github.com/reactive-streams/reactive-streams-io/blob/master/LICENSE is for reactive streams IO.

We are using reactive steams JVM according to the packaged artifacts/classes.

The problem is that line 245 states this is MIT-0 and not MIT

So either we have the copyright text wrong below or we have the SPDX wrong

RussellSpitzer · 2026-03-04T03:06:35Z

+
+This product bundles Google GAX.
+
+--------------------------------------------------------------------------------


This separator belongs on line 678 (Same issue in other spark bundles)

RussellSpitzer · 2026-03-04T03:14:13Z

Not sure if it matters but all the jackson links still point to codehaus which is a dead link now

jbonofre · 2026-03-04T12:27:33Z

@manuzhang @RussellSpitzer I addressed your comments. Thanks !

RussellSpitzer · 2026-03-12T20:05:51Z

Thanks @jbonofre ! Also thanks @manuzhang for reviewing

jbonofre changed the title ~~Several fixes on the LICENSE/NOTICE:~~ chore: several fixes on the LICENSE/NOTICE Feb 26, 2026

github-actions Bot added spark flink AWS GCP OPENAPI AZURE KAFKACONNECT labels Feb 26, 2026

jbonofre requested a review from manuzhang February 26, 2026 09:46

jbonofre added 3 commits February 26, 2026 11:57

Add missing Reactor AddOns and JCTools documentation in Azure bundle …

aae8cff

…LICENSE file.

Fix Apache Avro project URL

ba0dda3

Update flink-runtime v2.1 LICENSE/NOTICE with the missing dependency …

e9b5dd5

…bundles

manuzhang approved these changes Feb 26, 2026

View reviewed changes

jbonofre added 2 commits February 26, 2026 17:55

Fix Avro project URL in LICENSE

0122675

Sync LICENSE/NOTICE accross flink-runtime versions

d875c3e

Update the bundle LICENSE/NOTICE to update with new dependency set

9cb4d41

This was referenced Mar 2, 2026

Add Kafka Connect artifact publish to release process #15212

Open

Kafka Connect: Fix CVE-2025-67721 in io.airlift:aircompressor #15440

Merged

RussellSpitzer mentioned this pull request Mar 2, 2026

Fix license accuracy issues found during review jbonofre/iceberg#1

Open

RussellSpitzer reviewed Mar 2, 2026

View reviewed changes

jbonofre added 3 commits March 3, 2026 16:35

Fix LICENSE and NOTICE for spark runtimes

64ff3f3

Add Apache Parquet documentation in the aws-bundle LICENSE

9270e00

Clearnup on gcp-bundle LICENSE

e701aba

Fix kafka-connect-runtime LICENSE files

8b1c3b7

jbonofre mentioned this pull request Mar 3, 2026

Remove version of dependencies, and cleanup LICENSE/NOTICE to remove the version upgrades pain #14433

Closed