druid/dev/license.md

5.7 KiB

License management

All Apache projects are required to provide the LICENSE and NOTICE files. This document explains how we manage the license of Druid and the libraries that Druid uses.

When we do a new release, we distribute 2 packages, i.e., source code package and binary package. Since the binary package includes not only Druid itself but also all the dependencies of Druid, its LICENSE and NOTICE files should cover those dependencies as well. As a result, the contents of those files are different and managed separately for source code and binary packages. Please read the sections below to understand how we manage the licenses and what to update when you want to add new dependencies.

Licenses for source code packages

The licenses for source code packages are maintained manually in the LICENSE file. The notices can be found in the NOTICE file` similarly.

Licenses for binary packages

The licenses for binary packages are maintained automatically. All licenses (for both source code and binary releases) should be registered in the licenses.yaml file. generate-binary-license.py and generate-binary-notice.py will generate the LICENSE and NOTICE files automatially based on the registry.

Adding licenses

When you adopt source codes from other projects into Druid

This requires you to update the license and notice for both source code and binary packages. First, you should add a new entry in the LICENSE for the dependency you are adding. For example, the CalciteCnfHelper class is adopted from Apache Calcite. This requires adding the following entries in the LICENSE file.

SOURCE/JAVA-CORE
    This product contains SQL query planning code adapted from Apache Calcite.
      * processing/src/main/java/org/apache/druid/segment/filter/cnf/CalciteCnfHelper.java

If the project provides its own notice, the contents of the notice should be included in the NOTICE file of Druid.

NOTE: Most projects don't provide notice. If you are not sure whether you need to add a notice, then you probably don't have to unless the dependency you are adding is an Apache project.

Going back to the example of Apache Calcite, since all Apache projects provide the NOTICE file, you should add the following in the NOTICE file.

############ SOURCE/JAVA-CORE ############

================= Apache Calcite 1.10.0 =================
Apache Calcite
Copyright 2012-2016 The Apache Software Foundation

This product is based on source code originally developed
by DynamoBI Corporation, LucidEra Inc., SQLstream Inc. and others
under the auspices of the Eigenbase Foundation
and released as the LucidDB project.

Second, you also need to add a new entry in the licenses.yaml file as below.

name: SQL query planning code adapted from Apache Calcite
license_category: source
module: java-core
license_name: Apache License version 2.0
source_paths:
  - processing/src/main/java/org/apache/druid/segment/filter/cnf/CalciteCnfHelper.java

When you add a new library dependency into Druid

This requires you to update the the licenses.yaml file. For example, to add aws-java-sdk-core as a new depdency, you need to add the following entry.

name: AWS SDK for Java
license_category: binary
module: java-core
license_name: Apache License version 2.0
version: 1.11.199
libraries:
  - com.amazonaws: aws-java-sdk-core
notice: |
  AWS SDK for Java
  Copyright 2010-2014 Amazon.com, Inc. or its affiliates. All Rights Reserved.

  This product includes software developed by
  Amazon Technologies, Inc (http://www.amazon.com/).

  **********************
  THIRD PARTY COMPONENTS
  **********************
  This software includes third party software subject to the following copyrights:
  - XML parsing and utility functions from JetS3t - Copyright 2006-2009 James Murty.
  - PKCS#1 PEM encoded private key parsing and utility functions from oauth.googlecode.com - Copyright 1998-2010 AOL Inc.

  The licenses for these third party components are included in LICENSE.txt  

Updating licenses

When you update the version of existing dependencies, you need to update the version not only in the pom.xml file but also in the licenses.yaml file.