license folder

[rajapandi1234]

Summary by CodeRabbit

• Chores
  • Added license texts for Apache 2.0, BSD 3‑Clause, JSON, MIT, MPL 2.0, and PostgreSQL.
  • Added a NOTICE document enumerating third‑party components and their licenses, organized by license family and calling out notable caveats and references to full license texts.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Added seven license and compliance documents under licenses/: Apache-2.0, BSD-3-Clause, MIT, MPL-2.0, JSON, PostgreSQL license texts, plus a comprehensive NOTICE file listing third-party components and their licenses. No code or public API changes.

Changes

Cohort / File(s)	Summary
License Texts licenses/Apache-2.0.txt, licenses/BSD-3-Clause.txt, licenses/JSON.txt, licenses/MIT.txt, licenses/MPL-2.0.txt, licenses/POSTGRESQL.txt	Added full text versions of six open-source licenses (permission grants, conditions, disclaimers, attribution/notice guidance).
Compliance / Notices licenses/NOTICE	Added a comprehensive NOTICE enumerating third‑party components, their copyright years, organizations, and applicable license references; notes and caveats for specific components included.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐇 I hopped through folders, found each line,

Apache, MIT, BSD all in a fine design.
A NOTICE to list every borrowed part,
Licenses settled — a tidy heart. 🥕📜

Pre-merge checks

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title 'license folder' is vague and generic, describing only the directory name rather than the specific changes or purpose of adding multiple license files.	Use a more descriptive title such as 'Add license files for third-party dependencies' or 'Add Apache, MIT, BSD, and other license texts' to better convey the intent of the changeset.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

---

📜 Recent review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9545220 and ead3b0c.

📒 Files selected for processing (1)

• licenses/BSD-3-Clause.txt

🚧 Files skipped from review as they are similar to previous changes (1)

• licenses/BSD-3-Clause.txt

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: build-maven-apitest-auth / maven-build
• GitHub Check: build-maven-authentication / maven-build

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 4

Fix all issues with AI Agents 🤖

In @licenses/BSD-3-Clause.txt:
- Around line 1-9: The BSD-3-Clause text is missing the required copyright
header and the 3rd condition; add a top line "Copyright <YEAR> <COPYRIGHT
HOLDER>" (replace placeholders) and insert the third clause exactly as in the
OSI text: "3. Neither the name of the <COPYRIGHT HOLDER> nor the names of its
contributors may be used to endorse or promote products derived from this
software without specific prior written permission." Ensure these additions are
placed before the disclaimer and that numbering matches the existing conditions
1 and 2.

In @licenses/JSON.txt‎:
- Around line 1-11: The JSON license's "Good, not Evil" clause must be
explicitly flagged as non-free: update THIRD-PARTY-NOTICES to mark the JSON
License (JSON.txt) as non-free/FSF- and Debian-incompatible and add a clear note
that it is GPL-incompatible; verify the dependency org.json is still required
(check build files and code references to org.json) and evaluate replacement
libraries such as Jackson or Gson (Apache-2.0) as alternatives; obtain explicit
approval from legal/compliance for continued use of org.json if not replaced;
and document in THIRD-PARTY-NOTICES that this license imposes moral-use
restrictions and the associated compliance risk.

In @licenses/NOTICE‎:
- Around line 200-201: Update the filename referenced in the NOTICE content:
replace "THIRD-PARTY-NOTICES.txt" with "THIRD-PARTY-NOTICES" so the sentence
reads "Additional license information and project homepages are listed in the
THIRD-PARTY-NOTICES file."; edit the NOTICE entry that currently contains that
line to remove the ".txt" extension from the referenced filename.
- Around line 127-129: Update the PostgreSQL JDBC Driver entry in the NOTICE
file: change the license line in the existing block that currently reads
"Licensed under the BSD 2-Clause License" to "Licensed under the PostgreSQL
License" so it matches the provided POSTGRESQL.txt; locate the block containing
"PostgreSQL JDBC Driver" and the copyright line "Copyright © 1997-2025
PostgreSQL Global Development Group" and replace only the license phrase.

🧹 Nitpick comments (3)

licenses/MIT.txt‎ (1)

3-3: Move project-specific copyright attribution out of license template.

Standard practice is to include license texts unmodified and add copyright statements to project files separately. The "Project Lombok Authors" copyright belongs in your NOTICE file or an AUTHORS/CONTRIBUTORS document, not in the license text itself.

If this MIT license is for a specific project dependency (Project Lombok), verify the NOTICE document properly attributes it. If meant as a general MIT template for compliance documentation, use the standard unmodified MIT text without project-specific copyright information.

licenses/NOTICE‎ (2)

143-148: Well-documented compliance risk.

Excellent practice flagging the JSON.org license's non-OSI "Good, not Evil" clause. This is a known concern for enterprise and government deployments. The recommendation to upgrade to version 20220924+ (Public Domain) or migrate to Jackson/Gson is actionable advice.

Consider creating a follow-up issue to track this migration if the project intends to address it.

Would you like me to open an issue to track the migration from org.json:json version 20180130 to a Public Domain version or alternative library?

---

190-198: Consider consistency in local license file coverage.

The PR adds local license text files for Apache 2.0, BSD 3-Clause, JSON, MIT, MPL 2.0, and PostgreSQL licenses. However, the NOTICE also references EPL 1.0, EPL 2.0, BSD 2-Clause, and LGPL 3.0 (via URLs only).

This selective approach may be intentional, but for consistency and offline reference, consider adding local copies of all referenced licenses, or document why only certain licenses have local text files.

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between baa6cea and 9545220.

📒 Files selected for processing (7)

• licenses/Apache-2.0.txt
• licenses/BSD-3-Clause.txt
• licenses/JSON.txt‎
• licenses/MIT.txt‎
• licenses/MPL-2.0.txt
• licenses/NOTICE‎
• licenses/POSTGRESQL.txt‎

🧰 Additional context used

🪛 LanguageTool

licenses/Apache-2.0.txt

[style] ~161-~161: ‘any and all’ might be wordy. Consider a shorter alternative.
Context: ...ge, computer failure or malfunction, or any and all other commercial damages or losse...

(EN_WORDINESS_PREMIUM_ANY_AND_ALL)

licenses/MPL-2.0.txt

[style] ~33-~33: ‘any and all’ might be wordy. Consider a shorter alternative.
Context: ...e of the initial grant or subsequently, any and all of the rights conveyed by this License....

(EN_WORDINESS_PREMIUM_ANY_AND_ALL)

---

[style] ~63-~63: ‘with respect to’ might be wordy. Consider a shorter alternative.
Context: ...ate The licenses granted in Section 2.1 with respect to any Contribution become effective for e...

(EN_WORDINESS_PREMIUM_WITH_RESPECT_TO)

---

[style] ~106-~106: As an alternative to the over-used intensifier ‘absolutely’, consider replacing this phrase.
Context: ...lf of any Contributor. You must make it absolutely clear that any such warranty, support, indemn...

(EN_WEAK_ADJECTIVE)

---

[style] ~109-~109: ‘with respect to’ might be wordy. Consider a shorter alternative.
Context: ...y with any of the terms of this License with respect to some or all of the Covered Software due...

(EN_WORDINESS_PREMIUM_WITH_RESPECT_TO)

---

[style] ~112-~112: ‘prior to’ might be wordy. Consider a shorter alternative.
Context: ...non-compliance by some reasonable means prior to 60 days after You have come back into c...

(EN_WORDINESS_PREMIUM_PRIOR_TO)

---

[style] ~112-~112: ‘prior to’ might be wordy. Consider a shorter alternative.
Context: ...h Contributor, and You become compliant prior to 30 days after Your receipt of the notic...

(EN_WORDINESS_PREMIUM_PRIOR_TO)

---

[style] ~114-~114: ‘any and all’ might be wordy. Consider a shorter alternative.
Context: ...tent, then the rights granted to You by any and all Contributors for the Covered Software u...

(EN_WORDINESS_PREMIUM_ANY_AND_ALL)

---

[grammar] ~116-~116: Use a hyphen to join words.
Context: ...under Sections 5.1 or 5.2 above, all end user license agreements (excluding distr...

(QB_NEW_EN_HYPHEN)

---

[style] ~116-~116: ‘prior to’ might be wordy. Consider a shorter alternative.
Context: ...or Your distributors under this License prior to termination shall survive termination. ...

(EN_WORDINESS_PREMIUM_PRIOR_TO)

---

[style] ~122-~122: ‘any and all’ might be wordy. Consider a shorter alternative.
Context: ...ge, computer failure or malfunction, or any and all other commercial damages or losses, eve...

(EN_WORDINESS_PREMIUM_ANY_AND_ALL)

---

[style] ~128-~128: This phrase is redundant. Consider using “subject” to avoid wordiness.
Context: ...s the complete agreement concerning the subject matter hereof. If any provision of this Licens...

(SUBJECT_MATTER)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: build-maven-authentication / maven-build
• GitHub Check: build-maven-apitest-auth / maven-build

🔇 Additional comments (6)

licenses/MPL-2.0.txt (1)

1-151: License file complete and accurate.

This is a faithful reproduction of the Mozilla Public License, Version 2.0, including all definitions (1.1–1.14), license grants and conditions (2.1–2.7), responsibilities (3.1–3.5), termination provisions (5.1–5.3), and both required exhibits (A and B). The file is properly formatted and ready for distribution.

licenses/POSTGRESQL.txt‎ (1)

1-10: License file complete and accurate.

This is a faithful reproduction of the PostgreSQL License with all essential elements: current copyright notice (1997–2025), permission grant, liability disclaimer, and warranty disclaimer. The file is properly formatted and ready for distribution.

licenses/Apache-2.0.txt (1)

1-200: License file complete and accurate.

This is a faithful reproduction of the Apache License 2.0, including all nine main sections (Definitions, Grant of Copyright License, Grant of Patent License, Redistribution, Submission of Contributions, Trademarks, Disclaimer of Warranty, Limitation of Liability, and Accepting Warranty or Additional Liability), plus the Appendix with boilerplate notice. The file is properly formatted with the correct URL reference and is ready for distribution.

licenses/NOTICE‎ (3)

1-10: LGTM!

The header clearly establishes the purpose of this NOTICE file and correctly states that all listed licenses require copyright attribution preservation.

---

65-71: Good practice: OpenCV license clarification.

The note clarifying that OpenCV 4.5.0+ uses Apache 2.0 is helpful for compliance tracking, as earlier versions used a BSD-style license.

---

154-162: LGTM!

MOSIP's own components are properly attributed under MPL 2.0 with correct copyright holder (IIIT-B).