Skip to content

Create NOTICE.txt for licensing details #34

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
rajapandi1234 wants to merge 3 commits into
base: release-0.10.x
Choose a base branch
from
Open

Create NOTICE.txt for licensing details #34

rajapandi1234 wants to merge 3 commits into from

Conversation

@rajapandi1234
Copy link

@rajapandi1234 rajapandi1234 commented Dec 1, 2025

Add NOTICE file with copyright and licensing information for third-party components.

@rajapandi1234
Create NOTICE.txt for licensing details
d0f0b75 
Add NOTICE file with copyright and licensing information for third-party components.

Signed-off-by: rajapandi1234 <138785181+rajapandi1234@users.noreply.github.com>
@coderabbitai
Copy link

coderabbitai bot commented Dec 1, 2025

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

🗂️ Base branches to auto review (1)
  • develop

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@rajapandi1234
Rename NOTICES.txt to NOTICE
99c365f 
Signed-off-by: rajapandi1234 <138785181+rajapandi1234@users.noreply.github.com>
@Mahesh-Binayak
Copy link

Mahesh-Binayak commented Dec 12, 2025

@CodeRabbit is this list complete and accurate ?

@coderabbitai
Copy link

coderabbitai bot commented Dec 12, 2025

Tip

For best results, initiate chat on the files or code changes.

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash

# First, let's see what files are in the repository
echo "=== Repository structure ==="
ls -la

# Find and read the NOTICE.txt file
echo -e "\n=== NOTICE.txt contents ==="
if [ -f "NOTICE.txt" ]; then
    cat NOTICE.txt
else
    echo "NOTICE.txt not found in root"
    fd -t f "NOTICE" --exec cat {}
fi

# Look for dependency files
echo -e "\n=== Checking for dependency files ==="
fd -t f "pom.xml|build.gradle|package.json|requirements.txt|go.mod|Cargo.toml" --max-depth 2 --exec echo "Found: {}"

Length of output: 1896

🏁 Script executed:

#!/bin/bash

# Check for Maven dependencies (pom.xml)
echo "=== Maven dependencies (pom.xml) ==="
if [ -f "pom.xml" ]; then
    cat pom.xml
fi

# Check for Gradle dependencies
echo -e "\n=== Gradle dependencies ==="
fd -t f "build.gradle" --max-depth 2 --exec cat {}

Length of output: 65

🏁 Script executed:

#!/bin/bash

# Look at the PR diff to see what was added
echo "=== Recent commits ==="
git log --oneline -5

echo -e "\n=== Files changed in latest commit ==="
git diff --name-only HEAD~1 HEAD

echo -e "\n=== Changes to NOTICE.txt ==="
git diff HEAD~1 HEAD -- NOTICE.txt

Length of output: 394

🏁 Script executed:

#!/bin/bash

# Read the actual pom.xml files to check dependencies
echo "=== imagedecoder/pom.xml ==="
cat imagedecoder/pom.xml

echo -e "\n=== sample/pom.xml ==="
cat sample/pom.xml

Length of output: 17080

🏁 Script executed:

#!/bin/bash

# Look for any parent pom.xml or other configuration files
echo "=== Checking for parent pom or other build files ==="
fd -t f "pom.xml" --exec echo "Found: {}"

# Check if there's a parent pom
if [ -f "pom.xml" ]; then
    echo -e "\n=== Root pom.xml ==="
    cat pom.xml
fi

# Look for any LICENSE files
echo -e "\n=== LICENSE files ==="
fd -t f "LICENSE" --exec echo "Found: {}" \; --exec head -20 {}

Length of output: 129

🏁 Script executed:

#!/bin/bash

# Check the full content of NOTICE file to ensure we have everything
echo "=== Full NOTICE file with line count ==="
wc -l NOTICE
cat -A NOTICE | tail -20

# Look for any transitive dependencies that might be brought in
echo -e "\n=== Checking for any other documentation files ==="
fd -t f "LICENSE|COPYING|ATTRIBUTION|THIRD" -i

# Check the git diff to see what was actually added in the PR
echo -e "\n=== Full git diff for NOTICE file creation ==="
git log --all --oneline --decorate | head -10
git show d0f0b75:NOTICE 2>/dev/null || echo "Could not find original commit"

Length of output: 1556

🏁 Script executed:

#!/bin/bash

# Let's check what plugins are actually being used and their licenses
echo "=== Extracting all plugin references from pom.xml files ==="
echo "Build Plugins from imagedecoder/pom.xml:"
grep -A 2 '<artifactId>.*-plugin</artifactId>' imagedecoder/pom.xml | grep -E '<artifactId>|<version>' | paste - - | sed 's/<artifactId>//' | sed 's/<\/artifactId>//' | sed 's/<version>//' | sed 's/<\/version>//'

echo -e "\nBuild Plugins from sample/pom.xml:"
grep -A 2 '<artifactId>.*-plugin</artifactId>' sample/pom.xml | grep -E '<artifactId>|<version>' | paste - - | sed 's/<artifactId>//' | sed 's/<\/artifactId>//' | sed 's/<version>//' | sed 's/<\/version>//'

# Extract runtime dependencies
echo -e "\n=== Runtime dependencies from imagedecoder/pom.xml ==="
sed -n '/<dependencies>/,/<\/dependencies>/p' imagedecoder/pom.xml | grep -E '<groupId>|<artifactId>|<version>' | grep -v 'plugin'

Length of output: 1158

@Mahesh-Binayak: No, the list is not complete and appears to be cut off. I found several issues:

Missing Components

Build Plugins (Apache License 2.0)

The following Maven plugins used in the project are not listed:

  • maven-deploy-plugin (3.1.1)
  • central-publishing-maven-plugin (0.7.0)
  • jacoco-maven-plugin (0.8.11)
  • maven-resources-plugin (3.0.2) - used in sample/pom.xml
  • sonar-maven-plugin (3.7.0.1746) - used in sonar profile

Dependencies

  • SLF4J components (MIT License): jul-to-slf4j and jcl-over-slf4j - These are mentioned in the Notes section but it appears incomplete
  • JUnit Vintage Engine (EPL 2.0) - test dependency, may need to be listed if including test dependencies

Issues with Current Content

  1. Incomplete Notes section: The file ends abruptly with "Components licensed under MPL-2.0 (MOSIP Kernel BOM, Core, Logger, Biometrics, ImageDecoder), MIT (SLF4J" - this sentence is not complete and lacks proper closure.

  2. Missing version numbers: Jackson Core and Jackson Databind don't have version numbers specified (they're managed by kernel-bom).

  3. MOSIP Kernel components: While mentioned in the notes, the specific versions and complete list aren't provided:

    • kernel-bom (1.3.0-SNAPSHOT)
    • kernel-core (1.3.0-SNAPSHOT)
    • kernel-logger-logback (1.3.0-SNAPSHOT)

Recommendation

The NOTICE file needs to be completed with:

  1. All missing build plugins
  2. Complete the Notes section with proper attribution for SLF4J and MOSIP Kernel components
  3. Add version numbers where missing
  4. Clarify whether test-scoped dependencies (like JUnit) need to be included

Would you like me to help draft a complete and corrected version of the NOTICE file?

@rajapandi1234
Update NOTICE
8bc7d5e 
Signed-off-by: rajapandi1234 <138785181+rajapandi1234@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@Mahesh-Binayak Mahesh-Binayak Mahesh-Binayak approved these changes

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rajapandi1234 @Mahesh-Binayak