Skip to content

Ship the vendored Waymo Apache-2.0 license in the wheel/sdist (Apache §4a)#16

Merged
stepankonev merged 1 commit into
mainfrom
stepankonev/apache-license-packaging
Jun 2, 2026
Merged

Ship the vendored Waymo Apache-2.0 license in the wheel/sdist (Apache §4a)#16
stepankonev merged 1 commit into
mainfrom
stepankonev/apache-license-packaging

Conversation

@stepankonev

@stepankonev stepankonev commented Jun 2, 2026

Copy link
Copy Markdown
Owner

Problem

The built wheel/sdist redistributes the vendored Waymo Open Dataset sources under standard_e2e/third_party/waymo_open_dataset/ but omits a copy of the Apache License 2.0. Apache-2.0 §4(a) requires giving recipients a copy of the License when redistributing the code, so the published artifact is non-compliant — even though the source tree itself is fine (vendored code isolated under third_party/, full Apache text present, original per-file copyright headers retained).

The cause is plain setuptools packaging: packages.find ships only .py files, and there was no MANIFEST.in / license-files / package-data directive, so the LICENSE (no extension) and THIRD_PARTY_NOTICES.txt were dropped from the build. (Waymo upstream ships no NOTICE file, so Apache §4(c) does not apply.)

Fix

  • Bundle the project license, the third-party notice, and the vendored Apache 2.0 text into the wheel/sdist via PEP 639 [project] license-files.
  • Also install the Apache text beside the vendored sources via [tool.setuptools.package-data], so it survives in site-packages next to the code it governs.
  • Modernize the license metadata to an SPDX expression (license = "MIT") and drop the now-deprecated MIT trove classifier; raise the setuptools floor to >=77. Together these keep the build warning-free under PEP 639.
  • Add an Apache attribution header to waymo_lidar_numpy.py, the numpy re-derivation of the upstream Waymo decode algorithm.

Verification

Rebuilt wheel and sdist both contain all three license texts; the wheel METADATA carries License-Expression: MIT plus three License-File: entries, and the build is warning-free.

Note

PyPI releases are immutable, so the already-published 0.0.3 retains the gap — this correction takes effect on the next version bump.

@stepankonev
Ship the vendored Waymo Apache-2.0 license in the wheel/sdist
b3abab6 
The built wheel/sdist redistributed the vendored Waymo Open Dataset
sources (standard_e2e/third_party/waymo_open_dataset/*.py) but did not
include a copy of the Apache License 2.0. Apache-2.0 §4(a) requires
giving recipients a copy of the License when redistributing the code, so
the published artifact was non-compliant even though the source tree
(isolated third_party/ dir, full Apache text, retained file headers) was
fine.

Bundle the project license, the third-party notice, and the vendored
Apache 2.0 text into the distribution via PEP 639 [project] license-files,
and also install the Apache text beside the vendored sources via
package-data so it survives in site-packages. Modernize the license
metadata to an SPDX expression and drop the now-deprecated trove
classifier, and raise the setuptools floor to >=77 so the build is
warning-free. Add an Apache attribution header to the derived numpy lidar
decode that re-implements the upstream Waymo decode algorithm.
@stepankonev stepankonev merged commit 148f358 into main Jun 2, 2026
2 checks passed
@stepankonev stepankonev deleted the stepankonev/apache-license-packaging branch June 2, 2026 18:58
@codecov

codecov Bot commented Jun 2, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

@stepankonev stepankonev mentioned this pull request Jun 2, 2026
Merged
stepankonev added a commit that referenced this pull request Jun 2, 2026
@stepankonev
Switch nuplan-devkit to PyPI 2.0.0 and bump version to 0.0.4 (#17)
a06371c 
nuplan-devkit was git-pinned to v1.2 (not published on PyPI), so the
released wheel could not be `pip install`-ed for NAVSIM: the
[tool.uv.sources] git override does not propagate into wheel metadata, and
a bare `nuplan-devkit` requirement resolved to the wrong PyPI version.

nuplan-devkit 2.0.0 is on PyPI and is a drop-in for the small map API we
use (get_maps_api, AbstractMap.get_proximal_map_objects, SemanticMapLayer,
Point2D). Verified end-to-end: a NAVSIM segment reprocessed on 2.0.0
produces byte-identical HD-map output across all 398 frames versus the
v1.2.0 git pin.

Pin nuplan-devkit>=2.0.0,<3, drop the [tool.uv.sources] git override, and
regenerate uv.lock so the dependency resolves from PyPI. With this,
`pip install standard-e2e` works for all six dataset families. Bump the
version to 0.0.4 to publish this together with the Apache-license
packaging fix (#16); the immutable 0.0.3 keeps its gaps.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@stepankonev