I'm fully ok with what you said, but even after reading http://www.apache.org/dev/licensing-howto.html#mod-notice,
I still don't understand what I'm supposed to put in the "rich" NOTICE file. It seems that my understanding of legal english is inadequate ! :)
I don't know how to understand "Aside from Apache-licensed dependencies which supply NOTICE files of their own, it is uncommon for a dependency to require additions to NOTICE.". Does it mean that for Apache-licensed dependencies, NOTICE files has to be merged ?
In your ManifoldCF example, the "rich" NOTICE file is the same that the "light" one, and Apache-licensed dependencies are not listed in that particular file, but in the LICENSE file.
What I propose concretely to do:
- leave NOTICE.txt as is and include in both "src" and "deps" packages : it will be at the root of both packages
- leave LICENSE.txt as is in the "src" package
- create a legal/LICENSE.txt being the merge of all legal/*.license.txt based on the model of ManifoldCF. At build time, this file will be put at the root of the the "deps" package.
- remove all legal/*.license.txt
do you agree ?