NOTICE files for Apache 2.0 works not included

[jwodder]

The Apache 2.0 license states in part:

If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear.

However, cargo-bundle-licenses makes no attempt to preserve NOTICE files. As a demonstration, create a new Cargo project and add bat = "=0.23.0" as a dependency; then the file produced by cargo bundle-licenses will include bat's MIT and Apache 2.0 licenses, but not its NOTICE file.

Also, when implementing NOTICE support, keep in mind that the Apache 2.0 license requires NOTICE texts to be redistributed in a file also named NOTICE (or in the source, docs, or a UI, but that's beyond the scope of cargo-bundle-licenses).

[sstadick]

Thanks for making this issue! I was not aware of that requirement by Apache licenses. I'll add this as a bug for now, as this is intended to be the one-stop shop for collecting licenses.