GPL v3 Project, MIT (ExPat) file/directory.
myproject ├── LICENSE (GPL v3) ├── ... ├── gpl_licensed_file ├── mit_licensed_directory │ └── mit_file1 └── mit_licensed_file So If I were looking at this project, I would have on way to know that mit_licensed_directory and mit_licensed_file were not under the primary License declared in LICENSE.
There are no hard-and-fast rules on how to show this information. The bottom line is to make sure recipients can easily figure out which files are under which license. You also need to preserve copyright notices, where required. This is a common requirement of many licenses, but most licenses do not dictate where those notices are kept, only that, again, recipients can easily figure out which files correspond to those copyright notices.
So I'd like to refer to best practices instead. There's a good article provided by the SFLC which covers this, Managing copyright information within a free software project:
Best practices for maintaining license information
License information can also be maintained in individual files, in a central location, or in some combination of both. Most projects use a hybrid approach, placing the primary license in a top-level COPYING or LICENSE file, and also including some license information in each file’s header.
So the two approaches are (and most projects use both):
Copyright 20XX Jane Hacker under Foobar License at the top of files)COPYING or LICENSE fileThese are all best practices, not requirements. For example, you do not have to have a top-level COPYING/LICENSE file, the same information could be in the readme. Note that some licenses require that you provide the full text of the license, but again that doesn't have to be named COPYING or LICENSE.
The article does recommend the central location approach though, as it makes it easy to know the full licensing information at one place:
In many situations, a semi-centralized approach will work best. Consider a GPL-licensed project whose codebase contains a number of permissively-licensed libraries with custom modifications. While the license of the resulting program will be GPL, because of GPL’s copyleft provision, the source for the libraries can be maintained under their individual licenses. In this scenario, it makes sense to keep license information for the individual libraries at the top level of the directories they’re kept in, as well as in the license information for the entire project.
That is:
So your example project might look like this:
myproject ├── LICENSE ├── GPLv3.LICENSE ├── ... ├── gpl_licensed_file ├── mit_licensed_directory │ ├── LICENSE (MIT) │ └── mit_file1 └── mit_licensed_file Where the top-level LICENSE file contains something like:
myproject is licensed under GPLv3, except for
mit_licensed_directoryandmit_licensed_file
REUSE provides a standardized way for declaring the license of each file. To use REUSE in your hypothetical project, here’s what you would do:
LICENSES.LICENSE file into the LICENSES folder. Name it GPL-3.0-only.txt. The name should be an SPDX license identifier.LICENSES folder. Name it MIT.txt (See here for caveats).SPDX-FileCopyrightText: [year] [copyright holder] <[email address]> SPDX-License-Identifier: GPL-3.0-only SPDX-FileCopyrightText: [year] [copyright holder] <[email address]> SPDX-License-Identifier: MIT 
copying.md file in the source code that says “This repo complies with this specific version of the REUSE Specification.” I also include the output of reuse spdx with binary releases to make sure that all required legal notices are present. AFAIK, the REUSE project doesn’t recommend doing either of those things. They’re just things that I do. I’ve never heard of a legal requirement that licensing be easily discerned, but you may want to point that issue out to the REUSE project here: github.com/fsfe/reuse-website/issues