License? #146
Comments
|
Hello @pombredanne ... thank you for letting us now. It's really weird that this repo didn't have any license associated with it. I suppose Apache 2.0 would fit into the picture well, please @msrb and @tisnik correct me if I am wrong. Cheers, |
|
@CermakM Thank you for the reply. Apache 2.0 would be fine (as would be any permissive or LGPL or GPL with linking exception) |
|
I merged the pull request from Marek. The license is now officially ASL 2.0. There was never any question whether this should be under permissive license or not. Not having that ASL 2.0 license file in this repository was just an oversight on my part. @pombredanne thanks for bringing this to my attention 😉 :) |
|
Thank you for following up on this! |
Hi, following some chat with @msrb on aboutcode-org/vulnerablecode#63 (comment) I would like to reuse this codebase as part of vulnerablecode which is similar in spirit to the cvedb but eventually larger in scope. See also https://nlnet.nl/project/vulnerabilitydatabase/
The only license I could find if for the cve2pkg in https://github.com/fabric8-analytics/cvejob/blob/4e5abc99a506070d6e7b191a9783e5b6f14ea5f7/tools/src/cpe2pkg/LICENSE
So what would be the license for the rest of the code?
The best right answer would be Apache or some permissive or LGPL license so we can integrate it more easily in the Apache-license code of the vulnerablecode project ... BUT any FOSS license will do!
Thanks!
(BTW the same license question applies to the curated results at https://github.com/fabric8-analytics/cvedb and public domain would be the best right answer since this is the license we use for vulnerablecode data ... and a larger question to possibly collaborate together in general)
The text was updated successfully, but these errors were encountered: