-
Notifications
You must be signed in to change notification settings - Fork 18
/
thirdparty.spdx
295 lines (243 loc) · 13.4 KB
/
thirdparty.spdx
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
DocumentNamespace: https://github.com/uptane/aktualizr/
DocumentName: SPDX-third_party
SPDXID: SPDXRef-DOCUMENT
Creator: Organization: HERE Technologies
Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-googletest
Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-jsoncpp
Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-boost-filesystem
Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-boost-program-options
Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-boost-log
Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-libcurl
Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-openssl
Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-libarchive
Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-libsodium
Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-libostree
Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-sqlite3
Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-asn1c
Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-libp11
Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-ctest2junit.xsl
PackageName: googletest
SPDXID: SPDXRef-googletest
PackageVersion: 1.8.1
PackageDownloadLocation: https://github.com/google/googletest/archive/release-1.8.1.zip
PackageHomePage: https://github.com/google/googletest
PackageLicenseConcluded: BSD-3-Clause
PackageLicenseDeclared: BSD-3-Clause
PackageLicenseInfoFromFiles: BSD-3-Clause
PackageCopyrightText: <text>Copyright 2008, Google Inc.
All rights reserved.</text>
FilesAnalyzed: false
PackageComment: <text>Testing only.</text>
PackageName: jsoncpp
SPDXID: SPDXRef-jsoncpp
PackageVersion: 1.8.4
PackageDownloadLocation: https://github.com/open-source-parsers/jsoncpp/archive/1.8.4.zip
PackageHomePage: https://github.com/open-source-parsers/jsoncpp
PackageLicenseConcluded: (MIT OR LicenseRef-jsoncpp-public-domain)
PackageLicenseDeclared: (MIT OR LicenseRef-jsoncpp-public-domain)
PackageLicenseInfoFromFiles: MIT
PackageLicenseInfoFromFiles: LicenseRef-jsoncpp-public-domain
PackageCopyrightText: <text>Copyright (c) 2007-2010 by Baptiste Lepilleur and The JsonCpp Authors</text>
FilesAnalyzed: false
PackageName: boost-filesystem
SPDXID: SPDXRef-boost-filesystem
PackageVersion: 1.58.0
PackageDownloadLocation: https://dl.bintray.com/boostorg/release/1.58.0/source/boost_1_58_0.tar.bz2
PackageHomePage: http://www.boost.org/
PackageLicenseConcluded: BSL-1.0
PackageLicenseDeclared: BSL-1.0
PackageLicenseInfoFromFiles: BSL-1.0
PackageCopyrightText: <text>© Copyright Beman Dawes, 2002-2005</text>
FilesAnalyzed: false
PackageComment: <text>Dynamically linked.</text>
PackageName: boost-program-options
SPDXID: SPDXRef-boost-program-options
PackageVersion: 1.58.0
PackageDownloadLocation: https://dl.bintray.com/boostorg/release/1.58.0/source/boost_1_58_0.tar.bz2
PackageHomePage: http://www.boost.org/
PackageLicenseConcluded: BSL-1.0
PackageLicenseDeclared: BSL-1.0
PackageLicenseInfoFromFiles: BSL-1.0
PackageCopyrightText: <text>Copyright © 2002-2004 Vladimir Prus</text>
FilesAnalyzed: false
PackageComment: <text>Dynamically linked.</text>
PackageName: boost-log
SPDXID: SPDXRef-boost-log
PackageVersion: 1.58.0
PackageDownloadLocation: https://dl.bintray.com/boostorg/release/1.58.0/source/boost_1_58_0.tar.bz2
PackageHomePage: http://www.boost.org/
PackageLicenseConcluded: BSL-1.0
PackageLicenseDeclared: BSL-1.0
PackageLicenseInfoFromFiles: BSL-1.0
PackageCopyrightText: <text>Copyright © 2007-2016 Andrey Semashev</text>
FilesAnalyzed: false
PackageComment: <text>Dynamically linked.</text>
PackageName: libcurl
SPDXID: SPDXRef-libcurl
PackageDownloadLocation: https://github.com/curl/curl/archive/master.zip
PackageHomePage: https://curl.haxx.se
PackageLicenseConcluded: curl
PackageLicenseDeclared: curl
PackageLicenseInfoFromFiles: curl
PackageCopyrightText: <text>Copyright (c) 1996 - 2018, Daniel Stenberg, [email protected], and many contributors, see the THANKS file.
All rights reserved.</text>
FilesAnalyzed: false
PackageComment: <text>Dynamically linked.</text>
PackageName: openssl
SPDXID: SPDXRef-openssl
PackageDownloadLocation: https://github.com/openssl/openssl/archive/master.zip
PackageHomePage: https://www.openssl.org/
PackageLicenseConcluded: OpenSSL
PackageLicenseDeclared: OpenSSL
PackageLicenseInfoFromFiles: OpenSSL
PackageCopyrightText: <text>Copyright (c) 1998-2018 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
All rights reserved.</text>
FilesAnalyzed: false
PackageComment: <text>Dynamically linked.</text>
PackageName: libarchive
SPDXID: SPDXRef-libarchive
PackageDownloadLocation: https://github.com/libarchive/libarchive/zipball/master
PackageHomePage: https://www.libarchive.org/
PackageLicenseConcluded: LicenseRef-libarchive
PackageLicenseDeclared: LicenseRef-libarchive
PackageLicenseInfoFromFiles: LicenseRef-libarchive
PackageCopyrightText: <text>The libarchive distribution as a whole is Copyright by Tim Kientzle
and is subject to the copyright notice reproduced at the bottom of
this file.</text>
FilesAnalyzed: false
PackageComment: <text>Dynamically linked.</text>
PackageName: libsodium
SPDXID: SPDXRef-libsodium
PackageDownloadLocation: https://download.libsodium.org/libsodium/releases/libsodium-1.0.12.tar.gz
PackageHomePage: https://download.libsodium.org/doc/
PackageLicenseConcluded: ISC
PackageLicenseDeclared: ISC
PackageLicenseInfoFromFiles: ISC
PackageCopyrightText: <text>Copyright (c) 2013-2018
Frank Denis <j at pureftpd dot org></text>
FilesAnalyzed: false
PackageComment: <text>Dynamically linked.</text>
PackageName: libostree
SPDXID: SPDXRef-libostree
PackageDownloadLocation: https://github.com/ostreedev/ostree/archive/master.zip
PackageHomePage: https://ostree.readthedocs.io/en/latest/
PackageLicenseConcluded: LGPL-2.0-or-later
PackageLicenseDeclared: LGPL-2.0-or-later
PackageLicenseInfoFromFiles: LGPL-2.0-or-later
PackageCopyrightText: <text>NONE</text>
FilesAnalyzed: false
PackageComment: <text>Dynamically linked.</text>
PackageName: sqlite3
SPDXID: SPDXRef-sqlite3
PackageDownloadLocation: http://www.sqlite.org/2018/sqlite-autoconf-3230100.tar.gz
PackageHomePage: https://www.sqlite.org/
PackageLicenseConcluded: LicenseRef-sqlite-public-domain
PackageLicenseDeclared: LicenseRef-sqlite-public-domain
PackageLicenseInfoFromFiles: LicenseRef-sqlite-public-domain
PackageCopyrightText: <text>SQLite is in the Public Domain</text>
FilesAnalyzed: false
PackageComment: <text>Dynamically linked.</text>
PackageName: asn1c
SPDXID: SPDXRef-asn1c
PackageDownloadLocation: https://github.com/vlm/asn1c/archive/v0.9.28.tar.gz
PackageHomePage: http://lionet.info/asn1c/
PackageLicenseConcluded: BSD-2-Clause
PackageLicenseDeclared: BSD-2-Clause
PackageLicenseInfoFromFiles: BSD-2-Clause
PackageCopyrightText: <text>Copyright (c) 2003-2017 Lev Walkin <[email protected]> and contributors.</text>
FilesAnalyzed: false
PackageComment: <text>Dynamically linked.</text>
PackageName: libp11
SPDXID: SPDXRef-libp11
PackageDownloadLocation: https://github.com/OpenSC/libp11/archive/libp11-0.4.7.tar.gz
PackageHomePage: https://github.com/OpenSC/libp11
PackageLicenseConcluded: LGPL-2.1-or-later
PackageLicenseDeclared: LGPL-2.1-or-later
PackageLicenseInfoFromFiles: LGPL-2.1-or-later
PackageCopyrightText: <text>NONE</text>
FilesAnalyzed: false
PackageComment: <text>Dynamically linked.</text>
PackageName: ctest2junit.xsl
SPDXID: SPDXRef-ctest2junit.xsl
PackageDownloadLocation: https://github.com/manticoresoftware/manticoresearch/tree/master/misc/junit/ctest2junit.xsl
PackageHomePage: https://github.com/manticoresoftware/manticoresearch
PackageLicenseConcluded: GPLv2
PackageLicenseDeclared: GPLv2
PackageLicenseInfoFromFiles: GPLv2
PackageCopyrightText: <text>NONE</text>
FilesAnalyzed: false
PackageComment: <text>Testing only.</text>
LicenseID: LicenseRef-jsoncpp-public-domain
ExtractedText: <text>The JsonCpp library's source code, including accompanying documentation,
tests and demonstration applications, are licensed under the following
conditions...
The author (Baptiste Lepilleur) explicitly disclaims copyright in all
jurisdictions which recognize such a disclaimer. In such jurisdictions,
this software is released into the Public Domain.
In jurisdictions which do not recognize Public Domain property (e.g. Germany as of
2010), this software is Copyright (c) 2007-2010 by Baptiste Lepilleur, and is
released under the terms of the MIT License (see below).
In jurisdictions which recognize Public Domain property, the user of this
software may choose to accept it either as 1) Public Domain, 2) under the
conditions of the MIT License (see below), or 3) under the terms of dual
Public Domain/MIT License conditions described here, as they choose.</text>
LicenseID: LicenseRef-libarchive
ExtractedText: <text>The libarchive distribution as a whole is Copyright by Tim Kientzle
and is subject to the copyright notice reproduced at the bottom of
this file.
Each individual file in this distribution should have a clear
copyright/licensing statement at the beginning of the file. If any do
not, please let me know and I will rectify it. The following is
intended to summarize the copyright status of the individual files;
the actual statements in the files are controlling.
* Except as listed below, all C sources (including .c and .h files)
and documentation files are subject to the copyright notice reproduced
at the bottom of this file.
* The following source files are also subject in whole or in part to
a 3-clause UC Regents copyright; please read the individual source
files for details:
libarchive/archive_entry.c
libarchive/archive_read_support_filter_compress.c
libarchive/archive_write_add_filter_compress.c
libarchive/mtree.5
* The following source files are in the public domain:
libarchive/archive_getdate.c
* The build files---including Makefiles, configure scripts,
and auxiliary scripts used as part of the compile process---have
widely varying licensing terms. Please check individual files before
distributing them to see if those restrictions apply to you.
I intend for all new source code to use the license below and hope over
time to replace code with other licenses with new implementations that
do use the license below. The varying licensing of the build scripts
seems to be an unavoidable mess.
Copyright (c) 2003-2009 <author(s)>
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer
in this position and unchanged.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.</text>
LicenseID: LicenseRef-sqlite-public-domain
ExtractedText: <text>SQLite Is Public Domain
All of the code and documentation in SQLite has been dedicated to the public domain by the authors. All code authors, and representatives of the companies they work for, have signed affidavits dedicating their contributions to the public domain and originals of those signed affidavits are stored in a firesafe at the main offices of Hwaci. Anyone is free to copy, modify, publish, use, compile, sell, or distribute the original SQLite code, either in source code form or as a compiled binary, for any purpose, commercial or non-commercial, and by any means.
The previous paragraph applies to the deliverable code and documentation in SQLite - those parts of the SQLite library that you actually bundle and ship with a larger application. Some scripts used as part of the build process (for example the "configure" scripts generated by autoconf) might fall under other open-source licenses. Nothing from these build scripts ever reaches the final deliverable SQLite library, however, and so the licenses associated with those scripts should not be a factor in assessing your rights to copy and use the SQLite library.
All of the deliverable code in SQLite has been written from scratch. No code has been taken from other projects or from the open internet. Every line of code can be traced back to its original author, and all of those authors have public domain dedications on file. So the SQLite code base is clean and is uncontaminated with licensed code from other projects.
Open-Source, not Open-Contribution
SQLite is open-source, meaning that you can make as many copies of it as you want and do whatever you want with those copies, without limitation. But SQLite is not open-contribution. In order to keep SQLite in the public domain and ensure that the code does not become contaminated with proprietary or licensed content, the project does not accept patches from unknown persons.
All of the code in SQLite is original, having been written specifically for use by SQLite. No code has been copied from unknown sources on the internet.
</text>