sjn
commented
1 year ago I, for one, don't mind CC0. Do we have any upstream licenses to care about?
Open garu opened 1 year ago
sjn
commented
1 year ago I, for one, don't mind CC0. Do we have any upstream licenses to care about?
timlegge
commented
3 months ago @garu - discuss next meeting?
For scripts, I'm thinking "same as perl".
What about for the reports themselves?
RustSec, RubySec are CC0 (public domain), PHPSec is Unlicense (public domain), Go Vuln DB, PiPy, Github is CC-BY-4.0 (attribution). (more here).
For the advisory database, Github states in their license that "You agree to release your contributions to the GitHub Advisory Database under the Creative Commons Zero license." But that's an agreement with Github, not necessarily with everyone else.
So before we put any reports here, I wonder what should be our terms.