hkong-mitre
commented
1 year ago Thank you for your suggestion. It is in progress in PR https://github.com/CVEProject/cvelistV5/pull/36
Closed kurtseifried closed 4 months ago
hkong-mitre
commented
1 year ago Thank you for your suggestion. It is in progress in PR https://github.com/CVEProject/cvelistV5/pull/36
pombredanne
commented
1 year ago I commented on the PR at https://github.com/CVEProject/cvelistV5/pull/36 and I am repasting these here for the record:
I thought that there was already a different license for this data... I have documented this here https://github.com/nexB/vulnerablecode/blob/37fdd7dcabc8187e855292d1e681d3852a87cf52/vulnerabilities/importers/nvd.py#L32
It is fine if you switch to a CC0-1.0 license but has this be vouched for by MITRE legal? See in particular https://www.cve.org/Legal/TermsOfUse
pombredanne
commented
1 year ago As per CWE, they have deployed the CC0 license: https://github.com/CWE-CAPEC/CWE-Submissions/issues/30
@kurtseifried this seems to be either a dead link or a private repo.... but it should be public IMHO, and this would be a nice thing.
kurtseifried
commented
1 year ago Nope. they removed the CC0 license:
https://github.com/CWE-CAPEC/CWE-Submissions/issues/30#issuecomment-1726694339
asummers-MITRE commented 4 days ago For clarification: All content submissions to the CWE Program already fell under the CWE Terms of Use at the time of submission (i.e., prior to the Pilot Program). We have simplified things to avoid relicensing. The CC0-1.0 license has been replaced with the CWE Terms of Use, which have been added as a license file on the repository.
pombredanne
commented
1 year ago @kurtseifried my point was that the repo you link above at https://github.com/CWE-CAPEC/CWE-Submissions/ is a private repo that is NOT publicly accessible. Try to open the link in a private browser tab where you are not logged in GitHub.
So if this is not in the open, it is kinda difficult to have a discussion on things that only you can see.
kurtseifried
commented
1 year ago You will have to complain to MITRE, it's the MITRE CWE repo. I also cut and paste what they said.
pombredanne
commented
4 months ago @kurtseifried fair enough ... so the license is https://scancode-licensedb.aboutcode.org/cve-tou.html ... this works for me!
pombredanne
commented
1 month ago I pushed a PR for now https://github.com/CVEProject/cvelistV5/pull/65
Please fill out the following sections
Is there a problem using the GitHub Repository? Yes. There is no license.
Do you have any suggestions on how we could improve the repository? Add a license, CC0 is probably best for content.
Please provide any other comments here
As per CWE, they have deployed the CC0 license: https://github.com/CWE-CAPEC/CWE-Submissions/issues/30