italvi
commented
5 months ago Should we really use CC here? Though it is compatible with all versions of GPL, according to gnu it should not be used for software.
Closed mmarseu closed 5 months ago
italvi
commented
5 months ago Should we really use CC here? Though it is compatible with all versions of GPL, according to gnu it should not be used for software.
mmarseu
commented
5 months ago If you can find another license that applies to this data, I'm all for it. I just wasn't able so CC is the only option I could find.
If it was us who selected a license for one of our pieces of software, I'd say we follow GNU's recommendation. But in this case, its somebody else who decided and we have to live with that.
mmarseu
commented
5 months ago I've added a NOTICE file to #160 which hopefully should fulfil our obligations resulting from the Apache-2.0 license and CC-BY-3.0. I was too lazy to create a separate PR for this, although that could definitely be done, if #160 will take too long to merge.
Ah, irony is beautiful 😆
There we went and copied raw data about licenses from other open-source projects and neglected to make sure we follow their license conditions.
cdxev/amend/license_name_spdx_id_map.jsonis largely based off of https://github.com/CycloneDX/cyclonedx-core-java/blob/master/src/main/resources/license-mapping.json which is licensed under Apache-2.0.We also incorporated additional license names and ids from SPDX. Since the raw data that the site is based on - equally ironically - doesn't specify a license, I'd say we refer to the license of the website which is copyrighted by The Linux Foundation and under CC-BY-3.0.