vitorpamplona
commented
2 years ago Hey Tyler,
The 3 files you mentioned are the core of this project. We are keeping it as GPLv3 for now because there is a lot of responsibility built-in in guaranteeing the trust of these keys. We not only run background checks in each one of these entities to make sure they are what they say they are, but we also keep track of any vulnerabilities on the QR codes they release daily. What you see is just the end product of a lot of manual work. That work is being financed by commercial licenses to the data. I am happy to discuss the details of a commercial license when your application gets ready for that discussion.
Best,
sirocyl
Hey, I'm interested in applying the raw data (CSV, JSON) for the list of issuers here in an application to be used on a network-free kiosk on the registration floor of a near-future event.
However, the application, which we're working on publishing as open-source, is under the MIT license, which is incompatible with - and therefore forbids - transcluding code from GPLv2/v3-licensed projects.
I'd like to ask if the raw data - in the three files
registry.json,registry-normalized.jsonandregistry-normalized.csv- can be provided or used under more permissive license terms, or if there is a source issuer list/trust registry that these are based on, which is not GPL-encumbered that you use, which we can connect with instead.If the specified registry data can be used under a license independent of the code, I would recommend clarifying this in the LICENSE file and README.md, in the repository.