Fix: Make sure the entire code is properly licensed.

[JanHoefelmeyer]

E.g. android-chrome-192x192.png does not have a proper license. android-chrome-192x192.png.license is merely a copy of it. This needs to be fixed and there should be an automated way to check for licenses.

[ThomasJunk]

Commit fdbfc00 adds licensing info to *.png, *.svg *.ico. Commit 70bf113 adds licensing info to code we have written.

How to deal with "original" .json files I used from e.g. csaf-standard or the accessible BSI-Document? Which license do Advisories/ CSAF-Documents itself have?

[bernhardreiter]

How to deal with "original" .json files I used from e.g. csaf-standard or the accessible BSI-Document?

Depends on the license of each file. See the licensing section of https://github.com/csaf-poc/csaf_distribution 's readme for an example how to indicate that, if the files can be included.

Which license do Advisories/ CSAF-Documents itself have?

The one that the publisher has indicated. From the standard I believe that is data within distribution/properties of each document. If there is no licences provided in there then it is the same like everywhere all rights are disallowed by default and possibly some distribution rights can be assumed indirectly.

[JanHoefelmeyer]

Just for documentation, the current state of licensing according to reuse lint:

MISSING COPYRIGHT AND LICENSING INFORMATION

The following files have no copyright and licensing information:

• .vscode/settings.json
• build/_app/immutable/assets/0.e2346106.css
• build/_app/immutable/assets/2.bc584aa0.css
• build/_app/immutable/assets/_layout.a4e18841.css
• build/_app/immutable/assets/_page.bc584aa0.css
• build/_app/immutable/assets/boxicons.3fe502d8.svg
• build/_app/immutable/assets/boxicons.47509a2d.ttf
• build/_app/immutable/assets/boxicons.4b87cbc7.woff2
• build/_app/immutable/assets/boxicons.c23887bb.eot
• build/_app/immutable/assets/boxicons.d5d511cf.woff
• build/_app/immutable/chunks/Spinner.f025728e.js
• build/_app/immutable/chunks/index.7a644faf.js
• build/_app/immutable/chunks/paths.0faff454.js
• build/_app/immutable/chunks/scheduler.cc1c0861.js
• build/_app/immutable/chunks/singletons.ed4953bb.js
• build/_app/immutable/chunks/store.22ca258b.js
• build/_app/immutable/chunks/stores.bde7595e.js
• build/_app/immutable/entry/app.2cf3abe2.js
• build/_app/immutable/entry/start.68e3c3a8.js
• build/_app/immutable/nodes/0.7a52bd9a.js
• build/_app/immutable/nodes/1.7f8496cc.js
• build/_app/immutable/nodes/2.667ee2c5.js
• build/_app/immutable/nodes/3.57fc9617.js
• build/_app/version.json
• build/browserconfig.xml
• build/css/main.css
• build/site.webmanifest
• coverage/base.css
• coverage/block-navigation.js
• coverage/coverage-final.json
• coverage/coverage-summary.json
• coverage/docmodel.ts.html
• coverage/favicon.png
• coverage/index.html
• coverage/prettify.css
• coverage/prettify.js
• coverage/sort-arrow-sprite.png
• coverage/sorter.js
• docs/bsi-2022-0001.json
• src/lib/schema/csaf_json_schema.json

The following files have no licensing information:

• src/lib/schema/cvss-v2.0.json
• src/lib/schema/cvss-v3.0.json
• src/lib/schema/cvss-v3.1.json

SUMMARY

• Bad licenses:
• Deprecated licenses:
• Licenses without file extension:
• Missing licenses:
• Unused licenses:
• Used licenses: CC0-1.0, MIT
• Read errors: 0
• Files with copyright information: 144 / 184
• Files with license information: 141 / 184

Unfortunately, your project is not compliant with version 3.0 of the REUSE Specification :-(

[bernhardreiter]

Some of the output should not be subject of the check as they aren't source files. (Like build/) @ThomasJunk I remember we had talked about a solution for this. Can you write it down in here.