Open JanHoefelmeyer opened 5 months ago
Commit fdbfc00 adds licensing info to *.png
, *.svg
*.ico
.
Commit 70bf113 adds licensing info to code we have written.
How to deal with "original" .json files I used from e.g. csaf-standard or the accessible BSI-Document?
Which license do Advisories
/ CSAF-Documents
itself have?
How to deal with "original" .json files I used from e.g. csaf-standard or the accessible BSI-Document?
Depends on the license of each file. See the licensing section of https://github.com/csaf-poc/csaf_distribution 's readme for an example how to indicate that, if the files can be included.
Which license do Advisories/ CSAF-Documents itself have?
The one that the publisher has indicated. From the standard I believe that is data within distribution/properties
of each document. If there is no licences provided in there then it is the same like everywhere all rights are disallowed by default and possibly some distribution rights can be assumed indirectly.
Just for documentation, the current state of licensing according to reuse lint:
The following files have no copyright and licensing information:
The following files have no licensing information:
Unfortunately, your project is not compliant with version 3.0 of the REUSE Specification :-(
Some of the output should not be subject of the check as they aren't source files. (Like build/) @ThomasJunk I remember we had talked about a solution for this. Can you write it down in here.
E.g. android-chrome-192x192.png does not have a proper license. android-chrome-192x192.png.license is merely a copy of it. This needs to be fixed and there should be an automated way to check for licenses.