search

theupdateframework / go-tuf

Go implementation of The Update Framework (TUF)
https://theupdateframework.com
Apache License 2.0
625 stars 105 forks source link

Please clarify Copyright holder #516

Closed siretart closed 8 months ago

siretart commented 1 year ago

According to the LICENSE file in https://github.com/theupdateframework/go-tuf/blob/5ed62397581b953bacae5bf46b8c7dac4d85df1d/LICENSE#L1

the work is copyrighted by "Prime Directive, Inc".

Is this accurate or should the copyright owners by represented differently?

siretart commented 1 year ago

An other file with a copyright statement:

https://github.com/theupdateframework/go-tuf/blob/5ed62397581b953bacae5bf46b8c7dac4d85df1d/client/python_interop/testdata/python-tuf-v2.0.0/client.py#L3-L4

This statement seems to be more in line with what's written at the bottom of https://theupdateframework.io/ ?

And yet another one here:

https://github.com/theupdateframework/go-tuf/blob/5ed62397581b953bacae5bf46b8c7dac4d85df1d/client/python_interop/testdata/LICENSE.txt#L10-L13

-- thank you for your clarifications!

mnm678 commented 1 year ago

That last license file was changed upstream: https://github.com/theupdateframework/python-tuf/commit/f5d08bb0e8a4089fcd976408eca8e05d7c1888e5, and we should probably replace all the license info within testdata to point to the original source to make sure it stays up-to-date (as I believe those are licenses for the underlying python-tuf code).

I think we just want Apache/MIT for this project, but I'm not sure what the process is to change that. @JustinCappos might have more context.

JustinCappos commented 1 year ago

It should be replaced. We had a very small amount of Thandy code in the very beginning for compat / testing and have had none for essentially the past 10 years. Certainly, it is all out after the rewrite / refactor by our industry friends. This can be removed everywhere.

On Fri, Jul 14, 2023 at 11:48 AM Marina Moore @.***> wrote:

That last license file was changed upstream: @.*** https://github.com/theupdateframework/python-tuf/commit/f5d08bb0e8a4089fcd976408eca8e05d7c1888e5, and we should probably replace all the license info within testdata to point to the original source to make sure it stays up-to-date (as I believe those are licenses for the underlying python-tuf code).

I think we just want Apache/MIT for this project, but I'm not sure what the process is to change that. @JustinCappos https://github.com/JustinCappos might have more context.

— Reply to this email directly, view it on GitHub https://github.com/theupdateframework/go-tuf/issues/516#issuecomment-1636049591, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAGRODZ4VGMGLA7P3AVUF43XQFS5VANCNFSM6AAAAAA2HIHL2E . You are receiving this because you were mentioned.Message ID: @.***>

rdimitrov commented 8 months ago

Closing since the code base changed and the license is now Apache 2 and is consistent across the whole project.

Thanks for raising this 👍