Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FEEDBACK - Missing license file #35

Closed
kurtseifried opened this issue Sep 16, 2023 · 8 comments
Closed

FEEDBACK - Missing license file #35

kurtseifried opened this issue Sep 16, 2023 · 8 comments

Comments

@kurtseifried
Copy link

Please fill out the following sections

Is there a problem using the GitHub Repository?
Yes. There is no license.

Do you have any suggestions on how we could improve the repository?
Add a license, CC0 is probably best for content.

Please provide any other comments here

As per CWE, they have deployed the CC0 license: https://github.com/CWE-CAPEC/CWE-Submissions/issues/30
@hkong-mitre
Copy link
Collaborator

Thank you for your suggestion. It is in progress in PR #36

@pombredanne
Copy link

I commented on the PR at #36 and I am repasting these here for the record:

I thought that there was already a different license for this data... I have documented this here https://github.com/nexB/vulnerablecode/blob/37fdd7dcabc8187e855292d1e681d3852a87cf52/vulnerabilities/importers/nvd.py#L32

It is fine if you switch to a CC0-1.0 license but has this be vouched for by MITRE legal?
See in particular https://www.cve.org/Legal/TermsOfUse

@pombredanne
Copy link

pombredanne commented Sep 23, 2023
edited
Loading

As per CWE, they have deployed the CC0 license: https://github.com/CWE-CAPEC/CWE-Submissions/issues/30

@kurtseifried this seems to be either a dead link or a private repo.... but it should be public IMHO, and this would be a nice thing.

@kurtseifried
Copy link
Author

Nope. they removed the CC0 license:

https://github.com/CWE-CAPEC/CWE-Submissions/issues/30#issuecomment-1726694339

asummers-MITRE commented 4 days ago
For clarification: All content submissions to the CWE Program already fell under the CWE Terms of Use at the time of submission (i.e., prior to the Pilot Program). We have simplified things to avoid relicensing. The CC0-1.0 license has been replaced with the CWE Terms of Use, which have been added as a license file on the repository.

@pombredanne
Copy link

@kurtseifried my point was that the repo you link above at https://github.com/CWE-CAPEC/CWE-Submissions/ is a private repo that is NOT publicly accessible. Try to open the link in a private browser tab where you are not logged in GitHub.

So if this is not in the open, it is kinda difficult to have a discussion on things that only you can see.

@kurtseifried
Copy link
Author

You will have to complain to MITRE, it's the MITRE CWE repo. I also cut and paste what they said.

@pombredanne
Copy link

@kurtseifried fair enough ... so the license is https://scancode-licensedb.aboutcode.org/cve-tou.html ... this works for me!

@pombredanne
Copy link

I pushed a PR for now #65

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@kurtseifried @pombredanne @hkong-mitre