Re: [windup-dev] Fwd: Victims Java API, data, features
On 12.6.2017 09:59, Ondrej Zizka wrote:
Hi Jason,
...
>
> One thing that the community are asking for is a change in licence for the
victims-cve-db part of the project, so that's
> something that we'll definitely we looking at. Some members have suggested a CC
BY-SA licence. What do you think of that? Read
> the discussion here:
>
> https://github.com/victims/victims-cve-db/issues/25
I don't know much about licenses, maybe Marek will be able to tell more. I remember
Windup would have a problem with the Java
client lib being licensed under AGPL. Eclipse license would fit.
I think using the victims as a library under AGPL is fine, the concerns are related to
data which could be problematic, but if
there is a discussion to change it to CC, that would solves all concerns I guess.
BTW I read https://eclipse.org/legal/eplfaq.php#3RDPARTY and there is not listed the AGPL
and it is true we are not eclipse.org
project, but that list gives us some imagination how it is handled in eclipse.org (we have
an eclipse plugin which uses the same
data or libraries like the CLI/Web console).
Cheers,
Regarding the db part and CC BY-SA, I guess someone (Tobias?) would
have to consider.
Ondra
>
> Regards,
> Jason Shepherd
> Product Security
>
--
Marek Novotny
--
Windup team member
Red Hat Czech s.r.o.
Purkynova 99
612 45 Brno