Hi Andrew, > Maybe we want to make it CC-BY-4 to require people to reference back to > the canonical upstream ? Thanks for your response, can we have a more declarative statement on the license from your end and also can you please provide your acknowledgement over the usage of Xen security data in vulnerablecode.
Regards, On Tue, Jan 10, 2023 at 7:15 PM Andrew Cooper <andrew.coop...@citrix.com> wrote: > > On 10/01/2023 1:33 pm, Tushar Goel wrote: > > Hey, > > > > We would like to integrate the xen security data[1][2] data > > in vulnerablecode[3] which is a FOSS db of FOSS vulnerability data. > > We were not able to know under which license this security data comes. > > We would be grateful to have your acknowledgement over > > usage of the xen security data in vulnerablecode and > > have some kind of licensing declaration from your side. > > > > [1] - https://xenbits.xen.org/xsa/xsa.json > > [2] - https://github.com/nexB/vulnerablecode/pull/1044 > > [3] - https://github.com/nexB/vulnerablecode > > Hmm, good question... > > In practice, it is public domain, not least because we publish it to > Mitre and various public mailing lists, but I'm not aware of having > explicitly tried to choose a license. > > Maybe we want to make it CC-BY-4 to require people to reference back to > the canonical upstream ? > > ~Andrew
