-
Notifications
You must be signed in to change notification settings - Fork 30
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Dual License #56
Comments
Note to self: This might be a case of multiple licensing: https://fedoraproject.org/wiki/Packaging:LicensingGuidelines#Multiple_Licensing_Scenarios |
So, the CVSSv4 code is a port from https://github.com/RedHatProductSecurity/cvss-v4-calculator which is BSD-2-Clause. I have actually no idea how to do this correctly. |
Me neither. Fedora packaging guidelines suggests this for multiple licensing:
Pypi might have different guideline. Separation into subpackages would not be possible as the Python module is directly tied through |
I am thinking if we could be able to dual-license the original code and change it here to be just one license through whole code base. |
Dual license might have similar challenges. Maybe this might help: https://peps.python.org/pep-0639/ + https://peps.python.org/pep-0639/appendix-user-scenarios/#my-package-includes-other-code-under-different-licenses I think that either dual or multiple licenses should be mentioned in Readme and have LICENSE files provided. |
I thought if we dual license the original Javascript code, we could change the code in this codebase to be consistent. But I guess I need to talk to some legal people. |
I will look into it, discussed with @skontar. |
Hello,
I've noticed that this project seems to be dual licensed, however it is not evident from the project's LICENSE file nor from Readme.
The original code is under LGPL-3.0 license, however the new CVSSv4 is under BSD-2-Clause license.
This might have an impact when packaging this to Fedora Project.
Thank you for helping with this.
EDIT: Pypi also has incomplete information wrt license https://pypi.org/project/cvss/
The text was updated successfully, but these errors were encountered: