Dual License #56
Comments
|
Note to self: This might be a case of multiple licensing: https://fedoraproject.org/wiki/Packaging:LicensingGuidelines#Multiple_Licensing_Scenarios |
|
So, the CVSSv4 code is a port from https://github.com/RedHatProductSecurity/cvss-v4-calculator which is BSD-2-Clause. I have actually no idea how to do this correctly. |
|
Me neither. Fedora packaging guidelines suggests this for multiple licensing:
Pypi might have different guideline. Separation into subpackages would not be possible as the Python module is directly tied through |
|
I am thinking if we could be able to dual-license the original code and change it here to be just one license through whole code base. |
|
Dual license might have similar challenges. Maybe this might help: https://peps.python.org/pep-0639/ + https://peps.python.org/pep-0639/appendix-user-scenarios/#my-package-includes-other-code-under-different-licenses I think that either dual or multiple licenses should be mentioned in Readme and have LICENSE files provided. |
|
I thought if we dual license the original Javascript code, we could change the code in this codebase to be consistent. But I guess I need to talk to some legal people. |
|
I will look into it, discussed with @skontar. |
Hello,
I've noticed that this project seems to be dual licensed, however it is not evident from the project's LICENSE file nor from Readme.
The original code is under LGPL-3.0 license, however the new CVSSv4 is under BSD-2-Clause license.
This might have an impact when packaging this to Fedora Project.
Thank you for helping with this.
EDIT: Pypi also has incomplete information wrt license https://pypi.org/project/cvss/
The text was updated successfully, but these errors were encountered: