On 10/01/2023 1:33 pm, Tushar Goel wrote: > Hey, > > We would like to integrate the xen security data[1][2] data > in vulnerablecode[3] which is a FOSS db of FOSS vulnerability data. > We were not able to know under which license this security data comes. > We would be grateful to have your acknowledgement over > usage of the xen security data in vulnerablecode and > have some kind of licensing declaration from your side. > > [1] - https://xenbits.xen.org/xsa/xsa.json > [2] - https://github.com/nexB/vulnerablecode/pull/1044 > [3] - https://github.com/nexB/vulnerablecode
Hmm, good question... In practice, it is public domain, not least because we publish it to Mitre and various public mailing lists, but I'm not aware of having explicitly tried to choose a license. Maybe we want to make it CC-BY-4 to require people to reference back to the canonical upstream ? ~Andrew
