cvelistV5 Create LICENSE file for CC0

Adding a license file to the repository

Sep 19 '23 21:09 hkong-mitre

I thought that there was already a different license for this data... I have documented this here https://github.com/nexB/vulnerablecode/blob/37fdd7dcabc8187e855292d1e681d3852a87cf52/vulnerabilities/importers/nvd.py#L32

It is fine if you switch to a CC0-1.0 license but has this be vouched for by MITRE legal?

Sep 23 '23 09:09 pombredanne

See in particular https://www.cve.org/Legal/TermsOfUse

Sep 23 '23 09:09 pombredanne

gentle ping

Mar 08 '24 16:03 pombredanne

I would love for this to be CC0, but the attribution clause in the terms of use page implies CC BY 4.0 or similar:

Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.

Of course, MITRE could remove this clause.

Apr 17 '24 05:04 eslerm

@hkong-mitre gentle ping. I see @rbrittonMitre is missing as a reviewer? Note that until you clarify the license, the Mitre ToU at https://www.cve.org/Legal/TermsOfUse apply and any fork or release you make is immediately non-compliant because this license at https://www.cve.org/Legal/TermsOfUse states:

"Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy."

It would be nice to make it easy on users by providing a proper license text in the repo.

Aug 17 '24 20:08 pombredanne

I submitted this PR https://github.com/CVEProject/cvelistV5/pull/65 to add the missing current license text until that CC0 PR can be merged.

Aug 18 '24 08:08 pombredanne