docs icon indicating copy to clipboard operation
docs copied to clipboard

Published 20 hours ago verified publisher icon in-toto

Update LICENSE to Community Specification License 1.0

Open JustinCappos opened this issue 1 year ago • 4 comments

JustinCappos avatar Sep 27 '23 12:09 JustinCappos

FYI: We also will need to change the ITE repo and ensure that files in our repo have the "SPDX-License-Identifier: Community-Spec-1.0". {Note that since the CSL 1.0 in LICENSE is itself CC-BY-4.0, it should have that SPDX License identifier.)

JustinCappos avatar Sep 30 '23 12:09 JustinCappos

A short description of why we are making this change will be useful for recordkeeping @JustinCappos

trishankatdatadog avatar Oct 02 '23 22:10 trishankatdatadog

For rationale:

I had a conversation with Mike Dolan from the LF and there is a good reason for us to consider using the Community License Specification for the in-toto specification. See some of the discussion on the SBOMit sandbox thread: https://github.com/ossf/tac/issues/191#issuecomment-1695533906

This won't make any difference for anyone who uses or works on an implementation of in-toto. It will effectively just make the specification / ITE editors more visibly aligned with the "Apache 2.0" principles that apply to the implementations.

JustinCappos avatar Oct 02 '23 23:10 JustinCappos

Looks like there's a slightly different process for applying this license documented here: https://github.com/CommunitySpecification/Community_Specification/blob/main/..Getting%20Started.md

adityasaky avatar Oct 30 '23 17:10 adityasaky