vulnerablecode icon indicating copy to clipboard operation
vulnerablecode copied to clipboard
verified publisher icon nexB

Import Ubuntu OSV data

Open pombredanne opened this issue 9 months ago • 3 comments

See:

  • https://github.com/canonical/ubuntu-security-notices/ There is a pending license issue to resolve:
  • https://github.com/canonical/ubuntu-security-notices/issues/5

pombredanne avatar Mar 20 '25 21:03 pombredanne

@pombredanne isn't this license here https://github.com/canonical/ubuntu-security-notices/blob/main/LICENSE enough to allow us to use the advisory data ? But GPL licensing is done for software not data, using GPL might require us to refactor VulnerableCode's license also as GPL.

kunalsz avatar Mar 21 '25 10:03 kunalsz

@kunalsz per https://github.com/canonical/ubuntu-security-notices/issues/5#issuecomment-2743203010

@pombredanne we already discussed this with @oliverchang and legal, and GPL doesn't apply to data, but only to the scripts in this repo.

regarding clarifying it, I will discuss with the rest of the team about it, we will update this PR when done

In all cases, the license should not be in the way to writing the code to fetch the data unless the license would prohibit that, which is not the case.

pombredanne avatar Jun 02 '25 06:06 pombredanne

Note also that https://github.com/canonical/ubuntu-security-notices/ now has three formats, and include PURLs in most cases! ( @dodys thank you for that! ❤ )

pombredanne avatar Jun 02 '25 06:06 pombredanne