security-baseline icon indicating copy to clipboard operation
security-baseline copied to clipboard
verified publisher icon ossf

Proposal to merge OSPS-LE-03.0*

Open hyandell opened this issue 3 months ago • 1 comments

Merger Suggestion 2

OSPS-LE-03.01: While active, the license for the source code MUST be maintained in the corresponding repository's LICENSE file, COPYING file, or LICENSE/ directory. OSPS-LE-03.02: While active, the license for the released software assets MUST be included in the released source code, or in a LICENSE file, COPYING file, or LICENSE/ directory alongside the corresponding release assets.

Similarly, these two items are exhibiting a nuance that is unnecessary for Security Baseline and likely opening up a bag of worms. I would simplify it to:

OSPS-LE-03.01: The license for the project's source and artifacts MUST be clearly identified in a standard file (e.g. LICENSE, COPYING) with standard file extension (e.g. .md, .txt)."

hyandell avatar Oct 03 '25 21:10 hyandell

I agree, which prompted #403. If we reject that, we should come back to this.

funnelfiasco avatar Oct 06 '25 13:10 funnelfiasco