Xen project Mailing List

Re: Usage of Xen Security Data in VulnerableCode

To: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>

From: Tushar Goel <tushar.goel.dav@xxxxxxxxx>

Date: Thu, 19 Jan 2023 18:39:28 +0530

Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Xen Security <security@xxxxxxx>, Philippe Ombredanne <pombredanne@xxxxxxxx>, jmhoran@xxxxxxxx

Delivery-date: Thu, 19 Jan 2023 13:09:54 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Hi Andrew, > Maybe we want to make it CC-BY-4 to require people to reference back to > the canonical upstream ? Thanks for your response, can we have a more declarative statement on the license from your end and also can you please provide your acknowledgement over the usage of Xen security data in vulnerablecode. Regards, On Tue, Jan 10, 2023 at 7:15 PM Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx> wrote: > > On 10/01/2023 1:33 pm, Tushar Goel wrote: > > Hey, > > > > We would like to integrate the xen security data[1][2] data > > in vulnerablecode[3] which is a FOSS db of FOSS vulnerability data. > > We were not able to know under which license this security data comes. > > We would be grateful to have your acknowledgement over > > usage of the xen security data in vulnerablecode and > > have some kind of licensing declaration from your side. > > > > [1] - https://xenbits.xen.org/xsa/xsa.json > > [2] - https://github.com/nexB/vulnerablecode/pull/1044 > > [3] - https://github.com/nexB/vulnerablecode > > Hmm, good question... > > In practice, it is public domain, not least because we publish it to > Mitre and various public mailing lists, but I'm not aware of having > explicitly tried to choose a license. > > Maybe we want to make it CC-BY-4 to require people to reference back to > the canonical upstream ? > > ~Andrew

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.