Please clarify the licensing of the SARIF schema files #583
Comments
|
Good news. The following is an exact quote from OASIS. |
|
Just an update. OASIS says that although you do not need permission from them to incorporate the schema into your compiler, they understand that some companies are squeamish about such things, and OASIS will write a letter of permission if your company asks for it. |
|
I believe this issues is now addressed with my earlier comment above. Please feel free to reopen it if you disagree. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
(as noted in #498 (comment) )
What's the license of the schema files? In particular, what permissions are granted (if any) to redistribute the schemata?
Note that there could be two sets of schemata:
Hopefully these are bit-for-bit identical, but they might not be.
I'm not a lawyer, but it appears to me that the LICENSE.md from this repo does implicitly grant licenses for the files below https://github.com/oasis-tcs/sarif-spec/tree/main/Schemata, and 10.1 RAND Mode TC Requirements seems to imply a grant of redistibutability.
Is it possible to add a LICENSE.md adjacent to the schema files in their canonical location? I believe that would make it clear that there is a license grant on these files. Alternatively, is there some common policy covering docs.oasis-open.org that I missed? Sorry if that's the case.
The specific use case I have is that I'm hoping to add validation against the SARIF schema to GCC's testsuite to test my SARIF creation code; this testsuite ideally to be runnable in a locked-down environment with no network access (so that we can bootstrap a toolchain repeatedly from a known bundle of bits). Hence I would like to add a copy of the SARIF schemata to GCC's source tree, but for this I need clarity that these files are redistributable.
The text was updated successfully, but these errors were encountered: