Add new (old) CC-SA-1.0 license

pombredanne · pombredanne · commit 0ea338f7f6eb · 2023-10-31T16:21:12.000+01:00
Signed-off-by: Philippe Ombredanne &lt;pombredanne@nexb.com&gt;
diff --git a/ROADMAP-ABOUTCODE.rst b/ROADMAP-ABOUTCODE.rst
@@ -0,0 +1,282 @@
+AboutCode global Roadmap
+========================
+
+python-inspector
+Support all package manifests beyond req and setup.py
+
+SCIO: ScanCode.io, pipelines for SCA
+-------------------------------------
+
+Compositition analysis of Deployed binaries
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Build pipelines for key tech stacks. For each of these automate the end-to-end
+analysis of a package binaries mapping it back to it sources and matching it
+upstream to its PurlDB origin:
+
+- for Java
+- for JavaScript, CSS
+- for C/C++ ELFs
+- for C/C++ WinPE
+- for C/C++ Mach-O
+- for .Net, C#
+- for Golang
+- for Android apk
+- for Python
+- for Rust
+- for Ruby
+
+
+Matching pipeline
+~~~~~~~~~~~~~~~~~~
+
+Build a dedicated pipeline to matching (client side)
+
+
+Scan TODO/Review app
+~~~~~~~~~~~~~~~~~~~~~
+
+- Build an app in SCIO to automate flagging scan items that needs review or attention.
+- Create a UI and backend to organize the scan review.
+- Consider including and merging the "scantext" license detection review app
+
+
+Pre-built container image(s)
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- Build and publish container images
+- Consider building a single image for CLI deployments
+- Consider publishe the app image for standalone CLI deployments
+
+Package management
+~~~~~~~~~~~~~~~~~~~~
+
+- Adopt the two levels manifests/package instances
+- Refactor dependencies as deps and requirements
+
+
+Deploy free analysis public server
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- Consider sponsorship from Amazon/Google/Azure
+
+Create and document standard CI/CD integrations
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- GitHub
+- GitLab
+- Azure
+
+
+SCTK: ScanCode Toolkit
+-----------------------
+
+License detection quality improvements
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- Include automatic key phrases in license detection rules
+  Use important key phrases for license detection https://github.com/nexB/scancode-toolkit/issues/2637
+
+- Add required phrase automatically + unknown detection in licenses plus testing
+- More license detection bugs reported recently
+
+- Detect summary for all packages, and populate more package fields correctly like copyright/holders
+
+    - We can report the declared license and other licenses in the license summary
+      of a full scan. The primary license is based; next is to do the
+      same across each package found nested in a scanned codebase. And also compute
+      an individual license clarity score for each these.
+
+
+- license expression simplify and license expression category
+
+
+Improve package detection
+~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- Create synthethic, private packages from non-packaged files based on license and copyright  
+- Create simplified purl-only lightweight package detection
+- Evolve model for dependencies towards requirements and true dependencies
+- Track private non-published packages
+
+Primary copyright detection for packages
+
+- This is closely tied to the primary license detection and should focus
+  on package manifests and key files. 
+- Support copyright parsing from all package ecosystems.
+
+
+
+Published improved release packagings/bundles/installers
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- Publish smaller wheels with a single focus for easier integration as a library
+
+- Release self-contained app(s) for ease of use, bundled with a Python and everything on it:
+
+  - extractcode
+  - scancode proper
+  - packagedcode only
+  - licensedcode only
+  - cluecode only
+
+- Adopt Python 3.12
+- Adopt macOS and Linux on ARM
+
+
+ABCTK: AboutCode Toolkit
+----------------------------
+
+- add support for patterns for docoumented resources
+- add support for exclude for docoumented resources
+- document deployed resource for a development resource
+ 
+
+PURLDB: PurlDB
+----------------
+
+- purl2all: On demand indexing for all supported package ecosystems
+- purl2sym: Collect source and binary symbols
+- index-time matching to find the true origin
+- implement multi-tier indexing: purl/metadata/archive/files
+- MatchCode matching engine
+
+  - embed a SCIO with a matching pipeline for match a whole codebase at once
+    - expore new endpoint for matching whole codebase
+  - support multiple SCIO workers for indexing
+  - implement proper ranking of matched code results
+  - refactor directory matching to be a pre-matching step to file matching
+
+
+VCIO: VulnerableCode.io
+------------------------
+
+- Adopt VulnTotal model throughout
+- Log advisory history
+- Add vulnerable code reachability
+- Add vulnerable code required context/config 
+- Add more upstream resources
+- Deploy purlsync public pilot
+
+
+PURL: purl and vers specs
+--------------------------
+
+- Merge and advertize vers spec.
+- Standardize purl with ECMA
+
+
+INSPECTORS: misc package and technology inspectors
+----------------------------------------------------
+
+- Universal Inspector/DependentCode
+
+  - Resolve any purl dependencies
+  - Non-vulnerable dependency resolution
+
+- Inspector for Java and Android DEX
+
+  - Decompile and collect binary symbols.
+  - Collect source symbols
+  - Resolve dependencies for Gradle, SBT and Maven. 
+
+- Inspector for JavaScript, CSS
+
+  - Decompile/deminify and collect bundled and minified symbols.
+  - Analyze map files
+  - Collect source symbols
+  - Resolve dependencies for npm, yarn and pnpm. 
+
+- Inspector for C/C++
+  - Collect source symbols
+
+- Inspector for ELFs
+
+  - Decompile and collect binary symbols.
+  - Collect DWARFs and ELFs section symbols
+  - Resolve dependencies for pkgconfig and ldd
+
+- Inspector for WinPE
+
+  - Decompile and collect binary symbols.
+  - Collect winpdb symbols
+
+- Inspector for Mach-O
+
+  - Decompile and collect binary symbols.
+  - Collect DWARFs and ELFs section symbols
+
+- Inspector for .Net, C#
+
+  - Decompile and collect binary symbols from assemblies (see also WinPE)
+  - Collect source symbols
+  - Resolve dependencies for nuget/dotnet (completed)
+
+- Inspector for Golang
+
+  - Decompile and collect binary symbols from pclntab
+  - Collect source symbols
+  - Resolve dependencies
+
+- Inspector for Python
+
+  - Decompile and collect binary symbols from bytecode
+  - Collect source symbols
+  - Resolve dependencies (completed)
+
+- Inspector for Rust
+
+  - Decompile and collect binary symbols
+  - Collect source symbols
+  - Resolve dependencies
+
+- Inspector for Swift
+
+  - Decompile and collect binary symbols
+  - Collect source symbols
+  - Resolve dependencies
+
+- Inspector for Dart/Flutter
+
+  - Decompile and collect binary symbols
+  - Collect source symbols
+  - Resolve dependencies
+
+- Inspector for Ruby
+
+  - Collect source symbols
+  - Resolve dependencies
+
+- Inspector for Debian
+
+  - Parse Debian formats (completed)
+  - Parse installed database (completed)
+  - Compare versions (completed)
+  - Resolve dependencies
+
+- Inspector for Alpine
+
+  - Parse Alpine formats (completed)
+  - Parse installed database (completed)
+  - Compare versions (completed)
+  - Resolve dependencies
+
+- Inspector for RPM
+
+  - Parse RPM formats (partially completed)
+  - Parse installed database (completed)
+  - Compare versions (completed)
+  - Resolve dependencies
+
+- Inspector for containers
+
+  - Parse container images formats and manifests (completed)
+
+
+Other libraries
+-----------------
+
+- FetchCode: support all supported package ecosystems, use in purlDB and SCIO
+- univers: support all supported package ecosystems
+- license-expression : update to support latest SPDX updates, auto-update bundled licenses
+
diff --git a/src/licensedcode/data/licenses/cc-sa-1.0.LICENSE b/src/licensedcode/data/licenses/cc-sa-1.0.LICENSE
@@ -0,0 +1,75 @@
+---
+key: cc-sa-1.0
+short_name: CC-SA-1.0
+name: Creative Commons Share Alike License 1.0
+category: Copyleft
+owner: Creative Commons
+homepage_url: http://creativecommons.org/licenses/sa/1.0/
+spdx_license_key: LicenseRef-scancode-cc-sa-1.0
+notes: A deprecated license from Creative Commons that predates the use of the "BY" convention in the license identifier. 
+ CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE LEGAL SERVICES.
+ DISTRIBUTION OF THIS DRAFT LICENSE DOES NOT CREATE AN ATTORNEY-CLIENT RELATIONSHIP.
+ CREATIVE COMMONS PROVIDES THIS INFORMATION ON AN "AS-IS" BASIS.
+ CREATIVE COMMONS MAKES NO WARRANTIES REGARDING THE INFORMATION PROVIDED, AND
+ DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM ITS USE.
+text_urls:
+    - http://creativecommons.org/licenses/sa/1.0/legalcode
+other_urls:
+    - https://creativecommons.org/licenses/sa/1.0/legalcode
+ignorable_urls:
+    - http://creativecommons.org/
+---
+
+ShareAlike 1.0
+License
+
+THE WORK (AS DEFINED BELOW) IS PROVIDED UNDER THE TERMS OF THIS CREATIVE COMMONS PUBLIC LICENSE ("CCPL" OR "LICENSE"). THE WORK IS PROTECTED BY COPYRIGHT AND/OR OTHER APPLICABLE LAW. ANY USE OF THE WORK OTHER THAN AS AUTHORIZED UNDER THIS LICENSE IS PROHIBITED.
+
+BY EXERCISING ANY RIGHTS TO THE WORK PROVIDED HERE, YOU ACCEPT AND AGREE TO BE BOUND BY THE TERMS OF THIS LICENSE. THE LICENSOR GRANTS YOU THE RIGHTS CONTAINED HERE IN CONSIDERATION OF YOUR ACCEPTANCE OF SUCH TERMS AND CONDITIONS.
+
+1. Definitions
+
+    "Collective Work" means a work, such as a periodical issue, anthology or encyclopedia, in which the Work in its entirety in unmodified form, along with a number of other contributions, constituting separate and independent works in themselves, are assembled into a collective whole. A work that constitutes a Collective Work will not be considered a Derivative Work (as defined below) for the purposes of this License.
+    "Derivative Work" means a work based upon the Work or upon the Work and other pre-existing works, such as a translation, musical arrangement, dramatization, fictionalization, motion picture version, sound recording, art reproduction, abridgment, condensation, or any other form in which the Work may be recast, transformed, or adapted, except that a work that constitutes a Collective Work will not be considered a Derivative Work for the purpose of this License.
+    "Licensor" means the individual or entity that offers the Work under the terms of this License.
+    "Original Author" means the individual or entity who created the Work.
+    "Work" means the copyrightable work of authorship offered under the terms of this License.
+    "You" means an individual or entity exercising rights under this License who has not previously violated the terms of this License with respect to the Work, or who has received express permission from the Licensor to exercise rights under this License despite a previous violation.
+
+2. Fair Use Rights. Nothing in this license is intended to reduce, limit, or restrict any rights arising from fair use, first sale or other limitations on the exclusive rights of the copyright owner under copyright law or other applicable laws.
+
+3. License Grant. Subject to the terms and conditions of this License, Licensor hereby grants You a worldwide, royalty-free, non-exclusive, perpetual (for the duration of the applicable copyright) license to exercise the rights in the Work as stated below:
+
+    to reproduce the Work, to incorporate the Work into one or more Collective Works, and to reproduce the Work as incorporated in the Collective Works;
+    to create and reproduce Derivative Works;
+    to distribute copies or phonorecords of, display publicly, perform publicly, and perform publicly by means of a digital audio transmission the Work including as incorporated in Collective Works;
+    to distribute copies or phonorecords of, display publicly, perform publicly, and perform publicly by means of a digital audio transmission Derivative Works;
+
+The above rights may be exercised in all media and formats whether now known or hereafter devised. The above rights include the right to make such modifications as are technically necessary to exercise the rights in other media and formats. All rights not expressly granted by Licensor are hereby reserved.
+
+4. Restrictions. The license granted in Section 3 above is expressly made subject to and limited by the following restrictions:
+
+    You may distribute, publicly display, publicly perform, or publicly digitally perform the Work only under the terms of this License, and You must include a copy of, or the Uniform Resource Identifier for, this License with every copy or phonorecord of the Work You distribute, publicly display, publicly perform, or publicly digitally perform. You may not offer or impose any terms on the Work that alter or restrict the terms of this License or the recipients' exercise of the rights granted hereunder. You may not sublicense the Work. You must keep intact all notices that refer to this License and to the disclaimer of warranties. You may not distribute, publicly display, publicly perform, or publicly digitally perform the Work with any technological measures that control access or use of the Work in a manner inconsistent with the terms of this License Agreement. The above applies to the Work as incorporated in a Collective Work, but this does not require the Collective Work apart from the Work itself to be made subject to the terms of this License. If You create a Collective Work, upon notice from any Licensor You must, to the extent practicable, remove from the Collective Work any reference to such Licensor or the Original Author, as requested. If You create a Derivative Work, upon notice from any Licensor You must, to the extent practicable, remove from the Derivative Work any reference to such Licensor or the Original Author, as requested.
+    You may distribute, publicly display, publicly perform, or publicly digitally perform a Derivative Work only under the terms of this License, and You must include a copy of, or the Uniform Resource Identifier for, this License with every copy or phonorecord of each Derivative Work You distribute, publicly display, publicly perform, or publicly digitally perform. You may not offer or impose any terms on the Derivative Works that alter or restrict the terms of this License or the recipients' exercise of the rights granted hereunder, and You must keep intact all notices that refer to this License and to the disclaimer of warranties. You may not distribute, publicly display, publicly perform, or publicly digitally perform the Derivative Work with any technological measures that control access or use of the Work in a manner inconsistent with the terms of this License Agreement. The above applies to the Derivative Work as incorporated in a Collective Work, but this does not require the Collective Work apart from the Derivative Work itself to be made subject to the terms of this License.
+
+5. Representations, Warranties and Disclaimer
+
+    By offering the Work for public release under this License, Licensor represents and warrants that, to the best of Licensor's knowledge after reasonable inquiry:
+        Licensor has secured all rights in the Work necessary to grant the license rights hereunder and to permit the lawful exercise of the rights granted hereunder without You having any obligation to pay any royalties, compulsory license fees, residuals or any other payments;
+        The Work does not infringe the copyright, trademark, publicity rights, common law rights or any other right of any third party or constitute defamation, invasion of privacy or other tortious injury to any third party.
+    EXCEPT AS EXPRESSLY STATED IN THIS LICENSE OR OTHERWISE AGREED IN WRITING OR REQUIRED BY APPLICABLE LAW, THE WORK IS LICENSED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES REGARDING THE CONTENTS OR ACCURACY OF THE WORK.
+
+6. Limitation on Liability. EXCEPT TO THE EXTENT REQUIRED BY APPLICABLE LAW, AND EXCEPT FOR DAMAGES ARISING FROM LIABILITY TO A THIRD PARTY RESULTING FROM BREACH OF THE WARRANTIES IN SECTION 5, IN NO EVENT WILL LICENSOR BE LIABLE TO YOU ON ANY LEGAL THEORY FOR ANY SPECIAL, INCIDENTAL, CONSEQUENTIAL, PUNITIVE OR EXEMPLARY DAMAGES ARISING OUT OF THIS LICENSE OR THE USE OF THE WORK, EVEN IF LICENSOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+
+7. Termination
+
+    This License and the rights granted hereunder will terminate automatically upon any breach by You of the terms of this License. Individuals or entities who have received Derivative Works or Collective Works from You under this License, however, will not have their licenses terminated provided such individuals or entities remain in full compliance with those licenses. Sections 1, 2, 5, 6, 7, and 8 will survive any termination of this License.
+    Subject to the above terms and conditions, the license granted here is perpetual (for the duration of the applicable copyright in the Work). Notwithstanding the above, Licensor reserves the right to release the Work under different license terms or to stop distributing the Work at any time; provided, however that any such election will not serve to withdraw this License (or any other license that has been, or is required to be, granted under the terms of this License), and this License will continue in full force and effect unless terminated as stated above.
+
+8. Miscellaneous
+
+    Each time You distribute or publicly digitally perform the Work or a Collective Work, the Licensor offers to the recipient a license to the Work on the same terms and conditions as the license granted to You under this License.
+    Each time You distribute or publicly digitally perform a Derivative Work, Licensor offers to the recipient a license to the original Work on the same terms and conditions as the license granted to You under this License.
+    If any provision of this License is invalid or unenforceable under applicable law, it shall not affect the validity or enforceability of the remainder of the terms of this License, and without further action by the parties to this agreement, such provision shall be reformed to the minimum extent necessary to make such provision valid and enforceable.
+    No term or provision of this License shall be deemed waived and no breach consented to unless such waiver or consent shall be in writing and signed by the party to be charged with such waiver or consent.
+    This License constitutes the entire agreement between the parties with respect to the Work licensed here. There are no understandings, agreements or representations with respect to the Work not specified here. Licensor shall not be bound by any additional provisions that may appear in any communication from You. This License may not be modified without the mutual written agreement of the Licensor and You.
