Hi! I'm working on a package that would contain this file (among others like it):
https://github.com/CycloneDX/cyclonedx-go/blob/master/testdata/valid-evidence.json The file is a test vector for checking that license compliance testing works, and as such the file contains some copyright notices at the end. As far as I can tell, there is no actual content in this package that is copyrightable by those holders, the copyright statements are merely used as part of a test vector. What is the recommended way to deal with this? 1) Add a stanza for each file (many++) and all copyright notices found, and a Comment: explaining that they aren't really relevant. Files: testdata/valid-evidence.json Copyright: OWASP Foundation 2012 Google Inc 2004,2005 Dave Brosius <[email protected]> 2005 William Pugh 2004,2005 University of Maryland License: Apache-2.0 Comment: Actual copyright holder is OWASP Foundation, the rest are copyright statements used as a test vector. 2) Add a generic Comment: about this. Files: * Copyright: OWASP Foundation License: Apache-2.0 Comment: Several files contain additional copyright statements as part of them being used as a test vector for proper license/copyright parsing. They do not correspond to any copyrightable content of this package. 3) Ignore those copyright statements as "obviously" irrelevant. 4) Something else? /Simon
signature.asc
Description: PGP signature
