License Scan report: lfenergy openleadr

Key findings:

Finding #1

Priority: Medium

The OASIS and UN/CEFACT notices appear to suggest that these specs can be redistributed, but should not be modified.
Given that, rather than distribute the specs in the openLEADR repo, is it possible to remove them and to pull them in at build-time or install-time from the upstream source? That would help ensure that they do not inadvertently get modified.
Note that these terms may apply to additional OASIS files in this directory beyond just the one I've indicated here.

3 files (show files)

openleadr-2024-09-18.zip/openleadr-python/openleadr/schema/oadr_ISO_ISO3AlphaCurrencyCode_20100407.xsd
openleadr-2024-09-18.zip/openleadr-python/openleadr/schema/oadr_siscale_20b.xsd
openleadr-2024-09-18.zip/openleadr-python/openleadr/schema/LICENSES.txt

Finding #2

Priority: Medium

The file at /openleadr/schema/oadr_xmldsig11.xsd contains a reference to the 2002 version of the W3C license, called W3C on the SPDX License List.
However, the license text in openleadr/schema/LICENSES.txt appears to incorrectly list the 2015 W3C license text, called W3C-20150513 on the SPDX License List.
Can the text in the LICENSES.txt file be corrected to use the 2002 version instead of 2015, since 2002 is referenced in the code?

2 files (show files)

openleadr-2024-09-18.zip/openleadr-python/openleadr/schema/oadr_xmldsig11.xsd
openleadr-2024-09-18.zip/openleadr-python/openleadr/schema/LICENSES.txt

openleadr-example-ven	ff0020aa
openleadr-example-vtn	4638a557
openleadr-python	dd171272

Project licenses:
	Apache-2.0	33
Attribution:
	W3C	1
Other:
	OASIS EMIX 2012 notice	1
	W3C-20150513 AND OASIS EMIX 2012 notice	1
	IETF-RFC-style notice	1
No license found:
	No license found in file	89
	No license found in file - excluded file extension	8
	No license found in file - empty file	2
TOTAL		136

License Scan report

Key findings:

License summary: