...
Documentation and Data Licences and Use
Alt title: Providing and Licensing Data and Documentation
Software-related artifacts distributed with the software or stored in its source code repository typically adhere to the same open source licence. This includes data, technical documentation, configurations and user manuals. For separate tutorials, presentations, training and promotional materials, it is advisable to use the Creative Commons Attribution Non-Commercial License (CC BY-NC). Another noteworthy licence is the GNU Free Documentation License (GFDL). While data is occasionally licensed under OSS licences, more commonly used are licences formulated by Creative Commons and Open Data Commons.Note: There is similar content in the "Preparation" section above. Consider moving the entire paragraph here and merging. In the "Preparation" section, briefly mention that non-software artifacts and data should be manually tracked and licensed as described here?:
Software -related artefacts (technical documentation, configuration, and user guides) distributed with software should be kept in its source code repository and will likely be under the same licence as the software. Keep separate tutorials, presentations or standalone training or promotional materials elsewhere, and they may be licensed under the CC BY-NC or CC BY licence. Software should acknowledge its use of external data by clearly documenting and attributing data sources in its documentation or within the software. This acknowledgment should ensure transparency and adherence to licensing or usage terms linked to the external data. Consequently, the software's licence may be impacted if the data comes with specific licensing requirements or restrictions. In such cases, the software must adhere to the terms of the external data licence. This is particularly relevant if data obtained from another source is hardcoded in software, integrated into software data structures, part of its knowledge base, or incorporated into software configuration or database bootstrap scripts. This applies to all data provided with the software, used to configure settings or define parameters or essential for the software's operation. Such data should be listed among the software's references and included in the software's licensing analysis. If the data used in this way is proprietary or licensed under an open data or OSS licence, compliance with licence requirements is imperative, and the used data should be mentioned, at least, in the NOTICE file. However, if the data is reference or lookup information in public and widespread use, such as a list of country codes from international standards, it should be acknowledged in software documentation and project artifacts but typically does not need inclusion in the analysis of licences. Even if the use of such data is not explicitly credited, its presence and source should be mentioned in the documentation to explain how this information can be updated.
...
Processing of external or user-created data may require explicit user consent, be allowed by the terms of use for the service data is coming from, or be subject to arrangements between the provider or controller of the system based on the software and those who manage the external source. These arrangements are not the primary concern for software developers and they do not affect software licensing. Still, they should be reasonably achievable with the software. Developers should ensure that software and data are secure, design software for personal data protection, and provide features supporting data-related arrangements, such as obtaining user consent, cookies management, and the display of privacy notice, terms of use, service policy or data retention policy. On the other hand, virtually all OSS licences include disclaimers of warranties and liability, so software authors cannot be legally liable for malfunctions, damages or misuse suffered or caused by users of OSS software. GÉANT offers security-focused code reviews using automated code analysis and expert assessments, coupled with related training (LINK!!??). This is complemented by infrastructure-level support from GÉANT Security.
...