PropertyDeserializer.java Seems to Include Proprietary Lockheed Martin Code

[dariush-griffin]

Looking at the copyright header on the PropertyDeserializer:

/*
 * Copyright (c) 2018,2019, 2020, 2021 Lockheed Martin Corporation.
 *
 * This work is owned by Lockheed Martin Corporation. Lockheed Martin personnel are permitted to use and
 * modify this software.  Lockheed Martin personnel may also deliver this source code to any US Government
 * customer Agency under a "US Government Purpose Rights" license.
 *
 * See the LICENSE file distributed with this work for licensing and distribution terms
 */

The code in that file is owned by Lockheed Martin and that only their personnel are permitted to use and modify that file. Was this intentional or did the author (@wrgoff) accidentally have this copyright statement set in their IDE?

[DarthHater]

@stevespringett , this definitely seems bizarre, the license header is in collision with Apache 2.0, to at least some degree. The last sentence in the header is a fun one, since it would point someone to the Apache 2.0 license and then I think they'd get even more confused?

[stevespringett]

The sole purpose for the deserializer being there is to support properties in a non-standard way. Lockheed Martin adopted properties prior to v1.3 being released with formal support for properties. This deserializer supports both the CycloneDX way of supporting properties as well as the Lockheed Martin way of supporting properties. Worst case scenario, we remove the deserializer from the code base. They can continue to use v6.0.0 of the library which supports the latest CycloneDX v1.4 release.