[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Call for objections to changing the SEPs Open Repository license from BSD-3 to Apache-2.0
Hi, y'all - When I made the initial motion to open the OASIS Open Repository for STIX Enhancement Proposals (SEPs) [1], I chose the BSD-3 license without thinking about it due to the fact that all of the other CTI TC OASIS Open Repositories used BSD-3. Turns out this was a mistake. If we as a TC ever decide we want to pull some elements developed on the SEPs GitHub repository into a future revision of the specifications (which is kind of the point of SEPs), we need all SEPs contributions to be Apache2-licensed so that the same IPR TC protections for normal committee spec development to apply. This was discussed at the San Jose F2F and there was unanimity that we should just make this license change. Meanwhile, I've been crazy busy and this task has lingered on my todo list. I am in no way suggesting that the STIX Enhancement Proposal workflow process as currently defined in the GitHub repo is final. We have violent unanimity that we as a TC *need* SEPs but there are still a few key open questions we need to settle before we can say that SEPs is ready to be codified in the TC specs. We have a lot of work in progress and a clear roadmap. I am in no way trying to sidetrack the TC by reopening the wider SEPs discussion at this time. But there are a number of open pull-requests which would be quite interesting to have as contributions to the CTI TC (for example, Caitlin's proposal for an ACH SDO and an SCO for representing Windows Event Logs), plus some other contributions I have heard about privately which are pending the license change. If people are doing good work on the side and happy to contribute it for the TC's consideration, then as a TC we should enable that. Therefore, I would like to request a seven day call for objections to changing the license for the OASIS Open Repository for STIX Enhancement Proposals (SEPs) [1] from BSD-3 to Apache 2.0. If there are no objections, then I will work together with Chet and Scott at OASIS to ensure that proper protocol is followed to ensure that all SEPs contributors whose pull-requests Ivan and I already accepted are brought under the new licensing terms and I will request that currently pending pull-requests be reissued under the Apache 2.0 license, giving us a clear path forward. Sorry about the long-winded mail, but IPR is complicated and vitally important to our work as a TC. Thank you for your time. ^_^ [1]: https://github.com/oasis-open/cti-sep-repository -- Cheers, Trey Darley OASIS CTI TC Co-Chair Cyber Security Expert - CTI Strategist -- CERT.be Centre for Cyber Security Belgium Mail: trey.darley@cert.be GPG: CA5B 29E4 937E 151E 2550 6607 AE9A 7FF2 8000 0E4E -- Under the authority of the Prime Minister Wetstraat 16 - 1000 Brussels - Belgium Visiting address : Rue Ducale 4 â 1000 Brussels â Belgium Contact: https://www.cert.be
Attachment:
signature.asc
Description: PGP signature
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]