[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti] Call for objections to changing the SEPs Open Repository license from BSD-3 to Apache-2.0
Hey, Alexandre - According to Jamie Clark, the problem is not copyright but patent protection. According to Jamie, someone contributing to the cti-sep-repo under BSD-3 is not giving OASIS a patent license on their contribution and that the only approved license which covers both copyright and patent protection is Apache-2.0. But ianal, so I will defer to Jamie. Cheers, Trey On 10.04.2019 15:02:48, Alexandre Dulaunoy wrote: > Hi Trey, > > Thank you for the notification. > > A small question, what's the reasoning of the use of the Apache-2.0 license > instead of the BSD-3 license for such external contribution? Especially that > BSD-3 is an approved licensed for the TC[1] and the TC is operates under > the Non-Assertion Mode which doesn't impose a specific open source license > beside the ones approved for the open repositories. Do I miss something > more fundamental? > > Cheers > > [1] https://www.oasis-open.org/resources/open-repositories/licenses > > ----- Original Message ----- > From: "Darley Trey" <trey.darley@cert.be> > To: "OASIS CTI TC list" <cti@lists.oasis-open.org> > Sent: Wednesday, 10 April, 2019 14:38:54 > Subject: [cti] Call for objections to changing the SEPs Open Repository license from BSD-3 to Apache-2.0 > > Hi, y'all - > > When I made the initial motion to open the OASIS Open Repository for > STIX Enhancement Proposals (SEPs) [1], I chose the BSD-3 license > without thinking about it due to the fact that all of the other CTI TC > OASIS Open Repositories used BSD-3. > > Turns out this was a mistake. If we as a TC ever decide we want to > pull some elements developed on the SEPs GitHub repository into a > future revision of the specifications (which is kind of the point of > SEPs), we need all SEPs contributions to be Apache2-licensed so that > the same IPR TC protections for normal committee spec development to > apply. > > This was discussed at the San Jose F2F and there was unanimity that we > should just make this license change. Meanwhile, I've been crazy busy > and this task has lingered on my todo list. > > I am in no way suggesting that the STIX Enhancement Proposal workflow > process as currently defined in the GitHub repo is final. We have > violent unanimity that we as a TC *need* SEPs but there are still a > few key open questions we need to settle before we can say that SEPs > is ready to be codified in the TC specs. > > We have a lot of work in progress and a clear roadmap. I am in no way > trying to sidetrack the TC by reopening the wider SEPs discussion > at this time. But there are a number of open pull-requests which would > be quite interesting to have as contributions to the CTI TC (for > example, Caitlin's proposal for an ACH SDO and an SCO for representing > Windows Event Logs), plus some other contributions I have heard about > privately which are pending the license change. If people are doing > good work on the side and happy to contribute it for the TC's > consideration, then as a TC we should enable that. > > Therefore, I would like to request a seven day call for objections to > changing the license for the OASIS Open Repository for STIX > Enhancement Proposals (SEPs) [1] from BSD-3 to Apache 2.0. > > If there are no objections, then I will work together with Chet and > Scott at OASIS to ensure that proper protocol is followed to ensure > that all SEPs contributors whose pull-requests Ivan and I already > accepted are brought under the new licensing terms and I will request > that currently pending pull-requests be reissued under the Apache 2.0 > license, giving us a clear path forward. > > Sorry about the long-winded mail, but IPR is complicated and vitally > important to our work as a TC. Thank you for your time. ^_^ > > [1]: https://github.com/oasis-open/cti-sep-repository > > -- > Cheers, > Trey Darley > OASIS CTI TC Co-Chair > Cyber Security Expert - CTI Strategist > -- > CERT.be > Centre for Cyber Security Belgium > Mail: trey.darley@cert.be > GPG: CA5B 29E4 937E 151E 2550 6607 AE9A 7FF2 8000 0E4E > -- > Under the authority of the Prime Minister > Wetstraat 16 - 1000 Brussels - Belgium > Visiting address : Rue Ducale 4 â 1000 Brussels â Belgium > Contact: https://www.cert.be -- CERT.be Centre for Cyber Security Belgium Mail: trey.darley@cert.be GPG: CA5B 29E4 937E 151E 2550 6607 AE9A 7FF2 8000 0E4E -- Under the authority of the Prime Minister Wetstraat 16 - 1000 Brussels - Belgium Visiting address : Rue Ducale 4 â 1000 Brussels â Belgium Contact: https://www.cert.be
Attachment:
signature.asc
Description: PGP signature
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]