Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

This repo need a license file #39

Open
sparrell opened this issue Jan 25, 2022 · 4 comments
Open

This repo need a license file #39

sparrell opened this issue Jan 25, 2022 · 4 comments

Comments

@sparrell
Copy link

OASIS Open rules (section 15.2) require each repo to have a license. This one somehow slipped thru a crack. Given the broad nature of contents (marketing, architecture, zero trust, indicators, TSC, ...), I think should be discussed at PGB to decide which one (and to meet the letter of the rules). Ie I could just make a PR and add one - but I think PGB should do the actual pick of which one.
@JasonKeirstead
Copy link
Member

JasonKeirstead commented Jan 25, 2022
edited
Loading

It should be using the CC-BY-4.0 license. Source code licenses do not make sense for this material. https://creativecommons.org/licenses/by/4.0/

@sparrell
Copy link
Author

If this repo was just documentation, the CC-BY might make sense. This repo does have the marketing group so they might want to sanity check CC-BY is the correct one (ie make sure it allows the sponsor companies to use the material as they would like to as well as keeps others from misusing it). This repo also has the IoB which charter includes "creating a standardized approach for representing cyber threat actor behaviors in a shareable format" and "reference implementations via commonly developed code and tooling". It also has onology with files like https://github.com/opencybersecurityalliance/documentation/blob/master/Architecture%20Documents/Ontology/OCA%20Ontology%20Baseline_v20212210.owl which look pretty code like to me. And arch also has the C4 stuff which I recall looked code-like. Personally I think the "work groups" should be subprojects like Kestrel with their own repos but we if are going to stick them all together, then lets at least make sure all the parties are OK with CC-BY before we make the license file and I think it should get at least cursory approval at a PGB meeting.

@JasonKeirstead
Copy link
Member

OWL is not code, it is content. CC-BY is a more applicable license for OWL. C4 is also content.

@sparrell
Copy link
Author

I'm fine with CC-BY. I'm just saying it's a PGB decision to (1) make sure everyone agrees and (2) CYA if there is anything anywhere in there that someone later raises a stink about. It should only take 5 min at PGB if CC-BY is correct answer. @JasonKeirstead: On a unrelated note, you and i have different definitions of software. I consider schemas, config, and infrastructure as software but that's immaterial to this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sparrell @JasonKeirstead