[Owasp-board] [GPC] OWASP Recommended Licenses

Tom Brennan tomb at owasp.org
Tue Nov 27 03:28:31 UTC 2012


Tom Brennan

On Nov 26, 2012, at 9:04 PM, "Jeff Williams" <jeff.williams at aspectsecurity.com> wrote:

> Hi guys,
> I don't think OWASP should be telling project leaders what licenses are
> appropriate or not appropriate for their contributions to the field,
> except that it should be an approved opensource license.  I think it's
> great to provide guidance and perhaps advice on which licenses tend to
> work well, advantages and disadvantages, etc...  but there is no reason
> to push away projects that want to use a different license.
> When OWASP started, there were a large number of open source zealots
> that wanted everything to be done with open source programs and
> published in open source formats.   That was extremely constraining and
> made it difficult to communicate.   There are good arguments on both
> sides of this debate, and I don't think OWASP should get involved.
> Instead, take the "let 1000 projects bloom" approach and let project
> leaders choose whatever license they think is the best for their
> particular goals.
> I used the BSD license for ESAPI and I've been totally happy with the
> choice.  But it's not on the list.  There are now 2304 organizations
> (based on Sonatype statistics) using ESAPI and that's a pretty good sign
> it's a good one for OWASP.  That number is almost certainly a *low*
> estimate for a number of reasons.
> In any case, I think the intent here is good, but it comes across as a
> standard or policy or something.  Which sends the wrong message.
> --Jeff
> -----Original Message-----
> From: global-projects-committee-bounces at lists.owasp.org
> [mailto:global-projects-committee-bounces at lists.owasp.org] On Behalf Of
> Justin Searle
> Sent: Monday, November 26, 2012 3:41 PM
> To: Dinis Cruz; projects at owasp.org
> Cc: GPC
> Subject: Re: [GPC] OWASP Recommended Licenses
> Thanks Dinis.  Your right.  I swapped the column headers.  Good catch.
> I've fixed that and have attached a version 2 that should be correct.
> Justin Searle
> Managing Partner - UtiliSec
> 801-784-2052
> On Mon, Nov 26, 2012 at 12:41 AM, Dinis Cruz <dinis.cruz at owasp.org>
> wrote:
>> Hey Justin, isn't the apache license the one that should be on the 
>> first column? And the other 3 on the 2nd column?
>> Dinis Cruz
>> On 25 Nov 2012, at 23:54, Justin Searle <justin.searle at owasp.org>
> wrote:
>> GPC, in light of that recent thread about the opensource license 
>> mis-understanding (sorry if you were not on it), I've thrown together 
>> this spreadsheet.  It basically mimics what we've already added to the
>> the project application questionnaire, but does it in a more readable
> way.
>> If you like it, I'd recommend adding this content to the following
> pages:
>> https://www.owasp.org/index.php/How_to_Start_an_OWASP_Project
>> https://www.owasp.org/index.php/Guidelines_for_OWASP_Projects#Project_
>> Licensing https://www.owasp.org/index.php/OWASP_Licenses
>> Forgive me for doing it in Excel.  It was a knee-jerk reaction.  
>> Samantha, you can redo it in the wiki or in Google Docs if you wish.  
>> I've included both the original XLSX and a PDF version of it.
>> Justin Searle
>> Managing Partner - UtiliSec
>> 801-784-2052
>> <OWASP-Recommended-Licenses.pdf>
>> <OWASP-Recommended-Licenses.xlsx>
>> _______________________________________________
>> Global-projects-committee mailing list 
>> Global-projects-committee at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/global-projects-committee
> _______________________________________________
> Global-projects-committee mailing list
> Global-projects-committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global-projects-committee

More information about the Owasp-board mailing list