[Owasp-leaders] Copyright statement recommendations

johanna curiel curiel johanna.curiel at owasp.org
Fri Jun 24 13:25:12 UTC 2016


The main legal question is who exactly is part the ZAP developing team?


   - Anyone that has contributed with a small piece of code and appears as
   contributor in the Github repo's?
   - A dedicated group of developers that has contribute with at least x
   amount of commits into the master ?
   - Anyone that has done a pull request?
   - Anyone that has contributed with documentation?


The better you define who is the team, the clear it is who has rights on
it.Not necessarily it means you have to be a legal entity, but it helps.
Either way if you set a legal entity you still need to define who are the
developers part of that team.

Setting the rights on your name makes it clear and less discussible but if
this is not want you want, I think you need to define who is (in) the team
and who can be considered part of it.


On Fri, Jun 24, 2016 at 7:00 AM, psiinon <psiinon at gmail.com> wrote:

> Leaders,
>
> We've had some questions about the ZAP copyright statement we use in our
> code, which is now variations on:
> /*
>  * Zed Attack Proxy (ZAP) and its related class files.
>  *
>  * ZAP is an HTTP/HTTPS proxy for assessing web application security.
>  *
>  * Copyright 2016 The ZAP Development Team
>  *
>  * Licensed under the Apache License, Version 2.0 (the "License");
>  * you may not use this file except in compliance with the License.
>  * You may obtain a copy of the License at
>  *
>  *   http://www.apache.org/licenses/LICENSE-2.0
>  *
>  * Unless required by applicable law or agreed to in writing, software
>  * distributed under the License is distributed on an "AS IS" BASIS,
>  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
> implied.
>  * See the License for the specific language governing permissions and
>  * limitations under the License.
>  */
>
> Is "The ZAP Development Team" a reasonable term to use, or is problematic
> as this is not a legal entity?
> We typically just give the year the relevant file was created, but should
> we use the range of years ZAP has been around (ie "2010-2016") and update
> every file every year?
> Any other thoughts or recommendations?
>
> Cheers.
>
> Simon
>
>
>
> --
> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>


-- 
Johanna Curiel
OWASP Volunteer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160624/84396545/attachment.html>


More information about the OWASP-Leaders mailing list