[Owasp-testing] OSSTMM manual

Javier Fernández-Sanguino jfernandez at germinus.com
Tue Jan 23 07:06:27 EST 2007

Andrew van der Stock dijo:
> Jeff,
> is it possible for us to re-license the OWASP Guide 3.0 with this 
> license, or do I have to find all the 1.x contributors and ask them for 
> permission?

A license change requires all people with copyright over the text to 
approve it (that approval needs to be signed to be legal). All document 
authors are actually copyright holders of the text they wrote unless 
they transfer (c) to some other organisation beforehand (and typically 
this needs to be also signed for it to be legal under most jurisdictions).

That's why many projects, right from the start, ask contributors to 
either adhere to a license that they don't expect to change, or transfer 
(c) to the main leader of the project. This is, IIRC, done now when 
people sign in the Wiki but was not done previously in OWASP.

That's also why having a version control system (even for documentation) 
where people contribute makes it easier to determine who wrote what. 
Without it is impossible to track who made significant changes to the 
document (and is, consequently, co-author of it).

Of course, this does not apply to small "patches" to the documents (typo 
fixes, reviews, ideas that get written by somebody else) since those are 
not major contributions.

Some (OSS) projects have had to rewrite some parts full of it because 
they could not get hold of one of the earlier contributors when they 
wanted to do a license change :(



More information about the Owasp-testing mailing list