Please consider using a FOSS license not public domain
joachimmetz opened this issue · 6 comments
Why does this matter? From https://opensource.org/node/878:
Plenty of people assume that public domain software must be open source. While it may
be free software within your specific context, it is incorrect to treat public domain
software as open source or indeed as globally free software. That’s not a legal opinion
(I’m not a lawyer so only entitled to layman’s opinions) but rather an observation that an
open source user or developer cannot safely include public domain source code in a project.
Thanks for your opinion. Here is another one: https://www.gnu.org/philosophy/open-source-misses-the-point.html
RichieB2B to be clear this is not my opinion and thanks for pointing out other opinions.
However this is a request to consider change to a FOSS license so that either opinions are no longer relevant and FOSS projects can reuse this repository/project without confusion.
@joachimmetz Thank you very much for your comment. There are multiple components in MISP taxonomies:
-
The JSON description of all the taxonomies (some that we developed our-self, many originating from references, books or publications from others).
-
The tools associated to MISP taxonomies in the repository. Indeed, for those ones, we are missing a free/open source license. These are not required tools to use but more simple and "quick hack" to generate the JSON files for the some of the taxonomies or generating doc from the JSON files.
For point 2, indeed, we will clarify and add an open source license for each of the respective tools.
For point 1, we used CC0 because it was considered by the FSF as a compatible license with free and open source license and the OSI could not reach a consensus because of some organizations which were afraid of the lack of patent waiver (with the case of many free/open source licenses).
The CC0 was a logical choice for us to ensure that we don't put further restrictions on content which were already public domain such as classification scheme (NIST or US published documentation, NATO publications) and to welcome many users to use it.
Here is a proposal for the point 1, we could imagine to dual-license the repository in CC0 and an free/open source license. There is also a specific reason that why we use the CC0 to avoid the need to carry on the copyright notice. If we were going into dual-licensing the repository, which free/open source license would be best in your opinion? (A 2-clause BSD would be fine?)
Thanks a lot.
Note to myself: Same remark could apply for the MISP galaxy also using CC0.
@adulau thanks for the response. As you indicate https://opensource.org/faq#cc-zero is a significant factor that causes confusion.
Here is a proposal for the point 1, we could imagine to dual-license the repository in CC0 and an free/open source license.
IMHO a dual license would remove potential confusion and would allow for integration with FOSS projects.
If we were going into dual-licensing the repository, which free/open source license would be best in your opinion? (A 2-clause BSD would be fine?)
I don't have a strong opinion here. BSD 2-clause is likely sufficiently permissive for most use cases. Others licenses of a similar permissive nature that come to mind are MIT and Apache.
@joachimmetz Thank you for the feedback. MISP taxonomies are now dual-licensed.
@adulau thx much appreciated