Update specification license to Community Specification License 1.0

Question

Update specification license to Community Specification License 1.0

Closed this issue a year ago · 7 comments

LF started IP/license review of the SBOMit spec and provided feedback that the SBOMit specification needs to be Community Specification License 1.0 licensed per the OpenSSF charter (Section 5, Page 9):
https://cdn.platform.linuxfoundation.org/agreements/openssf.pdf

Answer 1 · 2023-08-25T16:18:14.000Z

So there was a big issue with this early on (with people strongly arguing we should avoid the OpenSSF) because Apple and other companies don't like the CSL 1.0. We heard from David Wheeler and a few others that they would approve "a reasonable license" and that their charter wasn't meant to exclude, but to include a default. So, please put me in touch with folks and I can escalate to straighten this out, if need be.

…

On Fri, Aug 25, 2023 at 11:32 AM Ian Dunbar-Hall ***@***.***> wrote: LF started IP/license review of the SBOMit spec and provided feedback that the SBOMit specification needs to be Community Specification License 1.0 licensed per the OpenSSF charter (Section 5, Page 9): https://cdn.platform.linuxfoundation.org/agreements/openssf.pdf — Reply to this email directly, view it on GitHub <#13>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAGROD6ZZ3LM3QJLNGMD7EDXXDAPZANCNFSM6AAAAAA36VO3WU> . You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>

Answer 2 · 2023-08-25T16:23:52.000Z

@JustinCappos, @jeffcshapiro is the reviewer who provided the feedback. I also worked with @hythloda to coordinate the review.

I would use this issue for discussion ossf/tac#191 .

Answer 3 · 2023-08-26T00:51:46.000Z

Okay, I replied there. Let's see how it goes!

…

On Fri, Aug 25, 2023 at 12:24 PM Ian Dunbar-Hall ***@***.***> wrote: @JustinCappos <https://github.com/JustinCappos>, @jeffcshapiro <https://github.com/jeffcshapiro> is the reviewer who provided the feedback. I also worked with @hythloda <https://github.com/hythloda> to coordinate the review. I would use this issue for discussion ossf/tac#191 <ossf/tac#191> . — Reply to this email directly, view it on GitHub <#13 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAGROD5WHIRODWPN4JANFLTXXDGSHANCNFSM6AAAAAA36VO3WU> . You are receiving this because you were mentioned.Message ID: ***@***.***>

Answer 4 · 2023-08-27T00:09:45.000Z

Let's wait and not update the license yet until we resolve the issue of which license is best for you, and see if an exception has been / will be granted if you stay with CC-BY-4.0.

Answer 5 · 2023-08-27T04:33:42.000Z

Okay, from our community standpoint, the license that the CNCF uses (see clause 11f https://github.com/cncf/foundation/blob/main/charter.md ) is what several community members are strongly in favor of. So, this is what is best for us.

@jeffcshapiro Are you able to approve this license or if not, can you escalate this to someone who can?

Answer 6 · 2023-08-27T22:59:19.000Z

Understood. Keep in mind the CNCF charter is referring to documentation, not a specification.

It's not up to me, most likely the OpenSSF governing board makes the decision. I will follow up with Amanda @hythloda and anyone else necessary to help get this resolved.

Answer 7 · 2023-09-08T16:36:41.000Z

Closed by #14