Choose license

[craig-willis]

We need to choose a license for Cheese project repositories. NDS uses BSD-3 based on historical NCSA licenses. Can we use MIT for this project?

[bodom0015]

Options might include:

MIT

A short and simple permissive license with conditions only requiring preservation of copyright and license notices. Licensed works, modifications, and larger works may be distributed under different terms and without source code.

BSD-2

A permissive license that comes in two variants, the BSD 2-Clause and BSD 3-Clause. Both have very minute differences to the MIT license.

BSD-3

A permissive license similar to the BSD 2-Clause License, but with a 3rd clause that prohibits others from using the name of the project or its contributors to promote derived products without written consent.

About the endorsement (3rd) clause: see https://opensource.stackexchange.com/questions/5996/in-software-licenses-what-does-the-endorsement-clause-exactly-protect-the-lic

[bodom0015]

Given the nature of the CHEESE application, it seems trivial to use one or more of our software products (e.g. Docker images containing known vulnerabilities) maliciously.

It therefore makes sense to go with something like BSD-3 for the protection that the "endorsement clause" might provide, in the event that a malicious external actor decides to use our code for no good.

[craig-willis]

Per 10/3 meeting, we're recommending moving forward with BSD3 License. All repos should have a BSD3 license. We do need to answer the question about what to put for the Full Name