search

opencybersecurityalliance / documentation

OCA-wide documentation shared by all sub-projects and repositories
Other
33 stars 16 forks source link

This repo need a license file #39

Open sparrell opened 2 years ago

sparrell commented 2 years ago

OASIS Open rules (section 15.2) require each repo to have a license. This one somehow slipped thru a crack. Given the broad nature of contents (marketing, architecture, zero trust, indicators, TSC, ...), I think should be discussed at PGB to decide which one (and to meet the letter of the rules). Ie I could just make a PR and add one - but I think PGB should do the actual pick of which one.

JasonKeirstead commented 2 years ago

It should be using the CC-BY-4.0 license. Source code licenses do not make sense for this material. https://creativecommons.org/licenses/by/4.0/

sparrell commented 2 years ago

If this repo was just documentation, the CC-BY might make sense. This repo does have the marketing group so they might want to sanity check CC-BY is the correct one (ie make sure it allows the sponsor companies to use the material as they would like to as well as keeps others from misusing it). This repo also has the IoB which charter includes "creating a standardized approach for representing cyber threat actor behaviors in a shareable format" and "reference implementations via commonly developed code and tooling". It also has onology with files like https://github.com/opencybersecurityalliance/documentation/blob/master/Architecture%20Documents/Ontology/OCA%20Ontology%20Baseline_v20212210.owl which look pretty code like to me. And arch also has the C4 stuff which I recall looked code-like. Personally I think the "work groups" should be subprojects like Kestrel with their own repos but we if are going to stick them all together, then lets at least make sure all the parties are OK with CC-BY before we make the license file and I think it should get at least cursory approval at a PGB meeting.

JasonKeirstead commented 2 years ago

OWL is not code, it is content. CC-BY is a more applicable license for OWL. C4 is also content.

sparrell commented 2 years ago

I'm fine with CC-BY. I'm just saying it's a PGB decision to (1) make sure everyone agrees and (2) CYA if there is anything anywhere in there that someone later raises a stink about. It should only take 5 min at PGB if CC-BY is correct answer. @JasonKeirstead: On a unrelated note, you and i have different definitions of software. I consider schemas, config, and infrastructure as software but that's immaterial to this issue.