This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Template:Recommended Licenses"

From OWASP
Jump to: navigation, search
m (Switched list and table to Wiki syntax.)
 
(9 intermediate revisions by 2 users not shown)
Line 1: Line 1:
= OWASP Recommended Licenses =
+
[http://www.datamation.com/osrc/article.php/12068_3803101_1/Bruce-Perens-How-Many-Open-Source-Licenses-Do-You-Need.htm Why are you recommending these licenses?]<br/>
(Trying to make a complex choice easy for our project leaders)<br/>
+
[http://opensource.org/licenses/category Which other open source licenses are eligible for an OWASP project?]
  
<table border=1 cellpadding="3">
+
Choosing a license under which an artifact is distributed and enforcing the license are prerogatives of the copyright holders over that artifact. By default, each contributor is copyright holder over the contributed piece. Contributors must all agree on the license and cooperate in enforcing it or must assign their copyright to the entity which becomes responsible for choosing and enforcing the license.
<tr>
 
  <td></td>
 
  <td colspan=4>Allow commercial uses of your work?</td>
 
</tr>
 
<tr height=15>
 
  <td height=15></td>
 
  <td colspan=3>Yes</td>
 
  <td rowspan=3>No</td>
 
</tr>
 
<tr height=15 style='height:15.0pt'>
 
  <td height=15 style='height:15.0pt'></td>
 
  <td colspan=3 class=xl81>Allow modifications of your work?</td>
 
</tr>
 
<tr height=46 style='height:46.0pt'>
 
  <td height=46 class=xl65 style='height:46.0pt'></td>
 
  <td class=xl66 width=125 style='border-top:none;width:125pt'>Yes, no
 
  restriction except attribution</td>
 
  <td class=xl67 width=125 style='border-top:none;border-left:none;width:125pt'>Yes,
 
  as long as modification are also opensource</td>
 
  <td class=xl68 style='border-top:none;border-left:none'>No</td>
 
</tr>
 
<tr height=108 style='mso-height-source:userset;height:108.0pt'>
 
  <td height=108 class=xl71 width=124 style='height:108.0pt;width:124pt'>Tool
 
  Project<br>
 
  (Non-WebBased)</td>
 
  <td rowspan=3 class=xl78 width=125 style='border-bottom:.5pt solid black;
 
  width:125pt'><font class="font5">Apache 2.0</font><font class="font0"><br>
 
  (fewest restrictions, even allowing proprietary modifications and
 
  proprietary forks of your project, and more up-to-date than BSD license)</font></td>
 
  <td class=xl75 width=125 style='border-left:none;width:125pt'><font
 
  class="font5">GPL 3.0</font><font class="font0"><br>
 
  (requires that modifications to your code stay open source, thus prohibiting
 
  proprietary forks of your project)</font></td>
 
  <td colspan=2 rowspan=4 class=xl88 width=288 style='border-right:1.0pt solid black;
 
  border-bottom:1.0pt solid black;width:288pt'>Sorry, such licenses are not
 
  opensource and are not elegible to become an OWASP Sponsored Project.<span
 
  style="mso-spacerun:yes">&nbsp; </span>If this is really what you want,
 
  consider using CC-BY-ND or CC-BY-NC-ND.<span style="mso-spacerun:yes">&nbsp;
 
  </span>See http://creativecommons.org/choose for more information and note
 
  that they label these two license as &quot;not a Free Culture License&quot;.</td>
 
</tr>
 
<tr height=108 style='mso-height-source:userset;height:108.0pt'>
 
  <td height=108 class=xl72 width=124 style='height:108.0pt;width:124pt'>Tool
 
  Project<br>
 
  (WebBased)</td>
 
  <td class=xl76 width=125 style='border-left:none;width:125pt'><font
 
  class="font5">AGPL 3.0</font><font class="font0"><br>
 
  (prevents GPL's SaaS loophole)</font></td>
 
</tr>
 
<tr height=108 style='mso-height-source:userset;height:108.0pt'>
 
  <td height=108 class=xl69 style='height:108.0pt;border-top:none'>Library
 
  Project<span style="mso-spacerun:yes">&nbsp;</span></td>
 
  <td class=xl77 width=125 style='border-top:none;border-left:none;width:125pt'><font
 
  class="font5">LGPL 3.0</font><font class="font0"><br>
 
  (similar to GPL but modified for use with libraries that may be called by
 
  other proprietary programs)</font></td>
 
</tr>
 
<tr height=108 style='mso-height-source:userset;height:108.0pt'>
 
  <td height=108 class=xl70 width=124 style='height:108.0pt;border-top:none;
 
  width:124pt'>Document Project (includes E-Learning, presos, books, etc)</td>
 
  <td class=xl74 width=125 style='border-top:none;width:125pt'><font
 
  class="font5">CC-BY 3.0</font><font class="font0"><br>
 
  (like Apache but for documents)</font></td>
 
  <td class=xl73 width=125 style='border-top:none;border-left:none;width:125pt'><font
 
  class="font5">CC-BY-SA 3.0</font><font class="font0"><br>
 
  (like GPL but for documents.<span style="mso-spacerun:yes">&nbsp;
 
  </span>Alternately you can use GFDL, but projects like Debian and Ubuntu
 
  don't accept it)</font></td>
 
</tr>
 
</table>
 
  
<center>
+
OWASP is a collaborative initiative for the public good and most of its output is expected to be functional, rather than aesthetic. The problem OWASP tackles is so large that OWASP acknowledges a need to collaborate with the commercial world. Therefore, in order to become an OWASP Sponsored Project, you should be comfortable with:
Why are you recommending these licenses?  [http://www.datamation.com/osrc/article.php/12068_3803101_1/Bruce-Perens-How-Many-Open-Source-Licenses-Do-You-Need.htm http://www.datamation.com/osrc/article.php/12068_3803101_1/Bruce-Perens-How-Many-Open-Source-Licenses-Do-You-Need.htm]<br/>
+
 
Which other opensource licenses are elegible for an OWASP Project?    [http://opensource.org/licenses/category http://opensource.org/licenses/category]<br/>
+
* Allowing arbitrary uses for your work, for example for commercial purposes. (If you disagree, consider using [https://creativecommons.org/licenses/by-nc/4.0/ CC-BY-NC].)
</center>
+
* Revealing to the world your project's source code (its form preferred for modification).
 +
* Allowing your work, under certain conditions (see below), to be modified by others and redistributed. (If you disagree, consider using [https://creativecommons.org/licenses/by-nd/4.0/ CC-BY-ND].)
 +
 
 +
{| class="wikitable"
 +
|+ How to choose a license for artifcts of your OWASP project
 +
|-
 +
! scope="col" rowspan="2" colspan="2" | Artifact
 +
! scope="col"            colspan="3" | Under what conditions can your work be modified and redistributed?
 +
|-
 +
! scope="col" | As long as modifications are licensed in the same spirit
 +
! scope="col" | If credit is appropriately given to you
 +
! scope="col" | Under any circumstances
 +
|-
 +
! scope="row" rowspan="2" | Standalone Tool
 +
! scope="row" | Run locally
 +
 
 +
|
 +
; [https://www.gnu.org/licenses/gpl.html GPL] (newest version as of 2016 is 3.0):<br/>The "General Public License" protects users' [https://www.gnu.org/philosophy/free-sw four essential freedoms], among other things by requiring someone who ''distributes'' software derived from yours to also publish the source code for the modifications. Anyone can charge money for distributing copies of the software, but cannot prevent its recipients from redistributing it for free. The GPL allows the copyright holders to distribute the software under additional licenses, too, which can be a way to make it proprietary-friendly.
 +
 
 +
| rowspan="3" |
 +
; [https://apache.org/licenses/LICENSE-2.0.html Apache License] (newest version as of 2016 is 2.0):<br/>Has the fewest restrictions, even allowing proprietary modifications and proprietary forks of your project, and is more up-to-date than the BSD license.
 +
 
 +
| rowspan="4" |
 +
; [https://creativecommons.org/publicdomain/zero/1.0/ CC0] (newest version as of 2016 is 1.0):<br/>The "Public Domain Dedication" means that anybody can copy, modify, distribute and perform the work, even for commercial purposes, all without asking permission.
 +
 
 +
|-
 +
! scope="row" | Consumed over the network
 +
 
 +
|
 +
; [https://www.gnu.org/licenses/agpl.html AGPL] (newest version as of 2016 is 3.0):<br/>The "Affero General Public License" extends the GPL to SaaS: users of the modified software must be able to obtain the source code of the modifications.
 +
 
 +
|-
 +
! scope="row" colspan="2" | Library
 +
 
 +
|
 +
; [https://www.gnu.org/licenses/gpl.html GPL] or [https://www.gnu.org/licenses/lgpl.html LGPL] (newest version as of 2016 is 3.0):<br/>The "Lesser General Public License" relaxes the GPL for libraries: if the library is not modified, just integrated (function calls, global variables,...), with other software, it does not require the source code of the other software to be published. The Free Software Foundation recommends the LGPL only for libraries which have established competitors for the same functionality, otherwise they recommend the full GPL.
 +
 
 +
|-
 +
! scope="row" colspan="2" | Document (includes E-Learning, presentations, books etc.)
 +
 
 +
|
 +
; [https://creativecommons.org/licenses/by-sa/4.0/ CC-BY-SA] (newest version as of 2016 is 4.0):<br/>The "Creative Commons Attribution-ShareAlike" is like the GPL, but for documents.
 +
 
 +
|
 +
; [https://creativecommons.org/licenses/by/4.0/ CC-BY] (newest version as of 2016 is 4.0):<br/>The "Creative Commons Attribution" is like the Apache License, but for documents.
 +
 
 +
|-
 +
|}

Latest revision as of 16:03, 19 April 2017

Why are you recommending these licenses?
Which other open source licenses are eligible for an OWASP project?

Choosing a license under which an artifact is distributed and enforcing the license are prerogatives of the copyright holders over that artifact. By default, each contributor is copyright holder over the contributed piece. Contributors must all agree on the license and cooperate in enforcing it or must assign their copyright to the entity which becomes responsible for choosing and enforcing the license.

OWASP is a collaborative initiative for the public good and most of its output is expected to be functional, rather than aesthetic. The problem OWASP tackles is so large that OWASP acknowledges a need to collaborate with the commercial world. Therefore, in order to become an OWASP Sponsored Project, you should be comfortable with:

  • Allowing arbitrary uses for your work, for example for commercial purposes. (If you disagree, consider using CC-BY-NC.)
  • Revealing to the world your project's source code (its form preferred for modification).
  • Allowing your work, under certain conditions (see below), to be modified by others and redistributed. (If you disagree, consider using CC-BY-ND.)
How to choose a license for artifcts of your OWASP project
Artifact Under what conditions can your work be modified and redistributed?
As long as modifications are licensed in the same spirit If credit is appropriately given to you Under any circumstances
Standalone Tool Run locally
GPL (newest version as of 2016 is 3.0)

The "General Public License" protects users' four essential freedoms, among other things by requiring someone who distributes software derived from yours to also publish the source code for the modifications. Anyone can charge money for distributing copies of the software, but cannot prevent its recipients from redistributing it for free. The GPL allows the copyright holders to distribute the software under additional licenses, too, which can be a way to make it proprietary-friendly.
Apache License (newest version as of 2016 is 2.0)

Has the fewest restrictions, even allowing proprietary modifications and proprietary forks of your project, and is more up-to-date than the BSD license.
CC0 (newest version as of 2016 is 1.0)

The "Public Domain Dedication" means that anybody can copy, modify, distribute and perform the work, even for commercial purposes, all without asking permission.
Consumed over the network
AGPL (newest version as of 2016 is 3.0)

The "Affero General Public License" extends the GPL to SaaS: users of the modified software must be able to obtain the source code of the modifications.
Library
GPL or LGPL (newest version as of 2016 is 3.0)

The "Lesser General Public License" relaxes the GPL for libraries: if the library is not modified, just integrated (function calls, global variables,...), with other software, it does not require the source code of the other software to be published. The Free Software Foundation recommends the LGPL only for libraries which have established competitors for the same functionality, otherwise they recommend the full GPL.
Document (includes E-Learning, presentations, books etc.)
CC-BY-SA (newest version as of 2016 is 4.0)

The "Creative Commons Attribution-ShareAlike" is like the GPL, but for documents.
CC-BY (newest version as of 2016 is 4.0)

The "Creative Commons Attribution" is like the Apache License, but for documents.
Retrieved from "https://wiki.owasp.org/index.php?title=Template:Recommended_Licenses&oldid=228845"