This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Template:Recommended Licenses"

From OWASP
Jump to: navigation, search
(Spelled out the license names, expanded explanations.)
(Factored out the situations that lead to "Sorry, not good for OWASP", which simplified the decision tree in the table.)
Line 4: Line 4:
 
Choosing a license under which an artifact is distributed and enforcing the license are prerogatives of the copyright holders over that artifact. By default, each contributor is copyright holder over the contributed piece. Contributors must all agree on the license and cooperate in enforcing it or must assign their copyright to the entity which becomes responsible for choosing and enforcing the license.
 
Choosing a license under which an artifact is distributed and enforcing the license are prerogatives of the copyright holders over that artifact. By default, each contributor is copyright holder over the contributed piece. Contributors must all agree on the license and cooperate in enforcing it or must assign their copyright to the entity which becomes responsible for choosing and enforcing the license.
  
<table border="1" cellpadding="3">
+
OWASP is a collaborative initiative for the public good and most of its output is expected to be functional, rather than aesthetic. The problem OWASP tackles is so large that OWASP acknowledges a need to collaborate with the commercial world. Therefore, in order to become an OWASP Sponsored Project, you should be comfortable with:
 +
 
 +
<p><ul>
 +
<li>Allowing arbitrary uses for your work, for example for commercial purposes. (If you disagree, consider using [https://creativecommons.org/licenses/by-nc/4.0/ CC-BY-NC].)</li>
 +
<li>Revealing to the world your project's source code (its form preferred for modification).</li>
 +
<li>Allowing your work, under certain conditions (see below), to be modified by others and redistributed. (If you disagree, consider using [https://creativecommons.org/licenses/by-nd/4.0/ CC-BY-ND].)</li>
 +
</ul></p>
 +
 
 +
<table class="wikitable">
 +
<caption>How to choose a license for artifcts of your OWASP project</caption>
 
<tr>
 
<tr>
   <th>Artifact</th>
+
   <th rowspan="2" colspan="2">Artifact</th>
   <td colspan="4"><b>Allow commercial uses of your work?</b></td>
+
   <th colspan="3">Under what conditions can your work be modified and redistributed?</th>
 
</tr>
 
</tr>
 
<tr>
 
<tr>
   <td></td>
+
   <th>As long as modifications are licensed in the same spirit</th>
   <td colspan="3"><b>Yes</b></td>
+
   <th>If credit is appropriately given to you</th>
   <td rowspan="3"><b>No</b></td>
+
   <th>Under any circumstances</th>
 
</tr>
 
</tr>
 
<tr>
 
<tr>
   <td>&nbsp;</td>
+
   <td rowspan="2">Standalone Tool</td>
   <td colspan=3><b>Allow modifications of your work?</b></td>
+
   <td>Run locally</td>
</tr>
+
   <td>[https://www.gnu.org/licenses/gpl.html GPL] (newest version as of 2016 is 3.0):<br/>The "General Public License" protects users' [https://www.gnu.org/philosophy/free-sw four essential freedoms], among other things by requiring someone who ''distributes'' software derived from yours to also publish the source code for the modifications. Anyone can charge money for distributing copies of the software, but cannot prevent its recipients from redistributing it for free. The GPL allows the copyright holders to distribute the software under additional licenses, too, which can be a way to make it proprietary-friendly.</td>
<tr>
 
   <td></td>
 
  <td><b>Yes, no restriction except attribution</b></td>
 
  <td><b>Yes, as long as modification are also open source</b></td>
 
  <td><b>No</b></td>
 
</tr>
 
<tr>
 
  <td>Tool Project<br/>(Non-WebBased)</td>
 
 
   <td rowspan="3">[https://apache.org/licenses/LICENSE-2.0.html Apache License] (newest version as of 2016 is 2.0):<br/>Has the fewest restrictions, even allowing proprietary modifications and proprietary forks of your project, and is more up-to-date than the BSD license.</td>
 
   <td rowspan="3">[https://apache.org/licenses/LICENSE-2.0.html Apache License] (newest version as of 2016 is 2.0):<br/>Has the fewest restrictions, even allowing proprietary modifications and proprietary forks of your project, and is more up-to-date than the BSD license.</td>
   <td>[https://www.gnu.org/licenses/gpl.html GPL] (newest version as of 2016 is 3.0):<br/>The "General Public License" protects users' [https://www.gnu.org/philosophy/free-sw four essential freedoms], among other things by requiring someone who '''distributes''' software derived from yours to also publish the source code for the modifications. Anyone can charge money for distributing copies of the software, but cannot prevent its recipients from redistributing it for free. The GPL allows the copyright holders to distribute the software under additional licenses, too, which can be a way to make it proprietary-friendly.</td>
+
   <td rowspan="4">[https://creativecommons.org/publicdomain/zero/1.0/ CC0] (newest version as of 2016 is 1.0):<br/>The "Public Domain Dedication" means that anybody can copy, modify, distribute and perform the work, even for commercial purposes, all without asking permission.</td>
  <td colspan="2" rowspan="4">Sorry, such licenses are not opensource and are not eligible to become an OWASP Sponsored Project. If this is really what you want, consider using CC-BY-ND or CC-BY-NC-ND. See http://creativecommons.org/choose for more information and note that they label these two license as &quot;not a Free Culture License&quot;</td>
 
 
</tr>
 
</tr>
 
<tr>
 
<tr>
   <td>Tool Project<br/>(WebBased)</td>
+
   <td>Consumed over the network</td>
 
   <td>[https://www.gnu.org/licenses/agpl.html AGPL] (newest version as of 2016 is 3.0):<br/>The "Affero General Public License" extends the GPL to SaaS: users of the modified software must be able to obtain the source code of the modifications.</td>
 
   <td>[https://www.gnu.org/licenses/agpl.html AGPL] (newest version as of 2016 is 3.0):<br/>The "Affero General Public License" extends the GPL to SaaS: users of the modified software must be able to obtain the source code of the modifications.</td>
 
</tr>
 
</tr>
 
<tr>
 
<tr>
   <td>Library Project</td>
+
   <td colspan="2">Library</td>
 
   <td>[https://www.gnu.org/licenses/gpl.html GPL] or [https://www.gnu.org/licenses/lgpl.html LGPL] (newest version as of 2016 is 3.0):<br/>The "Lesser General Public License" relaxes the GPL for libraries: if the library is not modified, just integrated (function calls, global variables,...), with other software, it does not require the source code of the other software to be published. The Free Software Foundation recommends the LGPL only for libraries which have established competitors for the same functionality, otherwise they recommend the full GPL.</td>
 
   <td>[https://www.gnu.org/licenses/gpl.html GPL] or [https://www.gnu.org/licenses/lgpl.html LGPL] (newest version as of 2016 is 3.0):<br/>The "Lesser General Public License" relaxes the GPL for libraries: if the library is not modified, just integrated (function calls, global variables,...), with other software, it does not require the source code of the other software to be published. The Free Software Foundation recommends the LGPL only for libraries which have established competitors for the same functionality, otherwise they recommend the full GPL.</td>
 
  </tr>
 
  </tr>
 
<tr>
 
<tr>
   <td>Document Project (includes E-Learning, presentations, books, etc)</td>
+
   <td colspan="2">Document (includes E-Learning, presentations, books etc.)</td>
 +
  <td>[https://creativecommons.org/licenses/by-sa/4.0/ CC-BY-SA] (newest version as of 2016 is 4.0):<br/>The "Creative Commons Attribution-ShareAlike" is like the GPL, but for documents.</td>
 
   <td>[https://creativecommons.org/licenses/by/4.0/ CC-BY] (newest version as of 2016 is 4.0):<br/>The "Creative Commons Attribution" is like the Apache License, but for documents.</td>
 
   <td>[https://creativecommons.org/licenses/by/4.0/ CC-BY] (newest version as of 2016 is 4.0):<br/>The "Creative Commons Attribution" is like the Apache License, but for documents.</td>
  <td>[https://creativecommons.org/licenses/by-sa/4.0/ CC-BY-SA] (newest version as of 2016 is 4.0):<br/>The "Creative Commons Attribution-ShareAlike" is like the GPL, but for documents.</td>
 
 
</tr>
 
</tr>
 
</table>
 
</table>

Revision as of 15:38, 19 April 2017

Why are you recommending these licenses?
Which other open source licenses are eligible for an OWASP project?

Choosing a license under which an artifact is distributed and enforcing the license are prerogatives of the copyright holders over that artifact. By default, each contributor is copyright holder over the contributed piece. Contributors must all agree on the license and cooperate in enforcing it or must assign their copyright to the entity which becomes responsible for choosing and enforcing the license.

OWASP is a collaborative initiative for the public good and most of its output is expected to be functional, rather than aesthetic. The problem OWASP tackles is so large that OWASP acknowledges a need to collaborate with the commercial world. Therefore, in order to become an OWASP Sponsored Project, you should be comfortable with:

  • Allowing arbitrary uses for your work, for example for commercial purposes. (If you disagree, consider using CC-BY-NC.)
  • Revealing to the world your project's source code (its form preferred for modification).
  • Allowing your work, under certain conditions (see below), to be modified by others and redistributed. (If you disagree, consider using CC-BY-ND.)

How to choose a license for artifcts of your OWASP project
Artifact Under what conditions can your work be modified and redistributed?
As long as modifications are licensed in the same spirit If credit is appropriately given to you Under any circumstances
Standalone Tool Run locally GPL (newest version as of 2016 is 3.0):
The "General Public License" protects users' four essential freedoms, among other things by requiring someone who distributes software derived from yours to also publish the source code for the modifications. Anyone can charge money for distributing copies of the software, but cannot prevent its recipients from redistributing it for free. The GPL allows the copyright holders to distribute the software under additional licenses, too, which can be a way to make it proprietary-friendly.
Apache License (newest version as of 2016 is 2.0):
Has the fewest restrictions, even allowing proprietary modifications and proprietary forks of your project, and is more up-to-date than the BSD license.
CC0 (newest version as of 2016 is 1.0):
The "Public Domain Dedication" means that anybody can copy, modify, distribute and perform the work, even for commercial purposes, all without asking permission.
Consumed over the network AGPL (newest version as of 2016 is 3.0):
The "Affero General Public License" extends the GPL to SaaS: users of the modified software must be able to obtain the source code of the modifications.
Library GPL or LGPL (newest version as of 2016 is 3.0):
The "Lesser General Public License" relaxes the GPL for libraries: if the library is not modified, just integrated (function calls, global variables,...), with other software, it does not require the source code of the other software to be published. The Free Software Foundation recommends the LGPL only for libraries which have established competitors for the same functionality, otherwise they recommend the full GPL.
Document (includes E-Learning, presentations, books etc.) CC-BY-SA (newest version as of 2016 is 4.0):
The "Creative Commons Attribution-ShareAlike" is like the GPL, but for documents.
CC-BY (newest version as of 2016 is 4.0):
The "Creative Commons Attribution" is like the Apache License, but for documents.