[Discussion] Bylaws Draft 2 Available!

robert.jamison at bt.com robert.jamison at bt.com
Mon Jul 6 15:56:17 UTC 2009


Matt,

I read throught the Bylaws draft 2 and wanted to bring up 2 items:

[1] In  the Advisory Board para, second sentence:

"The Advisory Board has no corporate decision-making authority but
provides a vehicle for its members to communicate with the Board and
help the Directors guide the
overall direction of the OISF Engine and OISF."

Is the sentence above saying that the 'Technical Advisory Board' will
provide means to communicate with both the Directors and the 'Financial'
or 'Corporate' 'Board'?  The term 'Board' becomes ambiguous when used to
describe two entities in the same sentence. Later in the paragraph
'Board of Directors' is used, and the inference is there, it's just a
little late grammatically.

[2] Later in the advisory board section:

" to receive a version of the OISF Engine under more permissive terms
for a period of one year."

More permissive than the Committers as mentioned previously in the
'Committers' section?  If so, since we defined the extents of engine use
to committers should we at least say 'individually persmissive terms' or
'special terms determined by the Board of Directors'?


[3] "Community Participants must agree that their participation as
Community Participants is in their individual capacity and not on behalf
of any corporate entity or other organization."

--Is this a legally binding agreement?  This seems like a really
important one since the intention would be to reduce any claims on OISF
technology from employers of community members.  Perhaps it should be
stressed, explained or mentioned in legalese, since under the Committers
para, it reads " All committers must complete a copyright assignment to
OISF."  Shouldn't even more IP enforcement be considered for Community
Members who claim active participation in the project, or is this a
tested and adequate standard already being applied in many open source
projects.

Thanks!


Rob Jamison | Manager of Network Intelligence | Managed Security
Solutions | BT | Tel +1 571.269.7378| Fax: +1 703.961.9140 | E:
robert.jamison at bt.com | bt.counterpane.com




-----Original Message-----
From: discussion-bounces at openinfosecfoundation.org
[mailto:discussion-bounces at openinfosecfoundation.org] On Behalf Of Matt
Jonkman
Sent: Thursday, June 25, 2009 1:45 PM
To: Tomas L. Byrnes
Cc: Emerging Threats Signatures; discussion at openinfosecfoundation.org;
oisf-announce at openinfosecfoundation.org
Subject: Re: [Discussion] Bylaws Draft 2 Available!

Sorry for the delay in answering Tom, but you make good points. We've
been talking to our counsel and think we have things ironed out. We are
being VERY careful to have a solid legal framework to stand on that will
allow the foundation to fulfill it's goals of building a great piece of
software, making it open source and easy to use without license
conflicts, and protecting the foundation and project from litigation
down the road.

So version 0.2 of the bylaws are available. The only changes are:

1. We are going with GPLv2 to avoid the patent complications. Those are
surmountable, but the possible negative image some folks still have of
gplv3 are something we don't want to have to overcome. 2 will work.

2. A quorum will be defined as a majority for voting purposes. (this
isn't spelled out in the summary of the bylaws here. These are just
working material, once we're set these will be drafted into full
legalese and made available for review)

So please all take a look and let us know if there are any other issues
we should consider before the full bylaws are drawn up.

http://www.openinfosecfoundation.org/bylaws_draft_v0.3.txt

Thanks Tom and everyone for the frank and constructive conversation.
It'll pay off for us all with a solid and reliable framework to get
things done!

Matt


Tomas L. Byrnes wrote:
> I think we need more clarity as to what the position on patents will
be, given that you are planning on GPLv3. Section 11 of the GPLv3 only
requires licensing the patent in connection with the contributed
Copyright, but given that you are assigning Copyright, you need to be
clear how you handle any Patents practiced in the Copyrighted code. 
> 
> Clearly, the simplest case is the typical one envisioned in the GPLv3:
A contributor contributes Copyright, and as part of that, grants a
patent license under Section 11, para 3, of the GPLv3 "Each contributor
grants you a non-exclusive, worldwide, royalty-free patent license under
the contributor's essential patent claims, to make, use, sell, offer for
sale, import and otherwise run, modify and propagate the contents of its
contributor version."
> 
> Requiring assignment of patents is likely to be problematic, but there
may be cases where contributors would like to do so, in which case there
needs to be a way to address how a contributor is reverse licensed for
their contributed patent. There also should be some discussion of the
status of the contributed patent, as patents that are still under review
may encumber OISF with additional costs if contributed, or create
liability if the contributor grants a license to or assigns a Patent,
some of whose claims, which claims are practiced in the code, turn out
to be part of a prior, valid, patent (and thus the code infringes the IP
of a non-contributor). This latter piece is a common problem with even
GPLv2, an example being the MS FAT32 patent, which all GPL code that can
read and write FAT infringes.
> 
> We may also be severely limiting the reach of the project by using
GPLv3, which is not exactly popular.
> 
> Personally, I'm more comfortable with GPLv2. If it's good enough for
Linux.....
> 
> There should be some language about how a license is chosen, and
process for appeal.
> 
> Also, there needs to be definition of a quorum for all votes.
> 
> The rest of it looks fine.
> 
> YMMV, IMNSHO, etc etc (think Maurice in "Madagascar" as he introduces
King Julian).
> 
> 
> --
> Tomas L. Byrnes
> ByrneIT
> Phone (it will find me): 760.444.4727
> 
> Text Message: 7604023999 at messaging.sprintpcs.com
> e-mail: tomb at byrneit.net
> IM: MSN Messenger tomb at byrneit.net
>       Skype: zwithapggb
> 
> 
>> -----Original Message-----
>> From: discussion-bounces at openinfosecfoundation.org
[mailto:discussion-
>> bounces at openinfosecfoundation.org] On Behalf Of Matt Jonkman
>> Sent: Thursday, June 11, 2009 7:41 AM
>> To: oisf-announce at openinfosecfoundation.org;
>> discussion at openinfosecfoundation.org
>> Subject: [Discussion] Bylaws Draft 2 Available!
>>
>> Thanks to everyone who commented on the existing Bylaws draft. We've
>> made some changes to suit the comments and concerns. The major change
>> being that contributors to the project retain their copyright of code
or
>> ideas. This was discussed on the lists and makes a lot of sense, and
we
>> hope will satisfy both our individual contributors as well as the
>> organizations that intend to contribute.
>>
>>
>> The latest (and lets hope final!) draft is available here:
>> http://www.openinfosecfoundation.org/bylaws_draft_v0.2.txt
>>
>>
>> We welcome further comment good or bad!
>>
>>
>> The Open Information Security Foundation
>>
>>
>>
>> --
>> --------------------------------------------
>> Matthew Jonkman
>> Emerging Threats
>> Phone 765-429-0398
>> Fax 312-264-0205
>> http://www.emergingthreats.net
>> --------------------------------------------
>>
>> PGP: http://www.jonkmans.com/mattjonkman.asc
>>
>>
>> _______________________________________________
>> Discussion mailing list
>> Discussion at openinfosecfoundation.org
>> http://lists.openinfosecfoundation.org/mailman/listinfo/discussion

-- 
--------------------------------------------
Matthew Jonkman
Emerging Threats
Phone 765-429-0398
Fax 312-264-0205
http://www.emergingthreats.net
--------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc


_______________________________________________
Discussion mailing list
Discussion at openinfosecfoundation.org
http://lists.openinfosecfoundation.org/mailman/listinfo/discussion



More information about the Discussion mailing list