[Discussion] Consortium Bylaws Draft Available!

Thu May 21 20:22:31 UTC 2009

Personally, I would be unwilling, and in general, unable, due to other
licensing requirements and the needs of private investors, to surrender
copyright and/or patent rights on any intellectual property
contribution.

Most of us have other businesses that will be using the IP we would like
to contribute to the efforts of OISF, and need to have those businesses
able to use what we create independent of OISF.

What makes more sense is that the committers give OISF a worldwide,
unrestricted, sublicensable and assignable license to their IP, provided
it remains within the construct of OISF.

An example of what the current regime seems to allow is that some patent
troll could get a hold of OISF, stop doing any real work, and just use
it as a licensing house.

One other thing we don't want to happen is for Some Big Company to come
along and take over OISF, take our IP, close it off, and profit for very
little cash from all our efforts. 

-----Original Message-----
From: discussion-bounces at openinfosecfoundation.org
[mailto:discussion-bounces at openinfosecfoundation.org] On Behalf Of Ivan
Ristic
Sent: Thursday, May 21, 2009 11:32 AM
To: Matt Jonkman
Cc: discussion at openinfosecfoundation.org;
oisf-announce at openinfosecfoundation.org
Subject: Re: [Discussion] Consortium Bylaws Draft Available!

On Tue, May 19, 2009 at 10:08 PM, Matt Jonkman <jonkman at jonkmans.com>
wrote:
> Ivan Ristic wrote:
>>> All committers must complete a copyright assignment to OISF.
>>
>> I think you should consider giving shared copyright to committers. I 
>> think that would enourage people to contribute significant chunks, as

>> there will be no danger that the code will be given away and possibly

>> "lost".
>
> How do you mean? How would the code be lost? you mean if the 
> foundation chose to closed source it or something?

Yes, for example; or it goes bust. The bottom line is when someone gives
away his or her copyright the control over the code is out of their
hands. Similarly, what would happen if someone wanted to donate a
significant chunk of code? At the moment, he woould have to assign the
copyright over it to the foundation, but what if the author wants to
keep it for himeself?

>>> Advisory Board members are entitled to receive a version of the OISF

>>> Engine under more permissive terms for a period of one year.
>>
>> This isn't clear enough: do you mean that they get a perpetual 
>> licence for the code but no updates after one year, or that all their

>> rights are terminated after one year?
>>
>
> There's a very good question. Our goal is to keep the vendors involved

> and supporting maintenance. So the original intent was if they did not

> intend to remain and support maintenance that they'd lose rights.
>
> I know that sounds harsh, but once we get to a stable codebase we 
> wouldn't want to then see all the supporters just wander off and use 
> what they had at the moment. But conversely, we don't want to scare 
> everyone by thinking if they get into this they're in for some major 
> commitment for the long term.
>
> Any ideas to make this more suitable for all?

I think it's too much to expect from a business to commit to paying a
yearly fee forever. For example, what happens if you slow down
development to a crawl?

In general, I think that it's going to be difficult for you to predict
what licensing terms will be suitable to your licensees. Thus, I think
you should remain flexible and be prepared to tweak your licensing model
as you go along.

--
Ivan Ristic
_______________________________________________
Discussion mailing list
Discussion at openinfosecfoundation.org
http://lists.openinfosecfoundation.org/mailman/listinfo/discussion