[C-safe-secure-studygroup] Proposal: Any spec from this group should be available for download at no cost (need to talk with ISO)
Laurence.Urhegyi at codethink.co.uk
Fri Jul 20 19:01:15 BST 2018
A recent tweet from a colleague reminded me of this thread, and reminded me that
it's a topic I've wanted to re-visit for some time, as I don't think we ever
really agreed on a way forward.
I'm sure the constraints outlined in this scenario won't be unfamiliar to some
people on this list. You just can't help but feel that it's a 'closed shop', and
a pretty expensive one, too. Personally, I feel it'd be a really positive
contribution to the standards world if the output of this group could be free
and open source, and not just another for-pay standard. Added to this that a lot
of my own contribution to this group has been from my free time, and so I feel
strongly that the output should be able to be consumed for free.
I'll add to our next agenda, where we can weigh up our options.
On 28/12/16 17:25, Wheeler, David A via C-safe-secure-studygroup wrote:
> I'm happy to work with ISO, but if the result will be yet another for-pay document (e.g., from ISO), then I think we should NOT waste our time.
> Most of today's standards-setting organizations for computers produce no-cost documents, including IETF, W3C, the Open Group, OASIS, etc. Yes, this is a change from the past. When there were only a few relevant standards and publication costs were steep, it made sense to recoup costs. But today any real product will involve hundreds of thousands of standards (so paying for them all is absurdly unaffordable), and publication costs are effectively zero. Today "You must pay for this spec" is in most cases just another way of saying "no one will use this spec". That's especially true in our case, since to actually implement a guideline you normally need OSS tools and libraries to *use* it, and they're often not flush. I don't see the upside for me, either, since ISO isn't paying me to write documents to make money for them. I suspect ISO isn't paying any of us.
> ISO *does* release no-cost specs, including POSIX, Common Criteria, Ada, etc. But you have to negotiate that ahead-of-time, not wait to discover your document is useless. So this doesn't mean we can't work with ISO... just that we need to negotiate that early on.
> Anyway, my opinion. Thanks for listening.
> --- David A. Wheeler
> C-safe-secure-studygroup mailing list
> C-safe-secure-studygroup at lists.trustable.io
More information about the C-safe-secure-studygroup