[C-safe-secure-studygroup] Feedback request: applicable licence(s) and publication approach for your contributions here

Wed Jul 25 13:11:18 BST 2018

Hi Paul

I broadly agree with your argument, regarding the status of the documents
and the email discussion, but a few observations:

   - Whilst I believe that ISO charge for copies of the current version of
   TS17961, it is possible to negotiate a 'no cost' distribution. WG23
   (software vulnerabilities) did this, and that is available at no cost on a
   public web site, and I notice SC27 has a similar proposal out for
   discussion. This appears to require the working group to make a business
   case to the next level of ISO management to justify why free distribution
   would be appropriate - as our aim is to improve the quality of safety and
   security related software, you'd hope this was an easy sell
   - The idea of email discussions being open and published documents and
   drafts having restricted access is the common model for standards
   development, but note that the licencing requirements trump the 'email
   discussion is open' argument. You cannot send say the existing TS17961
   to the reflector and use that as an argument that it should be freely
   available

     Clive

On Wed, Jul 25, 2018 at 8:33 AM, Paul Sherwood <
paul.sherwood at codethink.co.uk> wrote:

> Hi all,
> in light of the recent pickups [1] of conversation about paid-for
> standards vs free contributions which we had when the group started [2] and
> some complementary discussion on the trustable-software list [3], I think
> it's worth attempting to clarify what the community believe the rules of
> engagement are here.
>
> AFAIK we have not agreed any licensing to cover the contents of email
> discussions on the list itself, and all members understand that the list is
> published without restriction, which I take to mean that in effect the list
> contents can and should be considered 'public domain' (IANAL)
>
> The repository and wiki on gitlab [4] are secured and marked private, so
> only members of the group can access the contents, which includes a
> markdown copy of TS 17961, which is covered by an ISO licence which
> expressly forbids publication of the standard's contents on an unsecured
> network. As far as I know we have not agreed any licensing for the
> contributions this community is making as a result of the work around
> considering that standard and MISRA (which itself is licensed, obviously).
>
> Given the original discussions, I think the consensus was/is that the
> community outputs and discussions should be open and free to consume, but I
> may be wrong. If I am right, then we should probably consider breaking
> apart the contributions from the original standards, into a separate public
> place rather than continuing to home them in the secured repo containing
> the ISO document itself, and to assert a suitable licence on the work.
>
> What are your thoughts on this? It would be particularly worthwhile to get
> perspectives from the contributors who have been shouldering the bulk of
> the technical work, if possible.
>
> br
> Paul
>
> [1] https://lists.trustable.io/pipermail/c-safe-secure-studygrou
> p/2018-July/000593.html
> [2] https://lists.trustable.io/pipermail/c-safe-secure-studygrou
> p/2016-December/000018.html
> [2] https://lists.trustable.io/pipermail/trustable-software/2018
> -July/000408.html
> [4] https://gitlab.com/trustable/C_Safety_and_Security_Rules_Study_Group
>
> _______________________________________________
> C-safe-secure-studygroup mailing list
> C-safe-secure-studygroup at lists.trustable.io
> https://lists.trustable.io/cgi-bin/mailman/listinfo/c-safe-
> secure-studygroup
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.trustable.io/pipermail/c-safe-secure-studygroup/attachments/20180725/43467ea5/attachment.html>