security-baseline icon indicating copy to clipboard operation
security-baseline copied to clipboard
verified publisher icon ossf

Proposal to merge OSPS-LE-02.0*

Open hyandell opened this issue 5 months ago • 2 comments

Merger Suggestion 1

OSPS-LE-02.01: While active, the license for the source code MUST meet the OSI Open Source Definition or the FSF Free Software Definition. OSPS-LE-02.02: While active, the license for the released software assets MUST meet the OSI Open Source Definition or the FSF Free Software Definition.

I would caution against trying to get into the licensing of the dependency tree, which 02.02 starts to do so. Or even into elements within the project itself. For example, there are many bits of 90s C code that are 'open enough' but not covered by an OSI approved license. I would simplify and merge these into one item. Perhaps:

OSPS-LE-02.01: While active, the license for the project's content MUST meet the OSI Open Source Definition or the FSF Free Software Definition.

I'll note that this feels less like a Baseline, and more like a requirement of the Baseline's scope.

hyandell avatar Oct 03 '25 21:10 hyandell

It does feel like more of a scoping definition than anything else, agreed.

trumant avatar Oct 05 '25 17:10 trumant

I agree with the general direction, but we should resolve #403 first since that may obviate this discussion.

funnelfiasco avatar Oct 06 '25 13:10 funnelfiasco