Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

license of password data #1

Closed
kurtseifried opened this issue Apr 26, 2017 · 11 comments
Closed

license of password data #1

kurtseifried opened this issue Apr 26, 2017 · 11 comments
Assignees
@berzerk0
Labels
help wanted

Comments

@kurtseifried
Copy link

"This is released without license, but also without intent for commercial use."

This means that no commercial distribution can ship this password list as part of the default password cracking dictionary. Can you relicense this work under a more acceptable license such as the APL?
@berzerk0 berzerk0 self-assigned this Apr 26, 2017
@berzerk0
Copy link
Owner

berzerk0 commented Apr 26, 2017
edited
Loading

I'll have to research this.
This will be open for a week or so.

@geeknik
Copy link

geeknik commented Apr 26, 2017
edited by berzerk0
Loading

How about a Creative Commons Attribution-NonCommercial license?

This is a possibility.

@ghost
Copy link

ghost commented Apr 26, 2017

Yes, CC is good for this. In general https://choosealicense.com/ can help, but as you do not have source code here, the best really is a CC license of your choice.

@maticmeznar
Copy link

maticmeznar commented Apr 26, 2017
edited
Loading

Each password can be seen as intellectual property of the person who created it. Considering this passwords were then acquired using illegal means from 100s of millions of individuals, I think the only acceptable license would be to release this lists into public domain, so humanity is free to do something useful with it. https://choosealicense.com/licenses/unlicense/ seems like a good choice.

@twocs
Copy link

twocs commented Apr 26, 2017

If it's not source code but a dataset, the unlimited licence does not seem appropriate.

@meta-l
Copy link

meta-l commented Apr 26, 2017

Regarding passwords as intellectual property - even a cursory google throws up lots of (legal) advice regarding this, not least "A password lacks sufficient originality to qualify for copyright protection however it may be registered as a trademark providing the necessary criteria is met."

Given that we're dealing with the most common passwords, I think we can safely ignore the IP concept.

@MikeDawg
Copy link

I don't know how much validity you'll give this response, but other "similar" projects, such as the big one from OWASP is licensed under: Creative Commons Attribution ShareAlike 3.0 License (best for documentation projects)

@berzerk0
Copy link
Owner

If it's good enough for OWASP it's likely more than good enough for me

@berzerk0
Copy link
Owner

Unless anyone has a better idea/reasons not to, I think a Creative Commons Attribution Share Alike 4.0 is my best choice.

It seems to allow the appropriate freedom of use and distribution while also making liability concerns clear. If it's good enough for OWASP, it's good enough for me.

@maticmeznar
Copy link

lgtm

@berzerk0
Copy link
Owner

Going with Creative Commons Attribution Share Alike 4.0 and closing

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@berzerk0 berzerk0

Labels
help wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@twocs @geeknik @kurtseifried @MikeDawg @maticmeznar @meta-l @berzerk0