Details
-
Question
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
None
Description
The Traffic Control podling is in the process of having its release vetted by the Incubator PMC [5]. During this review, a question was raised about the inclusion of an unmodified text file in our source bundle. The text file in question is licensed under the Creative Commons Attribution ShareAlike 3.0 license.
The file source is Passwords/10_million_password_list_top_100000.txt from [1]. [2] describes this project as being under the CC-BY-SA-3.0 license
The file is included in Traffic Control as [3].
We were referred to Legal Discuss by one of the IPMC reviewers for clarification if this is an allowed use or falls into the Category B binary-only restriction. The Legal Resolved page [4] mentions that CC-BY 3.0 is allowed only in binary form, but also states that CC-BY-SA 3.0 is allowed when in unmodified form (but makes no comments about source vs binary distribution).
1. https://github.com/danielmiessler/SecLists
2. https://www.owasp.org/index.php/OWASP_SecLists_Project
3. https://github.com/apache/incubator-trafficcontrol/blob/master/traffic_ops/app/conf/invalid_passwords.txt
4. https://www.apache.org/legal/resolved.html#category-b
5. https://lists.apache.org/thread.html/62563367ca332d5e8acf62313afc86307a8029678ab83b489f1a7a50@%3Cgeneral.incubator.apache.org%3E
Thank You!