If the framework authors want to make a significant impact on the field, GPL v3 is not the way to license this.
You don’t get broad industry adoption and broad information sharing by trying to force a viral license on interested parties, you get adoption and information sharing by doing the hard work of building a community around the issue you care about and encouraging others to share information and best practices back into the community. OpenGL isn’t GPL v3, nor is ROS, nor OpenCV, nor the publication of CERT security alerts.
Releasing this under GPL v3 is simply the kiss of death for it, before it even got started.
[edit: looking deeper at the repo, GPL v3 is an even worse license to choose than it looks on the surface - there is no actual executable code in the repo, which means GPL of any version is incredibly poorly suited to the content at hand. If the authors have this weak an understanding of licensing issues, it’s very hard to believe they actually understand the subtleties of modern security well enough to justify investing the time to actually try to assess whether they’ve done a good job with their proposal here]
Why is there no OS layer? Having just the concept of a firmware layer stand in for this is not sufficient, as the security implications are different. Also I looked for, and did not find, what their definition of “robot” is. What is in scope, and what is out of scope? Is a self driving car out of scope, and why?
You don’t get broad industry adoption and broad information sharing by trying to force a viral license on interested parties, you get adoption and information sharing by doing the hard work of building a community around the issue you care about and encouraging others to share information and best practices back into the community. OpenGL isn’t GPL v3, nor is ROS, nor OpenCV, nor the publication of CERT security alerts.
Releasing this under GPL v3 is simply the kiss of death for it, before it even got started.
[edit: looking deeper at the repo, GPL v3 is an even worse license to choose than it looks on the surface - there is no actual executable code in the repo, which means GPL of any version is incredibly poorly suited to the content at hand. If the authors have this weak an understanding of licensing issues, it’s very hard to believe they actually understand the subtleties of modern security well enough to justify investing the time to actually try to assess whether they’ve done a good job with their proposal here]