Starting 2024-06-19 ~ Ending 2024-12-19
The OpenChain Project has announced the beginning of its six month Public Comment Period for proposed draft updates to the open source license compliance (ISO/IEC 5230:2020) and open source security assurance (ISO/IEC 18974:2023) specifications.
As per our specification development process outlined in the project FAQ, this Public Comment Period will run for six months, and it will be followed by a three month Freeze Period.
During the Public Comment Period everyone is invited to review and comment on the specifications. As an open project developing open standards, we host the draft documents on our GitHub repositories.
You can comment on this process by joining our monthly calls or via our Specification Mailing list. You can also leave comments via GitHub issues as detailed below.
Current Published Specifications
- Licensing (ISO/IEC 5230:2020):
https://github.com/OpenChain-Project/License-Compliance-Specification/blob/master/ISO-5230-2020/en/ISO-5230-2020.md
- Security (ISO/IEC 18974:2023):
https://github.com/OpenChain-Project/Security-Assurance-Specification/blob/main/Security-Assurance-Specification/ISO-18974/en/ISO-18974.md
Proposed Draft Updates to the Specifications
- Open Source License Compliance (ISO/IEC 5230:?):
https://github.com/OpenChain-Project/License-Compliance-Specification/blob/master/3.0/en/openchain-license-compliance-3.0.md - You can leave comments by opening an issue:
https://github.com/OpenChain-Project/License-Compliance-Specification/issues
- Open Source Security Assurance (ISO/IEC 18974:?):
https://github.com/OpenChain-Project/Security-Assurance-Specification/blob/main/Security-Assurance-Specification/2.0/en/openchain-security-specification-2.0.md - You can leave comments by opening an issue:
https://github.com/OpenChain-Project/Security-Assurance-Specification/issues
More Details On The Process
Full details can be found in the specification development process outlined in the project FAQ.
A brief outline of our current steps is that the project will:
- Open a Public Comments Period nine months before our target completion date. This runs for 6 months and only accepts minor updates such as typos or grammar corrections that do not change the requirements of the content. We do not accept any material changes during this period. All other feedback and recommendations are queue for consideration during the next version release cycle.
- Open a Freeze Period three months before our target completion date to allow a 3 month review of any changes made during the Public Comments Period.
- If a consensus expresses concerns over any changes made during the Public Comments period we would
- i) make changes to accommodate those concerns followed by
- ii) an additional 14 day Public Comments period; followed by
- iii) another 14 day Freeze period. Anyone with significant reservations on the final draft should state their position/concerns via the spec mailing list. The changes will be accepted once we achieve consensus for the final draft.
- In the event we do not have consensus on the final version – we would repeat the following cycle until we have consensus:
- i) accommodate changes to address majority concerns;
- ii) 14 day Public Comments period; followed by
- iii) a 14 day Freeze period cycle.
- Send the completed draft specification to the OpenChain Steering Committee for formal review and a vote on whether to accept the community recommendations for an updated or new specification.
- In principle, we target updates to our ISO standards once every five years
Please Note: the final decision on content and release of OpenChain Project specifications lies with the OpenChain Steering Committee.