The minutes are below. The slides discussed during the meeting are presented here as well for reference.
1. News
Shane gave a short summary of reactions during the OSS Summit NA on the earlier announcement of the Tooling Group. The reactions on the announcement were very positive and there is a global interest to have a OSS based compliance toolchain. There is high interest in developing and testing glue code to hook the existing tools together to form a ready to use reference toolchain.
Michael Jaeger also summarized the OSS Summit NA. There were presentations about OSS based compliance tools FOSSology, ORT, sw360. There was also a talk about the CHAOSS project and its areas of interest. The Japanese OpenChain Work Group had a booth presenting OpenChain.
The list of upcoming events was updated.
The F2F Meeting of the Open Source Tooling Group is taking place on October 10 09:15 – 16:15 at ESA: ESOC – European Space Operations Centre, Robert-Bosch-Strasse 5, 64293 Darmstadt, Germany, everybody is invited to join either in person or via remote access.
The Eclipsecon Europe taking place in Ludwigsburg Germany, October 21 – 24, 2019 the program can be checked via https://www.eclipsecon.org/europe2019/schedule/2019-10-22
2. Introduction of the existing work
On slide 6 Big Picture – Integrated Compliance Toolchain the questions were raised whether the an “Issue tracker” shall also be listed. –> big picture will be updated
The proposal was made to rename the functional block “Component Analysis Service” to “Forensic Code Analysis Service” –> big picture will be updated.
As another Scanner “license finder” from Pivotal was mentioned https://github.com/pivotal/LicenseFinder
The glossary and the component landscape will be aligned with the big picture functional blocks
On slide 7 tests shall be added to the areas of work
3. Areas to focus on
Frances Paulisch and Arun Azhakesan gave an overview about the current development in the context of an OSS based compliances toolchain at Siemens Healthineers. The slides are attached.
In the following discussion tracecode was mentioned as a tool to analyze the traced execution of a build to identify which files are built into binaries and ultimately deployed in the software. It could help to work on the demands about Yocto builds.
4.Next steps
Reorganization of the repo sharing-creates-value to the focus OSS compliance toolchain
Preparation of a reference slide set about the Open Source Tooling Group. A proposal was made to provide in addition “One Slide telling the Open Source Tooling Group story”. Arun mentioned that he will give a presentation about the Open Source Tooling Group during the Kickoff Meeting of the Indian OpenChain Work Group kickoff and that he will share the slides as a starting point to create the reference slide set
The proposal was made to write user stories in order to derive a clear picture what needs to be done in order to make the turn-key solution happen.
Peter volunteered to check the internal documentation which parts it can be shared.
Marcel volunteered to provide some user stories.
