Shane Coughlan

The minutes are below. The slides discussed during the meeting are presented here as well for reference.

1. Update on the agenda
There will be no sw360antenna presentation in this meeting. The presentation will be done in the next meeting

2. News
Oliver gave an overview about “what happened since last meeting”

3. Reference slides
Comments made by Frances are incorporated. Alexios proposed to add a note in the lower left box explaining that this is an example picture -> headline added. Peter suggested to add the mailing list subscription page and to improve the layout of the lower right box. -> done. Alexios proposed to be more explicit that there is world-wide collaboration and a world wide availability (upper right box) –> done. World map was updated
The glossary and the component landscape will be aligned with the big picture functional blocks –> cross check done – big picture partly updated, issue planned regarding glossary

3. User Stories
Overview of the Software-Architect-Epic.md. – Oliver explained that this epic should be seen as an abstract description that shall serve as a base for more detailed user stories. Marcel and Peter will check what user stories they can contribute

The OpenChain Project, in conjunction with the Taiwanese Legal Network and the Open Culture Foundation, held our second open source compliance workshop in Taipei on the 27th of September.

This event provided an opportunity to build on previous relationships to further our mission to ensure everyone is aware of and understands how to engage with our industry standard for open source compliance. This event was kindly sponsored by MOXA, a company that has been a positive contributor to our project throughout 2019.

As usual we are making the slides from this event available. We kicked off with a general overview of the OpenChain Project by Shane Coughlan, General Manager.

The event included an overview of why the OpenChain Japan Work Group formed and how it works.

Ueda San from Sony provided an excellent presentation on how Sony manages open source and compliance.

Kato San from Panasonic explained how his company contextualizes open source and compliance activities.

The event was capped by the excellent presentation by SZ Lin of MOXA explaining their perspective and activities in Taiwan and globally.

We ended the event with consensus that it is time to begin exploring the launch of a formal OpenChain Taiwan Work Group. Watch this space!

The OpenChain Project held its first China Work Group meeting on the 25th of September in Shenzhen. This event was kindly hosted by Huawei and featured attendees from companies as diverse as Baidu and DJI. It provided an excellent opportunity to build our first bridge into one of the world’s largest markets, and we received excellent local support, including via simultaneous translation.

The OpenChain Project was introduced from first principles. A significant focus was on how country work groups, as in Japan and Korea, provide added value through two way sharing of material between local regions and the international market. A key point was that local groups operate best in their local language, and this has worked well in practice for the OpenChain Project since the inception of such activities in December 2017.

We were joined at the event by Keith Bergelt, CEO of Open Invention Network. Their activity in building a community of patent non-aggression around the Linux System with over 3,000 participants highlighted how IPR management can effectively balance open source and portfolios.

The event included two open sessions for discussion and – as we concluded – it was provisionally discussed that the next event may take place in December at Baidu in Beijing. We look forward to next steps!

During the most recent OpenChain Work Group call Jeff Luszcz took center stage as our guest presenter. His talk was based on sharing his experience around real world challenges and solutions as observed during the past 15 years. You can view (and download) the slide deck from SlideShare.

The 11th meeting of the OpenChain Japan Work Group was hosted by Olympus on the 19th of September. It marked the completion of many months of work in building, sharing and translating open source compliance material.

The minutes are below. The slides discussed during the meeting are presented here as well for reference.

1. News
Shane gave a short summary of reactions during the OSS Summit NA on the earlier announcement of the Tooling Group. The reactions on the announcement were very positive and there is a global interest to have a OSS based compliance toolchain. There is high interest in developing and testing glue code to hook the existing tools together to form a ready to use reference toolchain.
Michael Jaeger also summarized the OSS Summit NA. There were presentations about OSS based compliance tools FOSSology, ORT, sw360. There was also a talk about the CHAOSS project and its areas of interest. The Japanese OpenChain Work Group had a booth presenting OpenChain.

The list of upcoming events was updated.
The F2F Meeting of the Open Source Tooling Group is taking place on October 10 09:15 – 16:15 at ESA: ESOC – European Space Operations Centre, Robert-Bosch-Strasse 5, 64293 Darmstadt, Germany, everybody is invited to join either in person or via remote access.
The Eclipsecon Europe taking place in Ludwigsburg Germany,  October 21 – 24, 2019 the program can be checked via https://www.eclipsecon.org/europe2019/schedule/2019-10-22

2. Introduction of the existing work
On slide 6 Big Picture – Integrated Compliance Toolchain the questions were raised whether the an “Issue tracker” shall also be listed. –> big picture will be updated
The proposal was made to rename the functional block “Component Analysis Service” to “Forensic Code Analysis Service” –> big picture will be updated.
As another Scanner “license finder” from Pivotal was mentioned https://github.com/pivotal/LicenseFinder
The glossary and the component landscape will be aligned with the big picture functional blocks
On slide 7 tests shall be added to the areas of work

3. Areas to focus on
Frances Paulisch and Arun Azhakesan gave an overview about the current development in the context of an OSS based compliances toolchain at Siemens Healthineers. The slides are attached.
In the following discussion tracecode was mentioned as a tool to analyze the traced execution of a build to identify which files are built into binaries and ultimately deployed in the software. It could help to work on the demands about Yocto builds.

4.Next steps
Reorganization of the repo sharing-creates-value to the focus OSS compliance toolchain
Preparation of a reference slide set about the Open Source Tooling Group. A proposal was made to provide in addition “One Slide telling the Open Source Tooling Group story”. Arun mentioned that he will give a presentation about the Open Source Tooling Group during the Kickoff Meeting of the Indian OpenChain Work Group kickoff and that he will share the slides as a starting point to create the reference slide set
The proposal was made to write user stories in order to derive a clear picture what needs to be done in order to make the turn-key solution happen.
Peter volunteered to check the internal documentation which parts it can be shared.
Marcel volunteered to provide some user stories.

The OpenChain Project is delighted to announce that our free online self-certification is now available in Korean. This translation was contributed by Haksung Jang and marks a major milestone in our roll-out of international services to support adoption of our industry standard.

Self-Certify in Korean

• https://certification.openchainproject.org

The OpenChain Project is delighted to announce that OpenChain Self-Certification is now available in Korean. This translation, joining our English and Japanese self-certification, marks another milestone in ensuring that companies around the world can quickly, easily and effectively adopt the key requirements of a quality open source compliance program. Great thanks are due to Haksung Jang from LG Electronics for his fantastic work in this translation.

Access OpenChain Self-Certification in Korean

• https://certification.openchainproject.org/?locale=ko

Nicole from TUV SUD has provided some slides outlining how Independent Compliance Assessments work and how they may be applied to the OpenChain Project. These can potentially be seen as one of three pillars to assist organizations in OpenChain Conformance.

1. Self-Certification, the core of the project, and our recommended activity for companies of all sizes in all markets.
2. Independent Compliance Assessment, where a company self-certifies but has the process assisted or reviewed by a third party, which may be a consultancy, a law firm or another organization.
3. Third-Party Certification, where a certification body such as TUV SUD provides an audited review and formal certification to a company.

The slides are a work in progress. It should be reviewed, edited and polished so we can consider formal inclusion in the OpenChain reference materials and so that we can roll out a case study explaining this approach to OpenChain Conformance.

Review the Slides

• https://docs.google.com/presentation/d/1E1am2wo0K3PbovtoByEOkvLWK2SLfv_cLFXo7VXJJ9o/edit#slide=id.g5bc6567d1d_0_115