Shane Coughlan

Dr. Peter Ellsiepen at the European Space Agency (ESA) is kindly hosting a Tooling Work Group meeting at the European Space Operations Centre (ESOC). This event marks one of the early opportunities for parties interested in tooling and automation to get together and discuss which open source solutions they are applying to open source compliance.

The Tooling Work Group is chaired by Oliver Fendt from Siemens and has a diverse range of contributors from German, Japanese and international companies.

Learn More About the Tooling Work Group

• https://github.com/Open-Source-Compliance/Sharing-creates-value

Join the Mailing List

https://groups.io/g/oss-based-compliance-tooling

The minutes are below. The slides discussed during the meeting are also below for reference.

1. News

Oliver gave an overview about “what happened since last meeting”
Two new user stories are available in the Github repo:
             Initial user story – Software-Developer-Epic.md https://github.com/Open-Source-Compliance/Sharing-creates-value/blob/master/User-Stories/Software-Developer-User-Stories/Software-Developer-Epic.md
             Initial user story – Compliance-Assistant-Epic.md https://github.com/Open-Source-Compliance/Sharing-creates-value/blob/master/User-Stories/Compliance-Assistant-User-Stories/Compliance-Assistant-Epic.md

A new version of the one pager slide was circulated on the mailing list. The objective is to have the first release next week.

Upcoming Events:
             Oliver presented an overview of the interesting session from an OSS compliance perspective at Eclipsecon.
             Alexios asked about an overview of the interesting sessions at OSS Summit Europe. Michael J. sent an email with interesting talks at the OSS Summit Europe to the mailing list.

2. Sw360antenna
Lars gave an overview about their work concerning automation and integration of the OSS compliance tools in the CI/CD workflow. He introduced two use cases (please see attached slides):
1. Automatic management of 3rd party dependencies
             This use case applies to “normal” software development, where the OSS component approval is triggered by the integration of the component.
2. Upfront dependency approval
             This use case applies to software development in regulated environments like safety critical systems, where the OSS components which will be integrated must be known upfront. If an unknown component is detected this will cause a policy violation.
             Aaron added that this use case is also common in the financial sector.

Lars mentioned that for having an overview about the licensing situation scancode is used and for the curation, approval and release FOSSology is used.
He gave a nice live demo showing the working implementation of use case 1. Oliver mentioned that this demo covers the following functional blocks of the big picture:
             Dependency resolver
             Source package downloader
             License & Copyright Scanner
             Policy Checker
             Component & application inventory
             FOSS Compliance Bundle generator

The documentation of use case 1 is available on https://eclipse.github.io/antenna/1.0.0-SNAPSHOT

3. Next Steps
             User stories:
                            Kate mentioned that there is no user story covering the recipients of the compliance artifacts – the persons/organizations receiving the results of the process and results produced by the toolchain. Oliver said that such a user story will be added.

             Next meeting:
                            The next regular Wednesday meeting will be on 6th of Nov. On 10th of Oct there is the face to face meeting in Darmstadt

Does your company do open source? It is time to get involved with The Linux Foundation‘s OpenChain Project, the industry standard to make open source compliance quick, easy and efficient. Meet us at Open Source Summit Europe, hop on a call or join our mailing lists. All welcome!

Become Part of What We Do

• https://www.openchainproject.org/get-started/participate

The OpenChain Project will be taking center stage during the Risk and Compliance in Open Source panel at the Nordic OpenInfra Days on the 3rd of October.

“Amanda Brock will chair the panel and consider what is risk in open source and what does it take to make software Trustable from a legal and compliance perspective. The Linux Foundation’s OpenChain compliance project has rapidly gained traction and is supported by companies like Microsoft, Google, Facebook, Intel, Toyota and Scania. Andrew Katz from Orcro, a Linux Foundation partner, has been advising companies on open source compliance for many years, and draws on the practical experience he has with clients large and small in discussing this. Martin Von Willebrand will consider how to implement an end-to-end automated open source compliance tool chain and Professor Björn Lundell will highlight findings and challenges from extensive research related to clarifying terms (and obtaining patent licences) for use of IT standards allowing for implementation in open source projects.”

Learn More

• https://openinfranordics.com/program/

The minutes are below. The slides discussed during the meeting are presented here as well for reference.

1. Update on the agenda
There will be no sw360antenna presentation in this meeting. The presentation will be done in the next meeting

2. News
Oliver gave an overview about “what happened since last meeting”

3. Reference slides
Comments made by Frances are incorporated. Alexios proposed to add a note in the lower left box explaining that this is an example picture -> headline added. Peter suggested to add the mailing list subscription page and to improve the layout of the lower right box. -> done. Alexios proposed to be more explicit that there is world-wide collaboration and a world wide availability (upper right box) –> done. World map was updated
The glossary and the component landscape will be aligned with the big picture functional blocks –> cross check done – big picture partly updated, issue planned regarding glossary

3. User Stories
Overview of the Software-Architect-Epic.md. – Oliver explained that this epic should be seen as an abstract description that shall serve as a base for more detailed user stories. Marcel and Peter will check what user stories they can contribute

The OpenChain Project, in conjunction with the Taiwanese Legal Network and the Open Culture Foundation, held our second open source compliance workshop in Taipei on the 27th of September.

This event provided an opportunity to build on previous relationships to further our mission to ensure everyone is aware of and understands how to engage with our industry standard for open source compliance. This event was kindly sponsored by MOXA, a company that has been a positive contributor to our project throughout 2019.

As usual we are making the slides from this event available. We kicked off with a general overview of the OpenChain Project by Shane Coughlan, General Manager.

The event included an overview of why the OpenChain Japan Work Group formed and how it works.

Ueda San from Sony provided an excellent presentation on how Sony manages open source and compliance.

Kato San from Panasonic explained how his company contextualizes open source and compliance activities.

The event was capped by the excellent presentation by SZ Lin of MOXA explaining their perspective and activities in Taiwan and globally.

We ended the event with consensus that it is time to begin exploring the launch of a formal OpenChain Taiwan Work Group. Watch this space!

The OpenChain Project held its first China Work Group meeting on the 25th of September in Shenzhen. This event was kindly hosted by Huawei and featured attendees from companies as diverse as Baidu and DJI. It provided an excellent opportunity to build our first bridge into one of the world’s largest markets, and we received excellent local support, including via simultaneous translation.

The OpenChain Project was introduced from first principles. A significant focus was on how country work groups, as in Japan and Korea, provide added value through two way sharing of material between local regions and the international market. A key point was that local groups operate best in their local language, and this has worked well in practice for the OpenChain Project since the inception of such activities in December 2017.

We were joined at the event by Keith Bergelt, CEO of Open Invention Network. Their activity in building a community of patent non-aggression around the Linux System with over 3,000 participants highlighted how IPR management can effectively balance open source and portfolios.

The event included two open sessions for discussion and – as we concluded – it was provisionally discussed that the next event may take place in December at Baidu in Beijing. We look forward to next steps!

During the most recent OpenChain Work Group call Jeff Luszcz took center stage as our guest presenter. His talk was based on sharing his experience around real world challenges and solutions as observed during the past 15 years. You can view (and download) the slide deck from SlideShare.

The 11th meeting of the OpenChain Japan Work Group was hosted by Olympus on the 19th of September. It marked the completion of many months of work in building, sharing and translating open source compliance material.