Shane Coughlan

The video minutes for our February 2020 First Monday call are now available.

New from EACG: OpenChain Cheat Sheet – Conformance Requirements in One Page. This is a handy way to contextualize the whole industry standard for open source compliance in a single, easy-to-read handout.

Check out the slide + explanation

OpenChain Cheat Sheet – 
 OpenChain Conformity Requirements (1-pager) from Shane Coughlan

Coming soon: public domain editable version

Watch this space!

Our partners over at PwC Germany have just released a video outlining their Third Part Certification for OpenChain Project. This is another example of the growing user community and support community around our industry standard for open source compliance.

OpenChain Reference Tooling Work Group @ FOSDEM – February 2020 from Shane Coughlan

The OpenChain Reference Tooling Work Group held a series of meetings adjacent to the FOSDEM conference in Brussels. Here are the outcomes and minutes as provided by Oliver Fendt.

Big Picture

It would be good to have information about “who is using which open source tool to do OSS compliance work” to create an overview that might help during internal discussions about appropriate tooling. We did not find an exact solution for this but there was consensus to work on enhancing a planned TODO Group survey with concrete questions about OSS based compliance tool usage. The survey is scheduled to be launched in June 2020.

It would help if we could create a detailed description of the functional building blocks (e.g. license & copyright scanner) available and which tool(s) implement the desired functionality or part thereof. A similar concept is also an outcome of the “requirements” session, see below.

Glue Code

To produce practical glue code a concrete use case is necessary. If you have a concrete use case and the tools intended to address this use case it is easy to identify the glue code required for implementation. This also provides the possibility to address whether the APIs of the tools support the implementation of the use case. When a tool does not support the needed API it is then practical and possible to file a targeted issue for that specific tool.

We intend to create a place where one can share information about different integration scenarios or proof of concepts different person are currently working on, in order to avoid duplicated efforts and to be able to connect to others addressing the same concerns. Two examples: Martin is willing to share the information about his company’s Yocto proof-of-concept and Arun will share information about work in his company.

 *   Oliver Fendt has taken an action item to create a place (directory) in our Github repo that this and other information can be shared and coordinated.

There is also the possibility that existing tools have integration scenarios with on their roadmap and that for these scenarios glue code is unnecessary. Coordination is key.

Requirements

There was consensus that documentation is needed to describe the progress from user stories (what do I want/need to do) to capabilities of the functional building blocks that make up the big picture (e.g. License & copyright scanner). It is important to provide concrete instances of tools which implement the necessary capabilities. This will also be a good base to identify needed glue code and/or APIs to be implemented in the concrete tools.

 *   Oliver Fendt has taken an action item to create an issue about this in our Github repo @ https://github.com/Open-Source-Compliance/Sharing-creates-value/issues/74

Finally

If you want to contribute to realize our targeted results you are highly welcome. Jump in and comment on the issues we will create based on these outcomes.

Let’s work together to make this happen

• Mailing list subscription page: https://groups.io/g/oss-based-compliance-tooling
• Our Github repo is https://github.com/Open-Source-Compliance/Sharing-creates-value

Get these guides and many more documents in the OpenChain Reference Library.

A message from Shane Coughlan, OpenChain General Manager

Dear Everyone
First of all, I would like to offer my personal best wishes and thoughts to everyone who is impacted. The safety of yourself, your family, your friends and your colleagues is the most important thing.
Every decision in the OpenChain Project will be taken from this perspective. We expect events in Asia and abroad to be altered or cancelled due to the outbreak.
More specifically:

1. On February 6th I will attend the first OpenChain Germany meeting. However, if the virus appears in South West Japan I will cancel my attendance. I do not want to risk carrying the virus to Europe.
2. On February 18 the 13th OpenChain Japan meeting happens in Tokyo. The Japan Work Group will monitor the situation and decide if we need to change our plans. Updates to follow.
3. On March 3rd the third OpenChain China meeting happens in Beijing. We will monitor the situation and decide if we cancel within the next two weeks. Updates to follow.
4. Our events in Taiwan are being decided by our local organizers, SZ and Lucien. Updates to follow.
5. Our events in Korea are undecided. I will talk with our local community. Updates to follow.
6. Our co-hosting of the first Asian Legal Network Conference will continue, but the event has moved from Q1 to Fall. Updates to follow.

Regardless of where you are, please take care. I am hearing reports of shortages of face masks and other materials in more locations. If you are in one of these locations please contact me at scoughlan@linuxfoundation.org. I will send supplies.
Let’s take care of each other.
Regards
Shane

A recent interview about OpenChain from FOSSID has been translated into Japanese. This is a great onboarding point for Japanese-speaking individuals and companies interested in learning more about our work.

Learn More

• https://fossid.techmatrix.jp/interview-with-shane-coughlan-gm-of-openchain-linux-foundation/

SAN FRANCISCO, JANUARY 29, 2020 – Today the OpenChain Project welcomes Inno³ as our latest conformant organization. Inno³ is an open, independent innovation consultancy specializing in Open Data and Open Source. They have been a leading service provider in France since 2001.

The OpenChain standard defines inflection points in business workflows where a compliance process, policy or training should exist to minimize the potential for errors and maximize the efficiency of bringing solutions to market. The companies involved in the OpenChain community number in the hundreds. The OpenChain standard is being prepared for submission to ISO and evolution from de facto into a formal standard in 2020.

“In today’s compliance landscape, OpenChain is a key standard, that stands on the shoulders of other open standards like SPDX,” says Camille Moulin, Senior Consultant at Inno³. “It sets a proven framework that we use both internally and with our clients, providing at the same time strong focus points and enough flexibility to adapt to each specific business context. It’s a transparent, global open project, thriving with local communities, and we’re very enthusiastic about relaying this dynamic in France.”

“Inno³ is a company with a long history of effective engagement with open source,” says Shane Coughlan, OpenChain General Manager. “Their announcement of OpenChain Conformance today underlines not only their commitment to excellence with regards their product-offerings and customers, but also marks a milestone of increased OpenChain presence and influence in France. I am looking forward to collaborating with Camille and his team on next steps.”

About Inno³

Inno³ is an expert independent consulting firm specializing in Open Innovation, Open Data and Open Source fields. From code auditing to the evaluation (appraisal) of valuation policies, our competencies extend from intellectual property management to the transformation of organisation and the creation of dynamic ecosystems.

About the OpenChain Project

The OpenChain Project builds trust in open source by making open source license compliance simpler and more consistent. The OpenChain Specification defines a core set of requirements every quality compliance program must satisfy. The OpenChain Curriculum provides the educational foundation for open source processes and solutions, whilst meeting a key requirement of the OpenChain Specification. OpenChain Conformance allows organizations to display their adherence to these requirements. The result is that open source license compliance becomes more predictable, understandable and efficient for participants of the software supply chain.

About the Linux Foundation

The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and industry adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage.

Linux is a registered trademark of Linus Torvalds.

Media Contacts

Shane Coughlan
+818040358083
scoughlan@linuxfoundation.org

Roxane Maurel
+331 83 64 09 89
rmaurel@inno3.fr
https://inno3.fr