A new guide created by the OpenChain Korea Work Group in collaboration with NIPA, a Korean government agency, explains how local companies can easily and effectively comply with the OpenChain specification. This guide was prepared based on the following documents:

• The OpenChain Project Website
• The OpenChain Specification 2.0
• The OpenChain Open Source Policy Template
• The book by Ibrahim Haddad entitled ‘Open Source Compliance In The Enterprise’

The guide will be revised after the ISO/IEC JTC1 PAS Transposition Process when the OpenChain specification becomes a formal International Standard.

Read The Guide

• https://openchain-project.github.io/OpenChain-KWG/en/guide/

Learn More About The OpenChain Korea Work Group

• https://openchain-project.github.io/OpenChain-KWG/en/

Learn More about NIPA, the Korean Government Agency

• https://www.nipa.kr/eng/index.do

Open Source Security, the company behind grsecurity – a security enhancement to the Linux kernel – has announced an OpenChain conformant program.

“While Open Source Security, Inc. has always taken license compliance seriously and involved highly-qualified legal counsel in drafting our company’s policies in compliance with those licenses, we recently became aware of the OpenChain project and its efforts in formalizing compliance practices within organizations using and improving Free and Open Source software,” says Bradley Spengler, President at Open Source Security. “Having verifiable documentation of our operating and review procedures became top of mind for us as we embark on expanding our operations. Formalizing the policies to include licenses and activities we are not yet involved in left us prepared for the future and was well-received by the team, particularly our junior staff.  We thank the OpenChain project for providing a well-thought-out, comprehensive, and accessible standard to help organizations formalize and communicate their compliance practices.”

“The OpenChain industry standard is designed to help companies in all sectors address the issue of process management around the exceptional potential of open source,” says Shane Coughlan, OpenChain General Manager. “It is great to welcome Open Source Security into the fold with the announcement of another OpenChain conformant program. We look forward to future collaboration as our standard is increasingly adopted in their domain.”

Learn More About Open Source Security

• https://grsecurity.net/

当初 12/24 記事として公開していた記事 「OpenChain Japan WG 第13回会合のご案内」 は、諸事情により「一般公開」ができなくなりました。Japan WG (JWG) の活動に関心のある方は JWGのwiki から “OpenChain Japan WG ML” への参加をご検討ください。第13回会合の案内なども共有予定です。

そのため、Open Source Compliance 関連で別内容の記事を準備中です。
ご迷惑をお掛けします。

[番外編] Raspberry Pi ＋Docker で FOSSology を動かせるか… (2019/12/29追加)

手元で気軽に使える OSS監査ツール環境を作りたかったのと、Linux を少しでも触ろうかなと思いやってみた… というか、やっているところ。

元ネタは、SONYの小保田さんが、Japan Technical Jamboree 70 にて 「FOSSology – Install from Sourceのススメ(pdf)」 を発表されたと OpenChain Japan WG の Tooling SWG 第5回(2019-10-17) で伺ったことによる。ただ、まったく同じ事をするのもどうかと思い、docker 上で動かしてみようかなと…

えぇ、そうです、Raspberry Pi 4 (4GB) を買うための理由にしました…

• Raspberry Pi 4 に Raspbian Buster の環境をつくる
• Raspberry Pi 4 (w/ Raspbian Buster) に docker をインストールする
• [準備中] Raspberry Pi 4 (w/ Raspbian Buster, docker) で FOSSology を動かしてみる (FOSSology の docker image を ARM用に build する必要があるため、諸般の事情で来年の公開になりそう…)

以下は 12/24 公開のもの

更新されるまでの間、最近気になった情報を紹介しますので、そちらをご覧頂けると幸いです。

[Tool] OSS Review Toolkit

FOSSology ＋ SW360 と同じように、OSS を OSS で管理するためのツールです。
業務ワークフローや、組織間での情報管理などを意識している設計のように思われるため、OpenChain Japan WG の Tooling SWG メンバーでも関心が集まりつつあります。

[Article] Open Source AI – What’s 2020 Looking Like?

Ibrahim Haddad, Published on December 22, 2019

Artificial Intelligence については、Ethics(倫理) に関する話題を目にしますが、利用する Open Source Software や Data といった構成する技術や要素についても議論があります。英文記事ですが、AI と Open Source について話題を振り返りつつ、来年に向けての課題整理のために目を向けて見るのはいかがでしょうか。

明日の記事は

明日12月25日は、この Advent Calendar 企画の締めくくりとなります。
トヨタ自動車の遠藤さんが、Promotion SWG を紹介し、そして、この25日間を振り返ります。国内外の産業界が Open Source Compliance に注目する中、どんな話しが出てくるのでしょうか。お楽しみに！

おまけ：自己紹介

忍頂寺です。所属等は別記事「Open Source Compliance のお役立ち情報まとめ・上 (12/14公開記事)」 を参照ください。「(同)下 (12/15公開記事)」もあります。

Join us on September 7 at 9am Pacific as Jari Koivisto talks about Open Source Issues Remediation, Gary O’Neall and Rohit Lodha talk about Community Bridge and SPDX Online Tools and David Wheeler talks about CII Best Practices (the project equivalent of the OpenChain standard).

This is part of the bi-weekly OpenChain Webinar series. We feature international speakers on a wide range of topics related to open source compliance challenges and solutions. Learn more here: 
https://www.openchainproject.org/webinars-interviews

Join Our Webinar

• https://zoom.us/j/9990120120

Password

• 123456

One Tap Telephone (no screensharing)

* +358 9 4245 1488,,9990120120# Finland
* +33 7 5678 4048,,9990120120# France
* +49 69 7104 9922,,9990120120# Germany
* +852 5808 6088,,9990120120# Hong Kong
* +39 069 480 6488,,9990120120# Italy
* +353 6 163 9031,,9990120120# Ireland
* +81 524 564 439,,9990120120# Japan
* +82 2 6105 4111,,9990120120# Korea
* +34 917 873 431,,9990120120# Spain
* +46 850 539 728,,9990120120# Sweden
* +41 43 210 71 08,,9990120120# Switzerland
* +44 330 088 5830,,9990120120# UK
* +16699006833,,9990120120# US (San Jose)
* +12532158782,,9990120120# US

Find your local number: https://zoom.us/u/abeUqy3kYQ ( https://www.google.com/url?q=https%3A%2F%2Fzoom.us%2Fu%2FabeUqy3kYQ&sa=D&usd=2&usg=AOvVaw2yK4fS2trpB1lITLI31XE9 )
Not all countries have available numbers.

After dialing the local number enter 9990120120#

Check Out All Our Other Webinars

• https://www.openchainproject.org/webinars-interviews

The OpenChain Project now has official merchandise! You will find everything from t-shirts to tote-bags to phone cases to mugs in our store. Everything is priced at cost with Threadless. Logos, penguins, country teams and a special global team image. It is all there.

Check Out The Zero Profit Store!

https://openchainproject.threadless.com/

Source Code For The Images

https://github.com/OpenChain-Project/Image-Assets/tree/master/Official/Threadless-Merchandise

One more thing…

We have a marketing budget for our country and international teams. Right there is $25 USD of merchandise per head for 400 people (including shipping). This is a thank you for everyone who helped make OpenChain what it is. Here is the allocation of the award funds based on the subscriber numbers to various country and global lists:

Please contact Rachel (operations@openchainproject.org) and let her know what you want. She will assemble a spreadsheet to track everything and we will order as each batch fills up.

The recording of our regular bi-weekly Specification Work Team is now available. This is where people can provide input on the current version of the standard, suggest new reference material, and also provide suggestions for our future.

You can join the Specification Mailing List to follow all the activity

• https://lists.openchainproject.org/g/specification

The OpenChain Automotive Work Group held a European/Asian meeting on the 18th of August. This meeting focused on discussions around SPDX and tooling in the automotive sphere. Check out the full recording below.

Everyone is invited to join the Automotive Work Group

• https://groups.io/g/openchain-automotive-work-group

Check out the recording of the latest meeting below.

Learn More About This Work Group

• http://oss-compliance-tooling.com/

OpenChain has been featured in a host of webinars recently. Here is one sent in from our friends at Source Code Control in the UK. Martin joined a team of experts to talk about Application Modernization and how OpenChain fits into the process picture.

View the Recording

• https://register.gotowebinar.com/recording/2169156529813805570