The second meeting of the OpenChain Germany Work Group took place on the 26th of June. You can catch up with our discussion and the slides used during the event below. Everything is in English this time.
Our next meeting of the OpenChain Germany Work Group will be held in early September. Watch this space.
The full recording of the 2nd OpenChain Specification bi-weekly call is now available. This call went over the general parameters of the editing process for the next generation of the OpenChain specification. Our goal is to ensure all comments and suggestions can be captured.
Join the next call on the second Monday of July at 9am Pacific.
Join the Meeting via Zoom
ãã®èšäºã§ã¯ãOpen Source Compliance ã«åãçµãäžã§ã圹ã«ç«ã£ãæ
å ±ãã圹ã«ç«ã€ããšçŽ¹ä»é ããæ
å ±ããŸãšããŸãããã®èšäºã«ãããã®ã ããå
šãŠã§ã¯ãããŸããããããããã§ãã圹ã«ç«ãŠã°å¹žãã§ãã
ãªããæ¬çš¿äžã® OSS ã¯ãšãã«æãããªããã° Open Source Software ãæå³ããŸãã
ãã®èšäºã¯å šäœã§äžäž2éšæ§æã«ãªã£ãŠããŸãã
Open Source Compliance ã®ã圹ç«ã¡æ å ±ãŸãšãã»äž (åã®èšäº)ã
Open Source Compliance ã®ã圹ç«ã¡æ å ±ãŸãšãã»äž (ãã®èšäº)
Open Source Compliance ã«ã€ããŠãç¹å®ã®æ¥çš®ã«ããå£äœããç¹å®ã®ç®çã®ããã®å£äœãç¥ãããŠããŸãã
éèæ¥çãäžå¿ãšããŠOSSã®å©çšãä¿é²ããå£äœã§ãã”Open Source License Compliance Handbook” ãªã©ãå ¬éããŠããŸãã
OINåå äŒæ¥å士㯠Linux Stystem ãšããŠå®çŸ©ããã OSS ã«ã€ããŠèªç€Ÿãä¿æããé¢é£ç¹èš±ã«é¢ããŠäºããªããšããã³ãã¥ããã£ã§ããèšç«åœå㯠Microsoft 察 Linux é£å¶ã®æ§å³ã§ãããã2018幎10æã«Microsoftãå å
¥ããããšã§ããã®æ§å³ã¯ NPEs* 察 OINåå äŒæ¥ã«å€ãã£ãŠããã®ããç¥ããŸããã
(*: Non-Practicing Entitiesãããããããã³ããããŒã«)
åèïŒ Steven J. Vaughan-Nichols , “Open Invention Network comes to GNOME’s aid in patent troll fight“, ZDNet, 2019.
NPEsãžã®å皮察ææªçœ®ãšããŠãå
è¡æè¡èª¿æ»ã蚎èšã®åæãUSPTO(ç±³åœç¹èš±åº)ã®å¯©å€éš(Patent Trial and Appeal Board: PTAB)ã«åœäºè
ã¬ãã¥ãŒ(Inter Partes Review: IPR)ãæåºãããªã©ã§ç¹èš±ç¡å¹åãå³ã£ãããNPEãšäº€æžãããªã©ã®ãµãŒãã¹ãæäŸããŸãã2019幎ã«ã¯å¯Ÿè±¡ãšããæè¡é åã« Open Source ãè¿œå ãããŸããã
掻åç¶æ³ã®ããã·ã¥ããŒããšã㊠PORTAL ãããããã®ããŒãžã®æäžéšã« “Daily Update Email Archive” ãžã®ãªã³ã¯ããããŸãããŸããPATROLL ã§ã¯ãå
è¡æè¡èª¿æ»ã®ã³ã³ãã¹ãã«é¢ããæ
å ±ãåŸãããŸãã
äŒã£ãŠã§ãªããšè©±ããªãããšãäŒã£ãŠã³ãã¥ãã±ãŒã·ã§ã³ãæ·±ãŸããã£ããã«ãªã£ãããåå ããããç¥ãããšãã§ããããšããªã©ããããŸããéœåãã€ãã°ãããããéãŸãã«è¶³ãåããŠã¯ã©ãã§ããããã äŒåã«ãã£ãŠã¯ Chatham House ã§ã®æ å ±äº€æã®åã決ãã«ç±æ¥ãã Chatham House Rule ã«åŸãããšãæ±ãããã®ããããŸãã
When a meeting, or part thereof, is held under the Chatham House Rule, participants are free to use the information received, but neither the identity nor the affiliation of the speaker(s), nor that of any other participant, may be revealed.
(åèèš³ïŒäŒè°ãããã¯ãã®äžéšã§ãã£ãŠã Chatham House Rule ã«åŸãå ŽåãäŒè°åå è ã¯ãã®äŒè°ã§éãŸã£ãæ å ±ãèªç±ã«å©çšã§ããããããã(æ å ±æäŸè ãšãªã)çºèšè ã«ã€ããŠã¯å¿è«ã®ããšãä»ã®ãããªãäŒè°åå è ã«ã€ããŠãããã®èº«å (çŽ æ§)ãæå±ãæŒãããŠã¯ãªããªãã)
ãã®ã«ãŒã«ã«ã€ããŠã¯ Chatham House Rule FAQ ãèªãã§ãããšè¯ãã§ããããä¿¡é Œã§ãã仲éã ãããã話ããããšãããããšãã£ããšããã§ããããã
Linux Foundation ãéå¬ãã次ã®ã€ãã³ãã§ã¯ãã»ãã·ã§ã³ã®ãããã¯ããäŒåããèªäœã Compliance ãããŒããšãããã®ããããŸãã
æ¯å¹ŽãJapanãNorth AmericaãEurope ãªã©ã®åå°åã§éå¬ãããŸããã¹ããŒããã»ãã·ã§ã³ã«ãã£ãŠã¯ãè¬æŒãããªãè³æãå ¬éãããŸããCompliance ããããã¯ãšããã»ãã·ã§ã³ããããŸãããKeynote ããã以å€ã®ã»ãã·ã§ã³ã§ã¯å®ã«æ§ã ãªãããã¯ãæ±ããããšã³ãžãã¢ã«éããæ§ã ãªããã¯ã°ã©ãŠã³ãã®åå è ãéãŸãã®ã§ã æ å ±åéããããã¯ãŒãã³ã°ã«æçã§ãã2019幎ã¯ãã¹ãŠçµãã(Japan(7æ), North America(8æ), Europe(10æ))ã2020幎ã®éå¬ããã§ã«æ¡å ãããŠããŸã(North America(6æ), Japan(9æ), Europe(10æ))ã
å称ã瀺ããšãããCompliance ãäž»ããŒããšããã€ãã³ãã§ããæ¯å¹Žæ¥æ¬ã§éå¬ãããŸããæåŸ ç¶ãç³ã蟌ãå¿ èŠãããããã®åå ã«ã¯ “Chatham House Rule” ã«åæããå¿ èŠããããŸãã æ¬çš¿å·çæç¹ã§æ¬¡å㯠2019幎12æ17-18æ¥ã«éå¬ãããŸãã
ã»ãŒæ¯æã次ã®å匷äŒãåç§äŒãéå¬ãããŠããŸããæ°çæ å ±ã«éå¬æ¡å ããããŸããè³æã®å ±æç¯å²ã¯åå è ã«éå®ãããã®ã§ãèå³ãããæ¹ã¯åå ããŠã¿ãŠãã ããã
OSSã©ã€ã»ã³ã¹ãäžæãã€èªã¿ãåå è å士ã§ç¥èŠãå ±æãããè°è«ããéãŸãã§ããåŒè·å£«ãåå ãããã®ã§æ³çãªèŠç¹ã§ã®ã話ã䌺ãããšãåºããŸããè°è«ãéããŠç解ãææ§ãªéšåãæµ®ãã³äžããæã¯ããããŸã§ã®èªèº«ã®å®åã§ã©ãã ã£ãããæ¯ãè¿ãããæ©äŒã«ãªããŸãã
OSSã©ã€ã»ã³ã¹ã«é¢ããæ³åãç¥è²¡ã®æ åœè åãã«ãæè¡çšèªã®ç解ã®ããã®è£å©è³æãäœæããéãŸãã§ãã
åæ²ã«ãªããŸãããJWG ã«ã¯ããã€ãã® Sub Work Group ã®æŽ»åããããŸããé¢å¿ãããã°æ°è»œã«åå é ããã°ãšæããŸãã ã
è¿å¹ŽãOpen Source Software ã®æäŸå ããããŸã§ã®ã©ã€ã»ã³ã¹ãå€æŽããŠæ°ããªã©ã€ã»ã³ã¹ãäœæããäºäŸãèŠãããŸããããããæ å ±ã®åéã«ã¯ã€ã³ã¿ãŒãããã®å©çšãæ¬ ãããŸããã
æè¡ç³»ã®ãã¥ãŒã¹ãµã€ãã¯èŠãŠããŠãè¯ããšæããŸããäºã€ä»¥äžã®ãµã€ããå©çšãããŠããã°ãOpen Source Compliance ã§è©±é¡ã«ãªããããã©ã€ã»ã³ã¹ã«ã€ããŠã¯ææã«å·®ããããã®ã®ããããèšäºãšããŠç®ã«è§Šããã®ã§ã¯ãªãããªãšæããŸãããšãã«ãèŠãã§ãããµã€ããšããã®ã¯æ°ã«ããããšããªãã®ã§ãããè±èªåã®ãã®ãæ©ãããªãšã¯æããŸãããªããæ¥æ¬èªã§èªãããã®ã®äŸã ãš OSDN Magazine ã® ã©ã€ã»ã³ã¹ã«ããŽãªã®èšäºãªã©ããããŸãã
åèªèº«ã¯ãGoogle ã¢ã©ãŒãã “open source” ã “OSS” ãªã©ã®ããŒã¯ãŒãã§æŽ»çšããŠããŸãã
äžæ¹ã§ãå¿ ãããææ°ã®è©±é¡ããªããšããŠãããŸãšãŸã£ãæ å ±ããã£ãšèªã¿éãããšããããšã§æžç±ãå©çšããæ¹ãããã§ããããäžéšãåãæªèªã®ãã®ããããŸãããåãåå ããéãŸãã§è©±é¡ã«æãã£ããã®ãå«ããŠçŽ¹ä»ããŸããåºçå ãèŠã€ããããªãã£ããã®ä»¥å€ã¯ããªã³ã¯å ãåºçå ã«ããŠããŸãããææ°ã§ãããè³Œå ¥ã®éã¯ãå©çšãããŠãã販売åºããã®ãµã€ãã§ãæ±ããã ããã
èïŒ äžç°çãç£ä¿®ïŒ 岩äºä¹
çŸå
åºçç€ŸïŒ æè¡è©è«ç€Ÿã
2018幎ã«åºçãªã®ã§ãä»å玹ä»ããæ¥æ¬èªæžç±ã®äžã§ã¯æ°ãããã®ã§ãã䞻㪠Open Source Software License ã®ç¹åŸŽãšãäŒæ¥ã Open Source Software ã掻çšããäžã§ã®ãã€ã³ãã解説ããŠããŸããåé ã®å²©äºåŒè·å£«ã«ãã解説èšäºã¯ããšã³ãžãã¢ãæ³åã»ç¥è²¡éšéã®ã¹ã¿ãããšã³ãã¥ãã±ãŒã·ã§ã³ãåãåã®èªã¿ç©ãšããŠãå§ãã§ããŸãã
ãªããèè
ã®äžç°ããã¯å
ã«çŽ¹ä»ãã ããªãŒãã³ãœãŒã¹ãœãããŠã§ã¢ã©ã€ã»ã³ã¹éµå®ã«é¢ããäžè¬å
¬è¡ã¬ã€ã (pdf)ã ã®äœæã®ãªãŒããŒã§ãã
ãšããã§ãå㯠JIPA ãœãããŠã§ã¢å°éå§å¡äŒã«ãåå ããŠããã®ã§ãããããã«åå ããä»äŒæ¥ã®ç¥ç財ç£éšå¡ã§ãèªãã§ããæ¹ãå€ãã§ããèªè ã®è¿ãã«ç¥è²¡éšå¡ã®æ¹ãããã°ãJWG ã«äžåºŠé¡ãåºããŠã¿ãŠã¯ã©ãããšæ¡å ããŠé ãããšå¹žãã§ãã
ç£ä¿®ïŒ ãŸã€ããš ããã²ããä»è
åºçç€ŸïŒ KADOKAWA/è§å·åŠèžåºç
(æçž®ãªããåã¯æªèªã§ããJWG ã§è©±é¡ã«åºãããšããã£ãã®ã§çŽ¹ä»ããŸã)
2014幎ã«åºçã§ããããŸã§ã®ãªãŒãã³ãœãŒã¹ãšãããåãå·»ããœãããŠã§ã¢éçºã®æŽå²ã俯ç°ã§ããããã§ãã
第2éšã§ã¯ãã©ã€ã»ã³ã¹ããã©ãŠã¶éçºååãäŒæ¥ã«ããããªãŒãã³ãœãŒã¹ãšã®ä»ãåãæ¹ããªã©ã®è©±é¡ãæ±ã£ãŠããŸãã
ãªããèè ã®äžäººã®ããŸãããã¯ãäŒæ¥æå±ãšã³ãžãã¢ã〠Debian JP Project ã®ã³ããã¿ãŒãšããŠåæ¹ã®èŠç¹ã§ JWG ã«ç¥èŠãäžããŠããã貎éãªååšã§ãããã ãããŸãããã®ãããªæ¹ã¯è²Žéãã㊠JWG ã®å掻åã§ãªããªããäŒãã§ããªãã®ã§ãèªè ã®äžã§æããã¯ãšæãæ¹ã¯ JWG ã«åå ãã ããããã¡ãã OpenChain ã«èå³ããããšãããšããããã®åå ã倧æè¿ã§ãã
èïŒ å¯ç¥è±
åºç瀟ïŒé人åºçäŒ
2011幎ã«åºçã§ãé»åæžç±ãšããŠè³Œå
¥åºæ¥ãŸãã
Open Source Software License ã§å©çšäŸãå€ããšæããã MITãBSDç³»ãMPL-2.0ãGPLç³»ãªã©ãæŠèŠãæŽãã«ã¯äŸ¿å©ã§ãã
Author: Andrew M. St. Laurent
Publisher: O’Reilly Media (July 2008)
èè
ã¯ç±³åœåŒè·å£«ã§ããç±³åœèäœæš©æ³ã«é¢é£ããç¥èãèžãŸã㊠OSS ã©ã€ã»ã³ã¹ãç解ããã®ã«å©çšããŸããã
Open Bookç ããããŸãã
Author: Heather Meeker
Publisher: CreateSpace Independent Publishing Platform; 2nd edition (April 4, 2017)
èè
㯠TLDRLegal ã«ãåå ããŠããç±³åœåŒè·å£«ã§ãããã¡ããç±³åœèäœæš©æ³ã«é¢é£ããç¥èãèžãŸã㊠OSS ã©ã€ã»ã³ã¹ãç解ããã®ã«å©çšããŸããã
Author: Ibrahim Haddad, PhD
Open Source ã®å©çšã«åœãã£ãŠå¿
èŠãšãªãããããäœããå
·äœçã«èå¥(Identification)ãã ã©ã®ãããªãã®ããç£æ»(Audit)ããåé¡ç¹ã®æŽççã
ã«å§ãŸãäžé£ã®å·¥çšã«ãããŠãããã§ã®ããã»ã¹ã泚æç¹ããŸããããŒã«ãåèæ
å ±ãªã©ãåŸãããŸãã
Author: Ibrahim Haddad, PhD
Merger and AcquisitionïŒM&AïŒã§ã® Due Diligence 㧠Open Source é¢é£äºé
ãè©äŸ¡ããæã®ãã€ã³ããæŽçãããŠããŸãã
ããªãªã³ãã¹ãšOpenChainãšã®é¢ãããã§ãã
æ
åœã®å°æ³ããã¯ãJWG ã§4ã€ã® SWG ã«åå ããããªã©å
«é¢å
èã«æŽ»èºãããŠããŸãããªãªã³ãã¹ç€Ÿã¯ã°ã«ãŒããšããŠã°ããŒãã«ã« Open Source Program Office ã®äœå¶ãæ§ç¯ãéçšãããŠããã®ã§ããã®äžç«¯ãå£éèŠãããšãåºæ¥ããããããŸãããã楜ãã¿ã«ïŒ
å¿é 寺ã§ããæå±çã¯å¥èšäºãOpen Source Compliance ã®ã圹ç«ã¡æ å ±ãŸãšãã»äž (12/14å ¬éèšäº)ããåç §ãã ããã
The OpenChain Reference Tooling Work Group held its 17th meeting on the 17th of June.
You can find the recordings of the morning and the afternoon sessions as well as the presentation slides here:
Catch up on minutes from all previous meetings
ISO Standard Imminent
This is a guest post from Matthew Jacobs, Esq., Director, Legal Counsel at Synopsys Software Integrity Group. The views in this guest post are those of the author alone.
The goal of the Linux Foundationâs OpenChain Project, and the specification it maintains, is to promote predictability and uniformity in the management of open source. It aims to also create consistency in how critical open source compliance information is collected and retained so that it may be properly communicated to others.
The specification is gaining momentum and will likely be adopted by the International Organization for Standardization by mid-2020. With open source use on the rise and more and more demanding proof of compliance becoming mainstream, this is a perfect time to reevaluate how you address compliance. But first, letâs explore an illustrative analogy.
The automotive supply chain.
Car recalls are costly and time-consuming events. However, considering the complexity of todayâs vehicles and the number of components found in the average vehicle, recalls often seem strikingly well organized. In particular, the level of detail and granularity in the typical recall notice speaks to the information that must be obtained by automotive manufacturers from their multitudes of suppliers, and then maintained and stored regarding the elements composing the bill of materials (BOM) of each car.
The very fact that recalls are successful at keeping the public safe is a testament to the incredible level of information sharing from supplier to customer and the standards and trust between the parties. Parts from different tiers of the automotive supply chain, and the component sub-elements of those parts (and so on), must be identified and important information about those parts shared up and down the supply chain. Given the sheer volume and complexity of this, and the rapid evolution of the industry, an automotive manufacturer must rely heavily on their suppliers to provide comprehensive and accurate information concerning that supplierâs respective elements. The final BOM for a given vehicle is dependent on comprehensive information communicated in a common language by members throughout the vast supply chain.
Contrast this to software.
Much like assembling a vehicle, modern software development involves software components from a wide variety of sources. This may be third-party commercial code, âhomegrownâ code or, as is very often the case, significant amounts of open source code. Tracking the provenance of the multitude of software parts and pieces that make up the modern software programs that we interact with and rely upon is often murky at best.
This challenge is clearly compounded by the fact that each component of software, with its own constituent elements, is then rolled up into a more complex assembly with other software elements. Further, since an ever-growing amount of this software is open source which, by design, is the product of often many mostly anonymous contributors, it quickly becomes easy to see how assembling a reliable BOM for todayâs software programs is a daunting challenge.
Open source challenges.
Developers are encouraged to reuse open source to do their jobs better, faster and cheaper. There are around 8,000 source forges housing over 500 billion (and growing) lines of open source code to use. Importantly, those reusing open source must confirm initially, and on an ongoing basis, that they are reusing that open source in compliance with the governing open source license terms and conditions. Given that there are approximately 2,700 different flavors of open source licenses, a real challenge arises in (1) managing these compliance risks at an enterprise scale and pace, and (2) effectively communicating to third parties what open source is being used, what license applies and if the user is complying with the applicable license.
Given the critical nature of open source in software development, and the large and growing amount of open source in use, the need to be able to express what open source is being used (the BOM) and any license compliance obligations associated with that use, in addition to the need to be able to communicate that information in a standardized way is key to the free flow of software components in the software supply chain. And, to avoid âgarbage in, garbage outâ customers need to have confidence in the information received from suppliers based on trust in the compliance processes employed upstream. The OpenChain Project has emerged as the leading voice in bringing organization and certainty to the tracking and communication of open source reuse.
The OpenChain Specification (now in version 2), as described by the OpenChain Project, defines âthe key requirements of a quality Open Source license compliance program. The objective is to provide a benchmark that builds trust between organizations exchanging software solutions comprised of Open Source softwareâ. The specification sets forth a basic set of open source management best practices and methods for communicating open source component information, all aimed at furthering that trust.
Managing open source risk.
The value of this trust cannot be understated. Again, much like the automotive supply chain, the software supply chain is highly interdependent and complex. Historically, customers attempted to mitigate their risk during the contract negotiation process by forcing their suppliers to make certain disclosures, representations and warranties concerning that supplierâs software product and the supplierâs compliance with any open source licensing requirements for the open source in that supplierâs product. Supplierâs often donât have the requisite insight into the composition of their own code, especially as it relates to open source, to make these types of representations and warranties with certainty but bow to economic and time pressure to close a deal.
Occasionally, customers will enlist firms like Synopsys to perform an independent audit of their supplierâs code to confirm that the disclosures made by the supplier concerning the open source in their products is accurate. The purpose of an audit is to identify the open source in the supplierâs code and determine which one of the many open source licenses apply to that code to evaluate the supplierâs compliance with the obligations of the applicable license. It also, by implication, gives customers a sense for how well the supplier is managing compliance. This âtrust but verifyâ approach is certainly warranted in some situations. But, given the pace of commerce, there is often little time for comprehensive due diligence in many of the routine day to day transactions.
Elements of the OpenChain specification and compliance.
The OpenChain specification short-cuts much of the negotiation around a supplierâs open source compliance by offering a basic set of understandings around how each member of the supply chain uses and tracks what open source is present in their products. The specification is comprised of two basic elements: First, an ongoing open source license compliance process (which may include the use of automated open source management tools) for identifying what open source is in that memberâs code and verifying that the use of that open source complies with the applicable license for that code. Second, the specification requires an organizational commitment to adherence to the first element by establishing areas of responsibility within an organization for compliance and an organizational commitment to training, process and open source compliance support.
Executing on these two basic elements of OpenChain compliance requires effort. Just because open source software may be freely available does not mean there are no obligations. However, many companies lack the basic process and software tools for identifying what open source their engineers are reusing in the first place. Without that visibility, there is no opportunity to manage the use.
Next, after properly identifying what open source their developers are using and how that open source is being used, compliance requires accurately identifying what license applies to that code, understanding the requirements of that license and taking the necessary steps to adhere to those requirements. Based on the nature of the open source license, this may include something as simple as providing attribution to something more complicated such as having to disclose source code.
A supplierâs ability to certify OpenChain compliance affords their customer comfort and removes open source compliance-related friction from the supply chain. Downstream customers can enjoy a level of comfort that, by incorporating the supplierâs code with their own, they wonât be inadvertently exposing themselves, any further upstream members of the supply chain or, ultimately, the end user to compliance-related litigation or remediation risk and expense.
There are third parties available to help you through your license compliance journey. Law firms that can assist with training, tools and services. Vendors such as Synopsys can audit your code or provide software tools to support in identifying and tracking open source reuse during software development.
OpenChain compliance as a competitive edge.
While compliance is an important goal, and while companies are keen to steer clear of potential litigation, an exceptionally important element of OpenChain compliance is as a competitive differentiator. Companies that have achieved OpenChain compliance are encouraged to advertise that fact and leverage that status in the marketplace as an asset.
Influential companies such as Toyota, Hitachi, Panasonic, Qualcomm, and Bosch are putting top-down pressure on their vendors, and in turn on suppliers to those vendors to demonstrate open source management consistent with the OpenChain Specification. This results in lower tier vendors, who may have never considered open source compliance as an urgent priority, now finding themselves under increasing pressure from other members of the supply chain.
Hans Malte Kern, Head of the Center of Competence Open Source at Bosch underscores this point. “We’re excited to join the OpenChain project, as it reflects the importance of compliant open source usage, distribution and contribution. Instead of negotiating the open source requirements with all our partners and suppliers, Bosch will leverage OpenChain as an open standard that provides common approaches and understanding for open source collaborations â not only in the automotive industry but also the connected world of IoT. We are convinced the OpenChain standard will replace bilateral negotiations, educations and open source risk mitigation discussions.â
OpenChain as an ISO standard.
The value of being able to tout compliance will take on additional importance as by mid-2020 it is expected that OpenChain Specification version 2.1 will be adopted by the International Organization for Standardization and certified as an ISO standard. Many suppliers are familiar with the experience of responding to customer requests for proposals or quotes. These requests are often multi-part questionnaires requiring the supplier to report on various elements of the supplierâs business concerning such aspects as privacy, security and compliance-related matters.
Given the time pressure often associated with closing deals, making the open source management and compliance discussion short is highly valuable. The ability to reply affirmatively to open source compliance questions and confirm compliance with the pending ISO standard will, in the words of one observer, âtake the issue off the table.â
We had five speakers over two events covering a range of global and regional topics:
Let’s start with overall satisfaction, 1 being satisfied and 5 being extremely satisfied:
Let’s dive into how people felt about the relevance of the talks, 1 being low relevance and 5 being extremely relevant:
Let’s get more specific on relevance per topic, which shows global talks having global relevance, and regional talks have substantial but not blanket relevance:
This results map to our expectations and will help shape future events. We also asked for general written feedback as an option and got some encouraging messages:
The OpenChain Korea Work Group will hold its 6th meeting via UberConference on the 16th of June at 2pm Seoul time. This event will be held in the Korean language and will provide an excellent opportunity to learn what companies like Kakao and SK Telecom are doing around open source compliance.
Learn More
In this webinar we covered “OpenChain China, Japan, Korea – a discussion on community buildingâ featuring short interviews with Jerry (China), Haksung (Korea) and Fukuchi San (Japan) about local community activity. Our goal was to share knowledge on what has worked, what has not, and how momentum can be kept in these unusual times. We hope these lessons will assist our fellows in Europe and North America while also illustrating some of the key successes in Asia.
This is part of the bi-weekly OpenChain Webinar series. Every two weeks we have international speakers covering a wide range of topics related to practical open source compliance challenges, solutions and considerations.
This is OpenChain Webinar #6, released on 2020-06-22.
ãã®èšäºã§ã¯ãOpen Source Compliance ã«åãçµãäžã§ã圹ã«ç«ã£ãæ
å ±ãã圹ã«ç«ã€ããšçŽ¹ä»é ããæ
å ±ããŸãšããŸãããã®èšäºã«ãããã®ãå
šãŠã§ã¯ãããŸããããããããã§ãã圹ã«ç«ãŠã°å¹žãã§ãã
ãªããæ¬çš¿äžã® OSS ã¯ãšãã«æãããªããã° Open Source Software ãæå³ããŸãã
ãã®èšäºã¯å šäœã§äžäž2éšæ§æã«ãªã£ãŠããŸãã
Open Source Compliance ã®ã圹ç«ã¡æ å ±ãŸãšãã»äž (ãã®èšäº)ã
Open Source Compliance ã®ã圹ç«ã¡æ å ±ãŸãšãã»äž ïŒæ¬¡ã®èšäº)
Open Source ããã® Compliance ã倧åãšãããèæ¯ãææ¡ãããå Žåã¯ãOpenChain Japan Work Group (JWG) ã«ãã ããªãŒãã³ãœãŒã¹ãœãããŠã§ã¢ã©ã€ã»ã³ã¹éµå®ã«é¢ããäžè¬å ¬è¡ã¬ã€ã (pdf)ã ã足ãããã«ãªããããããŸããã
ãã®ã¬ã€ã㯠English(pdf) ã äžåœèª(ç¹äœå(pdf)ãšç°¡äœå(pdf)) ã«ç¿»èš³ãããŠããŸããOpen Source Summit 2019 (North America (8æ)ãEurope (10æ))ã«ãŠå°å·åªäœã§é åžãããšãããååœã®ãšã³ãžãã¢ãã¡ãæã«ãããªãã£ã¹ãååŒå ã§é ããããšè€æ°éšãæã£ãŠåž°ã£ãæ¹ãããŸããã
Open Source Compliance ã«ã€ããŠã”ORGANIZATIONS“ã”PROJECTS“ã”DEVELOPERS” ãªã©ã®ã«ããŽãªã«åãããŠæŽçãããŠããã®ã§ãèå³ã®ãããšããããèŠãŠã¿ããšè¯ãããç¥ããŸãããã
äžèšã®ã³ã³ãã³ãããããããäŒæ¥åãã« Open Source ãé©åã«æŽ»çšããããã«å¿
èŠãšãªãããšã網çŸ
çã«æŽçããŠããŸããOpen Source ã管çéçšããããã®æ©é¢ãšã㊠Open Source Program Office (OSPO) ã®å°å
¥ãOpen Source ãããžã§ã¯ãã®éå¶ãæ
å ±å
¥æã®ããã® web ãµã€ããåèæžç±ãªã©ãã»ãŒæã£ãŠããŸããæ¥æ¬èªç ããããŸãã
äœæã¯åŸè¿°ãã TODO Group ã«ãããã®ã§ã
(ãã®èšäºã®åœ¹å²ã¯äžèšã®ãµã€ãã®çŽ¹ä»ã§ã»ãŒéæããŠãã…ããç¥ããŸãã)
OSS éçºè åãã®ã¬ã€ãã§ããOpen Source ãããžã§ã¯ããæ°ããå§ããå Žåãã³ãã¥ããã£ã®éå¶ããããžã§ã¯ãã® MetricsããããŠæ³çãªèŠ³ç¹ãªã©ã§æ³šæãã¹ãããšãªã©ãäžéãã®å 容ãå«ãã®ã§ãå人ãã³ãã¥ããã£ãäŒæ¥ã®ãããã®ç«å Žã§ãåèã«ã§ããããšæããŸãã
Open Source License Compliance ããµãã©ã€ãã§ãŒã³ã§äžè²«ããŠæããããã«å¿ èŠãšãªããæè²çšã®è³æãäŒæ¥å ã®äœå¶ãéå¶ã®ããã®ä»æ§ããããŠãå ã«æããä»æ§ã«ã€ããŠäŒæ¥ãäºæ¥åã¯è£œåã«ãããé©åæ§ãªã©ã確èªããæ段ããªã©ãçå®ãæ®åãå³ããããžã§ã¯ãã§ããOpenChain Specification ã®ææ°ç㯠v2.0 (pdf) ã§ãè¥å¹²ã®æ¹èšãçµã v2.1 ããã£ãŠ ISO Joint Technical Committee 1 (JTC-1) ã§ã® Publicly Available Specification (PAS) ãšããŠã®èŠæ Œåã«åããŠåãçµãã§ããŸããwiki ãµã€ãã§ã¯ãå Work Group ã®æŽ»åãµããªãåå æ¹æ³ãäŒåã®éå¬æ¡å ãªã©ããããŸãã
Japan Work Group (JWG) ã®æŽ»åã«ã€ããŠã¯ããã®Advent Calendar 2019 ã® 12/1-9ãŸã§ã®èšäº ãã芧ãã ãããJWG ã«ã¯ Linux Foundation ã®äŒå¡ã§ã¯ãªããŠãã³ãã¥ããã£ã¡ã³ããŒãšããŠåå ãè²¢ç®ã§ãããããèå³ãæ©ã¿ããã人ã¯ã¡ãŒãªã³ã°ãªã¹ããSlackã«åå ããŠãJWG ã®ç·äŒãå Sub Work Group (SWG) ã®äŒåã«è¶³ãéãã§ã¿ãŠãã ããã
äŒæ¥ã§ Open Source ãããžã§ã¯ããããããéå¶ããããã«ãäŒæ¥éã§çµéšããã¹ããã©ã¯ãã£ã¹ãããŒã«ãªã©ã«é¢ããŠæ å ±äº€æããã°ã«ãŒãã§ããTODO Guides ãšããŠæäŸãããŠããæ å ±ããããŸãããåé ã§çŽ¹ä»ãã Open Source Guides For The Enterprise ãç¶²çŸ çãªã®ã§èŠãŠã¿ãŠãã ãããåå è ã¯ãäž»ã«äŒæ¥ã® Open Source Program ãããŒãžã£ãŒãæ³å®ãããŠããŸãã
Open Source Project ã®å¥å šæ§ã«ã€ããŠããã® Metrics ãèšæž¬æ¹æ³ãªã©ã®å®çŸãå³ããããžã§ã¯ãã§ããOpen Source Software ã察象ãšããè©äŸ¡ææ³ã«é¢å¿ãããæ¹ã¯èŠãŠã¿ããšè¯ãããç¥ããŸãããäŸãšã㊠Risk WG ãçå®ãã Metrics ãæãããšãBusiness RiskãCode QualityãLicensing, Transparency ãªã©ããããŸãã
OpenChain ProjectãTODO GroupãCHAOSS project ã®ãããã Linux Foundation ã®åçµã§ããããã以å€ã«ãé¢é£ããã«ããŽãªã®ãããžã§ã¯ãã玹ä»ãããŠããŸããOpenChain ãšç¹ã«é¢é£ãããããžã§ã¯ãã« SPDX ã FOSSology ããããŸãã
ä»ç€Ÿãã©ã®ããã«åãçµãã§ããã®ããèŠãã®ã¯ããšãŠãåèã«ãªããŸããäŒæ¥åãš “open source” ãšãã£ãçšèªãçµã¿åãããŠæ€çŽ¢ãããšããããããšèŠã€ããã§ãããããŸããGitHub ã«ããäŒæ¥ã®ã¬ããžããªãèŠãã®ãè¯ãã§ãããããã®äžã«ã¯ãOSSã掻çšããããã®åãçµã¿æ¹ã玹ä»ãããã®ããããŸããããããäŸã«ã¯æ¬¡ã®ãããªãã®ããããŸãã
å©çšããã OSS ã«ã€ããŠèª¿ã¹ãæãã©ã€ã»ã³ã¹ã¯äœãããã€é å
¬éããããã®ã§æŽ»åã¯ã©ã®çšåºŠãªã®ãããªã©ãææ¡ããå¿
èŠããããŸãã
ãœãŒã¹ã³ãŒããèŠãã®ã倧åã§ãããã²ãšãŸããã£ãããšç¥ãããæããããŸããããããæãnpm, maven (äŸãšã㊠MVN repositroy), cocoapds, ããã㯠OS ã® distribution ã®äŸã ãš debian ã® packages ããããã°ã©ãã³ã°èšæ¯ã«ããããã±ãŒãžç®¡çã·ã¹ãã ããã®ãµã€ãããæ
å ±ãåŸãããGitHub ã§å
¬éãããŠããå Žå㯠Star æ°ã Commit ååãªã©ã®çµ±èšæ
å ±ã掻çšããããšãããã§ãããã
ããã§ã¯ãå
ã«æãã以å€ã§ãããã調ã¹ç©ã«åœ¹ã«ç«ã€ãµã€ãã玹ä»ããŸãã
OSS ã®åå¥ãããžã§ã¯ãã«ã€ããŠãéçºè ãã©ã€ã»ã³ã¹ãå ¬åŒãµã€ããã¢ã¯ãã£ããã£ãã³ãã¥ããã£ãªã©ã®æŠæ³ãææ¡ããã®ã«äŸ¿å©ãªãµã€ãã§ããå¿ ãããå šãŠã® OSS ãç¶²çŸ ããŠããŸããããããã§åºãŠããªã OSS ã®å©çšã¯æ³šæããããšããæ¹éã®äŒæ¥ããããšèããããšããããŸãã
ç¬èªã®ã¬ãŒãã£ã³ã°ã«åºã¥ããŠã® OSSãã®è©äŸ¡ããã©ã³ãã³ã°ãšã¬ãŒããŒãã£ãŒãã§èŠãããã®ã§ãé¡äŒŒãã OSS ãæ¢ããããæ¯èŒããã®ã«äŸ¿å©ãªãµã€ãã§ãããã¡ããå šãŠã® OSS ãç¶²çŸ ããŠããŸããããOSS éžå®ã§åèã«ããäŒæ¥ããããšèããããšããããŸãã
“ãã® OSS ã äŸåãã OSS” å㯠“ãã® OSS ã« äŸåãã OSS” ãææ¡ãããæã«äŸ¿å©ãªãµã€ãã§ãã
ãã¡ããåãããå¿
ãããå
šãŠã® OSS ã«ã€ããŠæ€çŽ¢ã§ãããã®ã§ã¯ãªãã§ãã
ãœãããŠã§ã¢ã®ãœãŒã¹ã³ãŒããæåéºç£ãšããŠä¿åããäºæ¥ã«ãããã®ã§ã以åã¯å ¬éãããŠãããœãããŠã§ã¢ãèŠã€ãããªãå Žåã«äŸ¿å©ãªãµã€ãã§ãã䌌ããããªãµã€ãã«ãInternet Archive ã«ãã Wayback Machine ããããŸããããã¡ãããããœãããŠã§ã¢ã«ç¹åããŠåéããŠããã®ãç¹åŸŽã§ãã
FOSS (Free Open Source Software) ã®æŽ»çšã§éèŠãšãªãã©ã€ã»ã³ã¹æ å ±ãè匱æ§æ å ±ãæ確ã«ããããã«ãã³ãã¥ããã£ã§ããããæ å ±ã®ç¢ºãããããåäžãããåçµã§ããOSS ãèŠã€ãã£ãŠãæ å ±ãäžè¶³ããŠããå ŽåãèšèŒäºé ãšããŠææ¡ã§ããããšãããã°è²¢ç®ãããšè¯ãããç¥ããŸããã
ãããŠããOSS ã«ã¯å©çšèš±è«Ÿæ¡ä»¶ãšããŠã®ã©ã€ã»ã³ã¹ã宣èšãããŠããŸãããããŠãã©ã€ã»ã³ã¹ã§ã¯ãã©ã®ãããªç®çã§ã©ã®ãããªäœ¿ãæ¹ã蚱諟ãããŠããã®ãããŸãããã®ããã«å©çšè ãæããã¹ã矩åãªã©ãæèšãããŠããããšã§ããããããããã©ã€ã»ã³ã¹ã«ã€ããŠç解ãæ·±ãããæã«åèãšãªããµã€ãã玹ä»ããŸãã
ã©ã€ã»ã³ã¹ã®è§£éã§ã¯ãæ¡æ(åæ)ããã®æ¡æ(åæ)ãäœæãããèæ¯ããã® OSS ã«ãã®ã©ã€ã»ã³ã¹ã宣èšãããèæ¯ãã³ãã¥ããã£ã®ååãªã©ãéèŠãªèŠçŽ ã«ãªãããšæããŸããå Žåã«ãã£ãŠã¯äœæã宣èšã«è³ãè°è«ããã®è°è«ãžã®åœ±é¿ãæ³å®ãããåœåã¯ãã®OSSãå©çšããã§ãããåœã«ãããæ³ä»€ãå€äŸã®ååã«ãæ°ãã€ããããšãããããç¥ããŸãããæ³åéšãç¥è²¡éšãåŒè·å£«ãåŒç士çã®æ³åŸã®å°é家ã«çžè«ããã®ã¯å€§å€éèŠãªæ段ã§ãããããæã§ããå ã«æããèŠçŽ ãæŽçæ€èšããŠãããšè¯ãæããããŸããã©ã€ã»ã³ã¹ã«ãã£ãŠã¯å ¬åŒã®ç¿»èš³çããã£ãŠããåæã®ã¿ãæå¹ãšå®£èšããŠãããã®ãããã®ã§æ³šæãããšè¯ãã§ãããã
ãšããã§ãOSS ãããžã§ã¯ãã GitHub ã«ç»é²ãããŠããå Žåãissues 㧠“is:issue license” ãªã©ãæ€çŽ¢ããŠã¿ããšãå Žåã«ãã£ãŠã¯ãã®ãããžã§ã¯ããã©ã€ã»ã³ã¹ãéžæããéçšãèŠãããšãã§ãããããããŸãããæ°ã«ãªããšãã¯è©ŠããŠã¿ãŠãã ããã
åæçã®äžæ¬¡æ
å ±ã¯éèŠã§ããã©ããã£ãããšã§ãããã®ã§ãã©ã€ã»ã³ã¹ã®æŠèŠãææ¡ãããæã£ãŠãããŸãããã
ããããæã¯ã次ã®ãµã€ããæ
å ±ãåèã«ãªãããç¥ããŸããã
ã©ã€ã»ã³ã¹ã«ã€ã㊠“Can”ã”Cannot”ã”Must” ã®é
ç®ã«åããŠç¹åŸŽãæŽçããŠããŸãã
ãã®å
容ã«ã€ããŠåŒè·å£«ãå°é家ãªã©ã«ããã¬ãã¥ãŒæžã¿ã®å Žåã¯ãã®ããšãæ瀺ãããŸãã
ã¬ãã¥ã¯ãŒã®äžäººã® Heather Meeker ããã¯ãå¥èšäºã§çŽ¹ä»ãã Open Source For Business ã®èè
ã§ãã
Open Source Project ã§å®£èšãããã©ã€ã»ã³ã¹ãéžã¶éã®ãå©ããµã€ãã§ãã
å©çšã蚱諟ãããæ¡ä»¶ã«å¿ããŠãè¿ããã©ã€ã»ã³ã¹ãèŠã€ããããšãåºæ¥ãŸãã
ã©ã€ã»ã³ã¹ã«ã€ã㊠“Permissions”ã”Conditions”ã”Limitations” ã®é
ç®ã«åããŠç¹åŸŽãæŽçããŠããŸãã
OSS ãèªååãªã©ã®ç£æ¥æŽ»çšãæšé²ããããšãç®çãšããçµç¹ã§ããã®èŠ³ç¹ã§æ§ã
ãªåçµãããŠããŸãã
ãã®èšäºã§ã¯ãOpen Source License ChecklistsãšãOpen Source License Checklists – Access to raw data ãšã玹ä»ããŸãããšãã«ãraw data ã¯ã©ã€ã»ã³ã¹ã®å
容ã«ã€ããŠã”USE CASE” ãšããã«å¿ãã矩åãæ§é çã«æŽçããŠããŸããè©Šãã«ãMIT ãš Apache-2.0 ãš GPL-3.0 ãšãèŠæ¯ã¹ãŠã¿ãŠãã ããã
OSS ã®æ®åä¿é²ãç®æãçµç¹ã§ã”Open Source Definition” ãªã©ã®åçµã§ç¥ãããŠããŸããOSI ãèªå®ããã©ã€ã»ã³ã¹ã®ãªã¹ãã«ãããã確èªããããšã«å©çšãããæ¹ãå€ãããã§ãããLicense Review ã License Discuss ãªã©ã®ã¡ãŒãªã³ã°ãªã¹ãã®ã¢ãŒã«ã€ãããåã ã®ã©ã€ã»ã³ã¹ã®è°è«ãè¿œãã®ãã©ã€ã»ã³ã¹ãžã®ç解ãæ·±ããããã«åèã«ãªãã§ãããã æè¿ã¯ãNews ã®ããŒãžã§ææ¯ã®ãµããªãé ä¿¡ãããã®ã§äŸ¿å©ã§ãã
GNU Public LicenseïŒGPLïŒã®ææ°ç㯠GPL-3.0ã§ããã®æŽŸçã§ãã GNU Lesser General Public License ã®ææ°ç㯠LGPL-3.0, GNU Affero General Public License ã®ææ°ç㯠AGPL-3.0 ã§ããããã以åã®ã©ã€ã»ã³ã¹ã宣èšãã OSS ãå€ãèŠãããŸãã
GPL ã®è§£éã§ã¯ã次ã®ã³ã³ãã³ãã話é¡ã«ããããšãå€ãããã«æããŸãïŒ
詳现ã«è§ŠããŸããããGPL ã«é¢ããŠã¯ãéåæã®å埩æ¡ä»¶ã«é¢ããåããç¥ã£ãŠãããšè¯ãããç¥ããŸããã
ããããåãã®èæ¯ã«é¢å¿ãããæ¹ã¯ “copyright troll” ãªã©ã®æ å ±ã調ã¹ãŠã¿ãŠãã ããã
æ£ãã㯠APACHE LICENSE, VERSION 2.0 (Apache-2.0) ã§ãã
ã©ã€ã»ã³ã¹ã®åæãšåæ§ã« FREQUENT QUESTIONS ABOUT APACHE LICENSING ãåèã«ãªããŸãã
è¿å¹Žãã³ã³ããªãã¥ãŒã·ã§ã³ã®éã« Contributors License Agreement (CLA) ãžã®åæãæ±ãã OSS ãèŠãããŸãããApache Software Foundation (ASF) ãäœæãã CONTRIBUTOR LICENSE AGREEMENTS ãšæ¯èŒããŠã¿ããšè¯ãããç¥ããŸãããããããŠãFREQUENT QUESTIONS ABOUT ASF CONTRIBUTION AGREEMENTS ãåèã«ãªãããã§ãã
ææ°ç㯠MPL-2.0 ã§ãã MPL 2.0 FAQ ãåèã«ãªããŸãããã以åã®ç㯠Mozilla Public License Version 1.1 (MPL-1.1) 㧠MPL 1.1 FAQ- HISTORICAL USE ONLY ãå ¬éãããŠããŸããããã®æ¹èšã®çµç·¯ã«é¢ãã Historical Licensing Documents ãåèã«ãªãã§ãããã
æ£ãã㯠Eclipse Public License – v 2.0 (EPL-2.0) ã§ãã
ã©ã€ã»ã³ã¹ã®åæãšåæ§ã« Eclipse Public License (EPL) Frequently Asked Questions ãåèã«ãªããŸãããã以åã®çã¯ãEclipse Public License – v 1. (EPL-1.0) 㧠Eclipse Public License 1.0 (EPL) Frequently Asked Questions ããããŸãã
Eclipse Foundation ã Eclipse Contributor Agreement ãš Eclipse Contributor Agreement (ECA) FAQ ãšãå ¬éããŠããŸãããŸããEclipse Foundation Project ã®ããšã§ OSS ãããžã§ã¯ããåé åž(redistribution)ããæã¯ãThird Party Content Licensesã«ã泚æãããšè¯ãã§ãããã
Creative Commons ã¯åµäœç©ãç¥èŠãªã©ã®å ±æãåå©çšã®ä¿é²ãç®çãšããŠãããã€ãã®ã©ã€ã»ã³ã¹ãå®çŸ©ããŠããŸããã©ã€ã»ã³ã¹ã¯ “Attribution (by)”ã”ShareAlike (sa)”ã”NonCommercial (nc)”ã”NoDerivatives (nd)” ãªã©ã®License Condition ã®çµåãã§æ§æãããææ°çã¯4.0ã§ãããŸãã”Public Domain” ã宣èšããããã®ãã®ãšã㊠CC0 ãå®çŸ©ããŠããŸããFrequently Asked Questions ããããŸãã
“NonCommercial (nc)” ã®å®çŸ©ã解éã«ã€ããŠã¯ã次ã®åèæ å ±ãæäŸãããŠããŸãã
ãšããã§ãè³ªå “What are Creative Commons licenses?” ã«å¯Ÿããåçã®äžã«æ¬¡ã®äžæããããŸãã
The only categories of works for which CC does not recommend its licenses are computer software and hardware.
(åèèš³ïŒCC (ã©ã€ã»ã³ã¹) ããèŠãããªãã«ããŽãªã®åµäœç©ã¯ã³ã³ãã¥ãŒã¿ãœãããŠã§ã¢ãããŒããŠã§ã¢ã§ãã)
å㯠CC BY-NC-SA ã宣èšãã OSS ã«ééããŠé©ããããšãããã®ã§ãããæåã®å ¬éããæ°å¹ŽåŸã« BSD 2-Clause “Simplified” License (BSD-2-Clause) ã«å€æŽãããŠããŸããã
ããŠãäžèšä»¥å€ã§ãOSS ã§ã® CC ã©ã€ã»ã³ã¹ã®å©çšäºäŸã«ã©ã®ãããªãã®ãããããã§ããããã
å ã«åœæ¯ã®æ³ä»€çã®éãã«æ³šæãå¿ èŠãªå Žåããããšè¿°ã¹ãŸãããã”Public Domain” ã¯èäœæš©æ³ãªã©ã®é¢ä¿ã§ãããã話é¡ã®äžã€ãšããŠç¥ãããŠããŸããããã§ãOSS ã®èäœæš©è ãèäœæš©çãè¡äœ¿ããªãããšã宣èšããæ段ãšã㊠CC0 ãçšããäºäŸãèŠãããŸãã
ãŸããéçºè å士ã§æ å ±äº€æãããµã€ãã§ãæžã蟌ã¿ã CC BY-SA ã§æ±ããšããå©çšèŠçŽã®ãã®ãèŠãããšããããŸãããããããµã€ãã§çŽ¹ä»ãããŠããã³ãŒãã snippet ãšããŠæåããæã¯æ³šæãå¿ èŠããã§ããã
ãµãŒããµã€ãã§ã®å©çšã察象ãšãã OSS ã©ã€ã»ã³ã¹ã« AGPL ãªã©ããããŸãããè¿å¹Žã¯ã¯ã©ãŠãã«ãããµãŒãã¹æäŸãæèããã©ã€ã»ã³ã¹ãèŠãããããã«ãªã£ãŠããŸãããããã§ã¯ãäŸã幟ã€ãæããŠãããŸãã
ã©ã€ã»ã³ã¹ã«ã€ããŠã©ã®ãããªããšãåé¡ãšãªããããã©ãæ€èšããã®ãã¯ãå°é家ãå
éã®ç¥èŠãåèã«ãªããŸãã
OSS ã©ã€ã»ã³ã¹ã«é¢ããæ³ä»€çã§åœæ¯ã«éãéšåãããããç¥ããŸãããããããç¹ãèæ
®ããªãããã©ã€ã»ã³ã¹ã®æ¡æãã次ã«çŽ¹ä»ããè°è«ãæ€èšãèªããšè¯ãã§ãããã
copyleft.org 㯠copyleft ã©ã€ã»ã³ã¹ã«é¢ããæ å ±æäŸãç®çãšãããããžã§ã¯ãã§ããCopyleft ãš GPL ã«ã€ããŠãŸãšãŸã£ãææžã«æ¬¡ããããŸãã
SFLC 㯠Free, Libre and Open Source Software (FLOSS) ãããžã§ã¯ãã«å¯ŸããŠæ³çã¢ããã€ã¹ãªã©ã§æ¯æŽããããšãç®çãšããçµç¹ã§ãã代衚è
㯠Columbia Law School 㧠Professor of Law ãåãã Eben Moglen æ°ã§ãã
GPL ã«é¢ããææžãå€ããããŸãããåããšãã«åèã«ãããã®ã玹ä»ããŸãã
äžè¬è²¡å£æ³äºº ãœãããŠã§ã¢æ å ±ã»ã³ã¿ãŒ (SOFTIC) ãç«ã¡äžãã ãIoT æ代ã«ããã OSS ã®å©çšãšæ³çãªã¹ã¯ã«é¢ããæ€èšå§å¡äŒã ã§ã®æ€èšçµæã QïŒA éãšããŠçºãããã®ã§ããå§å¡äŒã¡ã³ããŒã¯æ³åŸå°é家ãšäŒæ¥å®åæ åœè ã§ãOSS ãå©çšããäžã§ã®æ³çè«žåé¡ãããžãã¹ãå±éããäžã§ã®çåç¹ã«ã€ããŠãæäŸè ãå©çšè ã®ç«å Žã§ã®è«ç¹ãåãäžããããŠããŸããåºæã«åå·çè ã®ç·æãçºãããã®ã§ã¯ãªããšããéããããããèŠè§£ãããããšããŠæ€èšææã«ããã®ãè¯ã䜿ãæ¹ã®ããã«æãããŸãã
ç¬ç«è¡æ¿æ³äºº æ
å ±åŠçæšé²æ©æ§ (IPA) ãéå»ã«åãçµãã 調æ»äºæ¥ã«OSSã©ã€ã»ã³ã¹ã察象ãšãããã®ããããŸãã
éå»ã«åœå
ã§ãã£ãè°è«ãæ€èšãææ¡ãããæã«åèã«ãªãæ
å ±ãåŸãããŸãã
ããšãã°ã次ã®ãããªææžãå
¬éãããŠããŸãã
æ¥æ¬åŒç士äŒ(JPAA)ã®äŒèªã§ãããæåããã³ããã¯éäŒå¡ã§ãé²èŠ§åºæ¥ãèšäºããããŸããäŸãã°ã2006幎06æå·ã« ããªãŒãã³ãœãŒã¹ãœãããŠã§ã¢ã®ã©ã€ã»ã³ã¹ãšç¹èš±æš©ããšããèšäºããããŸãã
æ¥æ¬ç¥ç財ç£åäŒïŒJIPAïŒã¯ãç¥ç財ç£ã«é¢ããè«žå¶åºŠã®æŽ»çšãæ¹åãå³ã£ãŠåœå ç£æ¥ã®çºå±ãžã®å¯äžãç®çãšããŠåœå äŒæ¥ãåå ããå£äœã§ããäŒæ¥ç¥è²¡éšéããäŒæ¥ã®æ ãè¶ ããŠèª¿æ»ç 究ããå Žã«ãªã£ãŠããŸããæ©é¢èªã ç¥è²¡ç®¡çããå šãŠèªã¿ããå Žåã¯äŒå¡äŒæ¥ã§ãã£ãŠãè³Œå ¥ããå¿ èŠããããŸãããåœäŒå³æžé€šãªã©ã§é²èŠ§ããããšãåºæ¥ãŸããããšãã°ãããã¯ãã³ããŒãæ€çŽ¢ããŠã¿ããšã68å·»(2018幎)/5å·ã«ãOSSã©ã€ã»ã³ã¹éµå®ã®ããã®åºç€ç¥èããšé¡ããè«æãæ²èŒãããŠããããã§ãã
OSS ãã©ã®ã©ã€ã»ã³ã¹ã«åºã¥ããŠæäŸãããŠããã®ããOSS ãäŸåããä»ã® OSS ã«ã©ã®ãããªãã®ãããã®ããã¯ãéèŠãªæ å ±ã§ããããã§ã¯ãæ å ±ã®å®çŸ©ãæ å ±äº€æã®ããã®ãã©ãŒããããããããæ å ±ãæ€åºããããã® OSS ãªã©ã玹ä»ããŸãã
ãªããAyumiWatanabe ããã®èšäºãOSS管çã®ãã¹ããã©ã¯ãã£ã¹ïŒOSS管çããŒã«ã®éžã³æ¹ (12/11å ¬éèšäº)ã ã§ã¯åçšè£œåãžã®ãªã³ã¯ãããã®ã§ãèå³ã®ããæ¹ã¯ãã¡ããã芧ãã ããã
“Software Data eXchange Package” ã¯ãSBOM (Software Bill of Materials) ã«ã€ããŠæ å ±äº€æããããã®ä»æ§ã§ãããã³ã³ããŒãã³ããã©ã€ã»ã³ã¹ãèäœæš©ãã»ãã¥ãªãã£çã ã®æ å ±ãæ±ããããã«ãªã£ãŠããŸããææ°ã®ä»æ§ã¯2.1çã§ã Frequently Asked Questions (FAQ) ããããŸããSPDX License List 㧠“Full name” ã “Identifier” ãèŠãããŸãããªãããã®èšäºã®å·ççŸåšã§ã3.0çã«åããæ€èšãå§ãŸã£ãŠããŸãã
å ã® “Identifier” ã¯æ£ãã㯠“SPDX short-form identifiers (SPDX ID)” ãšåŒã³ãŸããã人ãã¹ãã£ã³ããŒã«ãªã©ã§ãå€å¥ããããããã«ãSPDX ID ã®å©çšãæšå¥šããåçµãèŠãããŸããèå³ãããæ¹ã¯ REUSE SOFTWARE ãã芧ãã ããã
ãœãŒã¹ã³ãŒããã¹ãã£ã³ããŠãã©ã€ã»ã³ã¹ãèäœæš©è¡šç€ºã茞åºç®¡ç(Export Control: EC) ã«é¢é£ããæ
å ±ãæœåºããŸãã
å£ãããæ
£ãããªæ¹ã¯ Get Started With FOSSology ãš Hands-On Training Support Page ãªã©ã®ããŒãžãåèã«ãªããšæããŸãã
å©çšäºäŸã«èå³ãããæ¹ã¯ãy-ashiduka ããã®èšäºãYoctoç°å¢ã«meta-spdxscannerãé©çšããSPDXåºåç°å¢ãæ§ç¯ããïŒfossdriverå©çšç·šïŒ(12/10å ¬éèšäº)ã ããäžèªãã ããã
ãœãŒã¹ã³ãŒããã¹ãã£ã³ããŠãã©ã€ã»ã³ã¹ãèäœæš©è¡šç€ºãäŸåã«é¢é£ããæ
å ±ãæœåºããŸãã
FOSSology ãšã¯æ€åºã¢ã«ãŽãªãºã ãç°ãªãããšã«äŒŽãæ€åºçµæã®éãããã䜿ãåããå©çšè
ãããããã§ãã
åèãŸã§ã«ã§ãããã©ã€ã»ã³ã¹æ å ±ã®ã¹ãã£ã³ç²ŸåºŠã«é¢ããèå¯ã« Thomas Wolter ã«ãã “A Comparison Study of Open Source License Crawler” ãšããè«æããããŸãã
FOSSology ã ScanCode ãå§ããšããåçš®ããŒã«ãé£æºããSBOM管çãå¹çåããããã®ã«ã¿ãã°ããŒã«ãšããŠéçºããããã®ã§ãã
K-Hama ãããããOSS管çããŒã« SW360 – ãªãŒãã³ãœãŒã¹ããªãŒãã³ãœãŒã¹ã§ç®¡çããã ïŒ1.1 æ°ããŒãžã§ã³ã€ã³ã¹ããŒã«ç·šïŒããšããèšäºããå©çšæ¹æ³ãèšããããã¥ã¡ã³ã ãå
¬éããŠãããŠããã®ã§ãèå³ã®ããæ¹ã¯ãäžèªãã ããã
OSS ã®ã¬ãã¥ãŒããã»ã¹ãæ¯æŽããããã”Analyzer”ã”Downloader”ã”Scanner”ã”Evaluator”ã”Reporter” ãªã©ã®ããŒã«çŸ€ã§æ§æãããŠããŸãã
ãOpen Source Compliance ã®ã圹ç«ã¡æ
å ±ãŸãšãã»äžãã§ãã
åŒãç¶ãåãæ
åœããŸããæ
å ±åéããããã¯ãŒãã³ã°ã«åœ¹ç«ã€ã€ãã³ãããæžç±ãææžãªã©ç¥èãåŸãã®ã«å©çšãããã®ã玹ä»ããããšæããŸããã楜ãã¿ã«ïŒ
å¿é 寺æ¯
ãšç³ããŸãã
以äžã¯ãæ¬çš¿å·çæç¹ã®ãã®ã«ãªããŸãã
æå±ã¯æ ªåŒäŒç€Ÿãã£ãŒã»ãšãã»ãšãŒ ã·ã¹ãã æ¬éš CTO宀ã§ãã
äž»ã«ç¥ç財ç£ãã³ã³ãã©ã€ã¢ã³ã¹é¢é£ã®æ¥åã«åŸäºããŠããŸãã
2019幎2æãã OpenChain Japan Work Group ã«ã³ãã¥ããã£ã¡ã³ããŒãšããŠåå ããŠããŸãã
å幎4æãã JIPA ãœãããŠã§ã¢å°éå§å¡äŒã«ãŠ2019幎床ããŒããšã㊠OSS ãšäŒæ¥ç¥è²¡ã«é¢ãã調æ»ç 究ã«åå ããŠããŸãã
åè·ã¯éä¿¡äŒç€Ÿã§ç 究éçºéšéã«é·ãããŸãããã€ã³ã¿ãŒãããæ§ç¯éçšãHCIã移åæ©ç«¯æ«éçºãé¢é£ããæšæºåãã¢ãã€ã« AR ãšãã£ã PoC (Proof of Concept) ã®ããã®ãµãŒãã¹è©Šäœéçºãªã©ã«åŸäºããŠããŸããã
The OpenChain Japan Work Group hosted its 15th meeting (2nd virtual) at 2pm local time on the 18th of June. The majority of the meeting was held in Japanese but as always foreign guests were welcome to join and ask questions or share news in English.
Review the Slides
Learn More About Japan Work Group Activities
© 2024 OpenChain. All rights reserved. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our Trademark Usage page. Linux is a registered trademark of Linus Torvalds. Privacy Policy and Terms of Use
