Featured

The global lockdown due to the spread of COVID-19 is a unique historical moment. We are seeing both great success and great challenges in addressing this disease, and at all times there is an awareness that it can impact our close friends and families. To a large extent the OpenChain community is fortunate. Many of our companies allow us to work from home. Many of us are near excellent health services. We are well-positioned to weather this storm.

That said, COVID-19 has disrupted all of our supply chains and it has created a situation where face-to-face meetings have been completely supplemented by remote services. Different companies are at different stages in using such systems and we inevitably face a combination of adjusted priorities and delays in this situation. Open source license compliance is just one component among thousands as we collectively try to maintain services and to bring products to market in a changed world.

During Q1 our community has continued to function effectively. We launched our German Work Group. Our Asian work groups (China, Japan, Korea, Taiwan and India) either proceeded entirely remotely or deferred certain activities while continuing core work remotely. Our global automotive and reference tooling work groups continue to bring people together and – in the case of tooling – edge ever closer to describing fully-formed methods for companies to deploy open source tooling for open source compliance automation. Most importantly, our work in bringing OpenChain through the ISO process has continued, and we remain on track for deployment as an official ISO standard in 1H 2020. 

Looking forward I would highlight three activities that can help drive us forward and address immediate market requirements.

1. We keep pushing our ISO work. This will be a critical development for assisting sales and procurement departments in their understanding, adoption and deployment of our industry standard.
2. We work to bridge the physical divide that our community faces due to the pandemic. To make this happen I am going to pivot our bi-weekly calls. With less emphasis on editing our standard (the forthcoming ISO version is fully baked) and our reference material largely produced via local work teams, there is an opportunity to launch an on-going series of webinars to provide access to people and knowledge that we would otherwise obtain at events. The timing schedule remains the same (first Monday, third Monday). Full announcement later today.
3. We seek to address the growing market demand for clarity on automation via our Reference Tooling Work Group. Today I am putting out a request to our tooling work group to accelerate activity around one or more turn-key reference implementations of open source tooling for open source compliance. I believe this will provide both the opportunity to guide more companies onto automation in compliance and – just as importantly – it will provide a clear understanding of gaps in existing tools. The latter point will allow us to provide “shopping lists” to activities like ACT, which is a funding umbrella for a growing number of open source tooling projects.

You fit into every part of this

• Join our webinars as part of the audience or as presenters. Ask questions and provide answers. Bridge the knowledge gaps that we all benefit from closing. 
• Participate in our local work groups (virtually for now), helping to create reference material in multiple languages that takes companies forward in their desire to deploy the key requirements of quality open source compliance programs.
• Take part in our global work groups (reference tooling, automotive, education) and help to tie together whole-sector understanding and responses. 

You can get started right away.

Over the last 34 months we have redefined how open source compliance is approached. We have built an industry standard that is seeing accelerating adoption. We have produced over 400 documents of reference material to support this standard. Our educational material has become a new baseline for how companies approach the training of their staff. Above all, as a virtual-first community, we are positioned to provide a pillar that visibly, effectively guides the global expanse of companies adopting, developing and deploying open source in products and services.

OpenChain is an ambitious project that has experienced exceptional success in defining what constitutes a quality open source compliance program. We are equally successful in fostering exceptional local and global communities that redefine how organizations collaborate on shared solutions. In our space, and in the wider open source community, there has never been a better time to help reduce friction and help people work together.

Let’s take this forward.

Access the most comprehensive OpenChain information in Traditional Chinese here.

OpenChain 臺灣網站正式上線!

https://openchain-project.github.io/OpenChain-TWG/

OpenChain提供一致性方案可以涵蓋單個產品線或整個組織，在開源裡建立信任以構建軟體解決方案。

臺灣網站旨在提供繁體中文的OpenChain相關內容以及活動資訊.

若對網站內容有任何指教, 歡迎各位先進提交修改

https://github.com/OpenChain-Project/OpenChain-TWG

Telegram 討論頻道

https://t.me/joinchat/O6BDhVXYm17Bm8_4s-aZIg

訂閱臺灣 OpenChain 官方社群 Mailing List

https://lists.openchainproject.org/g/taiwan-wg

はじめに

こんにちは。あるいは、はじめまして。
OpenChain Japan WGのアドベントカレンダーへようこそ！
私たちOpenChain Japan WGは、OSS(Open Source Software)のコンプライアンスに関する活動をしている日本のコミュニティです。
これから25日間にわたって、コミュニティのみんなでたくさんのことをお伝えしていきたいと思います。このアドベントカレンダーを通して、私たちの活動やOSSコンプライアンスの重要性について知っていただくとともに、コミュニティのメンバーについても知っていただき、参加したいなと思っていただけるようになれば幸いです。
どうぞよろしくお願いします。

自己紹介

アドベントカレンダーのトップバッターを務めさせていただきます渡邊歩です。OSSの活用に関するコンサルテーションを生業としています。
好きなライセンスは、Beerware Licenseです。
OSSコンプライアンスについては8年ほどのキャリアになりますが、OSS管理のベストなやり方を提案し、お客様と一緒にOSS管理のプロセスを作りあげていくお仕事をしています。

OpenChainについて

OpenChainは、Linux Foundationの公式プロジェクトのひとつで、OSSのライセンスコンプライアンスプログラムを組織が構築するための指針を整備しているプロジェクトです。OpenChainは、ソフトウェアのサプライチェーンの中で活動する人々が各組織内に確立すべきコンプライアンスプログラムの要件を、OpenChain仕様として定義し、各組織がそれらを確立するための支援を行っています。

Japan WGについて

OpenChain Japan WGは、日本で活動するOpenChainのワーキンググループで、日本企業ならではの課題や解決策について議論や情報交換を行っています。Japan WGの中には更にPlannning, Tooling, Promotion, FAQ, リーフレット, 教育資料, ライセンス情報など、たくさんのサブワークグループがあり、それぞれが活発に活動しています。このアドベントカレンダーでは、それぞれのサブワークグループのリーダーによる活動報告もありますのでお楽しみに！

我々のまとめ役、Shaneさん

OpenChainのゼネラルマネージャーのShane Coughlanさんは、我々のまとめ役として、我々の活動をいつも、温かく応援してくれています。
Shaneさんからのコメントを紹介します！

The OpenChain Project defines the industry standard for open source compliance. It identifies the inflection points where a process, or a policy, or a training program should exist. At a high level, it takes the knowledge of thousands of people from hundreds of companies in this space, and it condenses it into clear, unambiguous definitions that any company in any market can adopt.

The OpenChain industry standard does not dictate the content of each process, policy or training program because it needs to be applicable to companies of all sizes in all markets. However, we have a super active and supportive community. There is reference material of all sorts – including entire reference training programs or multi-industry policy options – accessible via our website.

Indeed, the community of the OpenChain Project is our most valuable asset. We have local work groups in China, India, Japan, Korea and Taiwan. We have global mailing lists for the project as a whole, for automated tooling, for automotive. There is an incredible amount of energy and passion around collaboration in this space. We are all learning, and improving, due to this.

The OpenChain Japan Work Group holds a special place in my heart. It was our first local work group and it is our largest, most successful local community activity. People from so many companies and situations join together, share their thoughts, and collaborate to make things better. It captures the heart of open source. I hope that you can experience some of this during our 25 day advent calendar.

(日本語訳)
OpenChainプロジェクトは、オープンソースコンプライアンスを実施するために必要な業界標準を定義しています。この業界標準は、組織にオープンソースコンプライアンスが定着することを、プロセス、ポリシー、トレーニングプログラムが存在することと定義しています。高いレベルで、この分野の数百の企業の数千の人々の知識を、明確で不明瞭さのない定義へと凝縮させています。このため、この定義はあらゆる市場の企業に適用できるものになっています。

OpenChain業界標準は、すべての市場のあらゆる規模の企業に適用できる必要があるため、プロセス、ポリシー、トレーニングプログラムの具体的な内容には触れません。しかしながら、我々には非常に活発で協力的なコミュニティがあり、有益な情報を相互に共有することができます。あらゆる種類の参考資料(網羅的なトレーニングプログラムや複数業種に適用できるポリシーなど)を、我々のWebサイトから入手することができます。

OpenChainプロジェクトのコミュニティは、まさに我々の最も貴重な財産とも言えるものでしょう。中国、インド、日本、韓国、台湾などにローカルワークグループがあります。また、OpenChain全体(グローバル)のメーリングリスト(ML)にも、プロジェクト全体のML、コンプライアンスの自動化ツールのML、自動車分野のMLが存在しています。各地域のワーキンググループや各トピックのメーリングリストを通じて行われるコラボレーションには、信じられないほどのエネルギーと情熱があります。このような「熱い」コラボレーションにより、私たちは皆、これにより新たな気付きを得、自ら改善することができるのです。

OpenChain Japan WGは私にとって特別なものです。我々OpenChainにとって初のローカルワークグループであり、かつ最も大きくかつ成功しているローカルコミュニティでもあります。多様な企業、異なる状況にあるメンバーが一緒に活動し、意見を交換しながらより良いものを目指して協力しています。これはオープンソースの精神そのものであると思います。このアドベントカレンダーの読者の方が25日間を通して我々の活動を体感していただければ嬉しく思います。

明日のテーマは・・・

明日のテーマは「Planningサブワークグループの紹介」です。
担当は、いつもワーキングの色々なタスクを率先してやって下さる、とっても優しい今田さんです。
では明日の記事をお楽しみに！！

来週:

OpenChain プロジェクトおよび OpenChain Japan WG のご紹介

Legal Assessor Epic

A legal assessor might be a lawyer or a special trained person who cares about licenses which apply to applications that include OSS and/or other third party software.

Explore Their Epic

• https://github.com/Open-Source-Compliance/Sharing-creates-value/blob/master/User-Stories/Legal-Assessor-User-Stories/Legal-Assessor-Epic.md

Software Architect Epic

This epic describes briefly the role, responsibilities, tasks and how the software architect interacts with the toolchain in order to accomplish his tasks in an efficient way.

Explore Their Epic

• https://github.com/Open-Source-Compliance/Sharing-creates-value/blob/master/User-Stories/Software-Architect-User-Stories/Software-Architect-Epic.md

Software Developer Epic

This epic describes briefly the role, responsibilities, tasks and how the software developer interacts with the toolchain in order to accomplish his tasks in an efficient way.

Explore Their Epic

• https://github.com/Open-Source-Compliance/Sharing-creates-value/blob/master/User-Stories/Software-Developer-User-Stories/Software-Developer-Epic.md

Compliance Assistant Epic

This epic describes briefly the role, responsibilities, tasks and how the compliance assistant interacts with the toolchain in order to accomplish his tasks in an efficient way.

Explore Their Epic

• https://github.com/Open-Source-Compliance/Sharing-creates-value/blob/master/User-Stories/Compliance-Assistant-User-Stories/Compliance-Assistant-Epic.md

ECC Expert Epic

A ECC expert (export control and customs) might be a lawyer or a special trained person in export control regulations who cares about all export control classifications for applications which are delivered that include OSS and/or other third party software.

Explore Their Epic

• https://github.com/Open-Source-Compliance/Sharing-creates-value/blob/master/User-Stories/ECC-Expert-User-Stories/ECC-Expert-Epic.md

Explore More Epics

The Work Group has created a range of further epics or use cases. These are living documents and your contribution is welcome alongside your use.

• https://github.com/Open-Source-Compliance/Sharing-creates-value/tree/master/User-Stories

Get this guide and many more documents in the OpenChain Reference Library: https://github.com/OpenChain-Project/Reference-Material

The recent news regarding MOXA’s decision to become an OpenChain Platinum Member has spread through Chinese and Korean language media. Naturally these are very important geographic and linguistic areas for us. We hope these stories will be useful for our community in discussions inside companies, with other companies, and with the broader technology community.

DigiTimes (Traditional Chinese)

• https://www.digitimes.com.tw/iot/article.asp?cat=130&cat1=40&cat2=10&id=0000580247_4O613FPK5VLYYO6HLCV2K

Control Engineering China (Simplified Chinese)

• http://www.cechina.cn/Company/50919_218382/messagedetail.aspx

ICN Web (Korean)

• https://icnweb.kr/2020/42342/

The founders of AlektoMetis, Prof. Dr. Andreas Bärwald and Nicole Pappler have been closely connected to the OpenChain project for several years. After successfully creating and launching the OpenChain 3rd party certification during their time at the TÜV SÜD Group, they now continue to provide software centric consulting and assessment services with AlektoMetis.

“We are very happy to be a partner of the OpenChain project.” says Prof. Dr. Andreas Bärwald, CEO of AlektoMetis. “This will enable us to continue our longstanding successful partnership in our new professional home and to work with our customers and cooperation partners. Open Source related topics are of increasing importance for our customers. Considering that nowadays added value is implemented mainly by software, competence with respect to software becomes increasingly important to companies of all sizes and industries. Including open source licensed components allows companies to concentrate on the creation of value by their own intellectual property while relying on open source for standard tasks. This requires a suitable FOSS governance process in the companies. On the basis of OpenChain we can support our customers exactly here”.

“Building a trusted supply chain depends greatly on having trusted partners,” says Shane Coughlan, OpenChain General Manager. “We need to know that our fellow user companies have adopted or are adopting the key requirements of quality open source compliance programs. We need to know that there is reference material to help them in this process. Lastly, we need to know that there is strong support infrastructure to ensure they can get solid legal, professional and certification advice as needed. Nicole and Andreas have long had a substantial presence and contribution to the OpenChain Project on the latter point, and our new official partnership is another milestone in building out this international standard.”

“The OpenChain community is quite a welcoming and inspiring place and I’m really excited to be part of the OpenChain partner network, seeing it growing and looking for the time to come.” Says Nicole Pappler, AlektoMetis representative in the OpenChain project. “Both engineering, quality management and legal experts are working together to create guidance and clear criteria to enable the license compliant usage of and contribution to open source projects for every industry player, no matter what size and background. It will be my very pleasure to contribute to OpenChain to see the three pillars of OpenChain certification –  self certification, independent compliance assessment and 3rd party certification –  grow into a most useful policy in the supply and release chain.”

About AlektoMetis

AlektoMetis, founded in 2019, offers consulting and assessment services in the areas of functional safety, software quality and processes. The associated AlektoMetis Academy will offer extensive online and offline seminars starting in the second half of 2020. Nicole Pappler represents AlektoMetis in the open source working group of the German IT industry association Bitkom, where she is a member of the board. Furthermore AlektoMetis supports the German working group of the OpenChain project.

AlektoMetis is a brand of
PAPPSTARpromotion GmbH         
Nürnberger Str. 2
91717 Wassertrüdingen
Germany
www.PAPPSTARpromotion.de / 
www.AlektoMetis.com 

Mieux vaut prévenir que guérir

The OpenChain Specification 2.0, the latest version of our industry standard for open source compliance, is now available in French. This official translation provides a reference to assist with understanding and engagement throughout companies.

OpenChain 2.0 is the latest version of our standard and it is functionally identical the the forthcoming ISO standard. This means that any company that conforms with OpenChain 2.0 will also be conformant with the ISO standard on release.

Big Thanks To Our Local Contributors

• Tristan FAURE
• Bruno GRASSET
• Benjamin JEAN
• Laurent JOUBERT
• Lionel LOUBET
• Camille MOULIN
• Harmonie VO VIET ANH

Special thanks to Camille, Tristan and Benjamin for finalizing this version.

Get the OpenChain Specification 2.0 in French

• https://github.com/OpenChain-Project/Specification/raw/master/Community/fr/2.0/OpenChain-2.0-Translation-FR.pdf

Join Our Translation Effort on GitHub

• https://github.com/OpenChain-Project/Specification/tree/master/Community/fr

Get this guide and many more documents in the OpenChain Reference Library: https://github.com/OpenChain-Project/Reference-Material

The OpenChain Project Korea Work Group held its fifth meeting remotely on the 17th of March. A recording of Shane Coughlan’s opening speech is now available in English. While our project faces blanket disruptions to physical meetings, our community is using mailing lists, telephone conferences and other online collaboration tools to ensure we keep up momentum. Great thanks are due to everyone who is leading this effort!

Keep Up With The Korean Work Group

• https://openchain-project.github.io/OpenChain-KWG

Join The Korean Mailing List

• https://lists.openchainproject.org/g/korea-wg

The OpenChain Project is delighted to highlight that Yoma Bank is the latest organization to have a publicly announced OpenChain conformant program. Yoma Bank joins many other companies from a diverse range of market sectors collaborating to make open source compliance faster, more effective and more efficient.

Founded in 1993, Yoma Bank is Myanmar’s most progressive domestic bank. It offers savings products, a wide range of loans and business solutions to individuals, SMEs and local corporate clients to fund their business operations in Myanmar.  With over 25 years of being responsible bank, Yoma Bank has been consistently making significant investments in strategic priorities- people, technology and corporate governance. Yoma Bank stands in the top 5 banks in Myanmar by assets with 3000+ employees and 80+ branches across the country. 

“Yoma Bank is a natural fit for OpenChain conformance,” says Shane Coughlan, OpenChain General Manager. “Their commitment to quality, to ethical banking, and to innovation will be familiar to every company working in the open source community. We look forward to using this opportunity to build out more relationships in Myanmar and beyond.”

More About Yoma Bank

Yoma Bank strives to fulfill its mission to “Build a better Myanmar for its people” financing the needs of Myanmar families and businesses. All the operations led by the Bank are centered around its core values such as Customer, Integrity, Respect, Teamwork and Innovation. Yoma Bank has also established strong partnership with both local and international organisations leveraging strategic advantages in its services. For more information, please visit www.yomabank.com.

About the OpenChain Project

The OpenChain Project builds trust in open source by making open source license compliance simpler and more consistent. The OpenChain Specification defines a core set of requirements every quality compliance program must satisfy. The OpenChain Curriculum provides the educational foundation for open source processes and solutions, whilst meeting a key requirement of the OpenChain Specification. OpenChain Conformance allows organizations to display their adherence to these requirements. The result is that open source license compliance becomes more predictable, understandable, and efficient for participants of the software supply chain.

About The Linux Foundation

The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and industry adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage.

###

Linux is a registered trademark of Linus Torvalds.

All other trademarks belong to their respective owners.

The OpenChain Project is delighted to highlight that Yoma Bank is the latest organization to have a publicly announced OpenChain conformant program. Yoma Bank joins many other companies from a diverse range of market sectors collaborating to make open source compliance faster, more effective and more efficient.

Founded in 1993, Yoma Bank is Myanmar’s most progressive domestic bank. It offers savings products, a wide range of loans and business solutions to individuals, SMEs and local corporate clients to fund their business operations in Myanmar.  With over 25 years of being responsible bank, Yoma Bank has been consistently making significant investments in strategic priorities- people, technology and corporate governance. Yoma Bank stands in the top 5 banks in Myanmar by assets with 3000+ employees and 80+ branches across the country. 

“Yoma Bank is a natural fit for OpenChain conformance,” says Shane Coughlan, OpenChain General Manager. “Their commitment to quality, to ethical banking, and to innovation will be familiar to every company working in the open source community. We look forward to using this opportunity to build out more relationships in Myanmar and beyond.”

More About Yoma Bank

Yoma Bank strives to fulfill its mission to “Build a better Myanmar for its people” financing the needs of Myanmar families and businesses. All the operations led by the Bank are centered around its core values such as Customer, Integrity, Respect, Teamwork and Innovation. Yoma Bank has also established strong partnership with both local and international organisations leveraging strategic advantages in its services. For more information, please visit www.yomabank.com.

About the OpenChain Project

The OpenChain Project builds trust in open source by making open source license compliance simpler and more consistent. The OpenChain Specification defines a core set of requirements every quality compliance program must satisfy. The OpenChain Curriculum provides the educational foundation for open source processes and solutions, whilst meeting a key requirement of the OpenChain Specification. OpenChain Conformance allows organizations to display their adherence to these requirements. The result is that open source license compliance becomes more predictable, understandable, and efficient for participants of the software supply chain.

About The Linux Foundation

The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and industry adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage.

###

Linux is a registered trademark of Linus Torvalds.

All other trademarks belong to their respective owners.