THE LINUX FOUNDATION PROJECTS
Category

News

Jun 27

OpenChain Newsletter #38

By Monthly Newsletter, News

Newsletter – Issue 38 – June 2020

We have two big announcements leading the news this month.

Cisco Systems, Inc (Cisco), a Platinum Member of the OpenChain Project, announced conformance with the industry standard for open source compliance in the supply chain on June 2. As a founding member of the OpenChain Project, Cisco has been instrumental in defining, developing and deploying both the standard and its extensive corpus of reference material. Their conformance marks another milestone in the broadening adoption of the standard throughout silicon, embedded, mobile, telecommunications, enterprise, software and cloud market segments.
https://www.openchainproject.org/featured/2020/06/02/cisco-systems-inc-announces-openchain-conformance

Fujitsu

Fujitsu, an OpenChain Platinum Member, is the first organization to attain two OpenChain 2.0 conformant programs. Fujitsu is the leading Japanese information and communication technology (ICT) company, offering a full range of technology products, solutions, and services. Approximately 132,000 Fujitsu personnel support customers in more than 100 countries.
https://www.openchainproject.org/featured/2020/06/03/fujitsu-attains-second-openchain-conformant-program

OpenChain @ Webinars #5 & 6:

OpenChain @ Work Groups (Selected Highlight)

  • The OpenChain UK Work Group is being launched with its first meeting on July 23. The inaugural UK meeting, which follows the path of successful OpenChain work groups established in China, Japan, Germany, Korea, India and Taiwan, will feature an introduction from Shane Coughlan who leads the OpenChain project at the Linux Foundation. Andrew Katz (Orcro) and Sami Atabani (Arm) will share their experiences of OpenChain implementation in the real world.
    https://www.openchainproject.org/featured/2020/06/30/openchain-uk-work-group-launches-on-july-23rd

OpenChain @ Events (Selected Highlight)

  • The OpenChain Project and its collaboration with the Joint Development Foundation was explored during a session at the ISO WG21 2020 Plenary on the 9th of June. Shane Coughlan, OpenChain General Manager, lead the primary discussion and Seth Newberry, General Manager of Standards at Joint Development Foundation, explained the JDF PAS approach both in terms of OpenChain and more broadly in the years ahead.
    https://www.openchainproject.org/featured/2020/06/09/openchain-at-iso-wg21-2020-plenary-9th-june

More News

Check Out All Our Previous Newsletters

Jun 26

OpenChain Reference Tooling Work Group – Next Meeting July 1st 2020 at 6pm CET

By News

Proposed Agenda

1. News                                                                                         All
2. Github repo                                                                             Oliver
3. Fossology scanning in CI                                                      Gaurav Mishra

If you have any suggestions for the agenda please let Oliver at oliver.fendt@siemens.com know.

Join The Call

To enjoy the best possible experience while working with Circuit on your desktop computer, try Circuit Desktop App, Chrome or Firefox.

To participate in a voice-only conference, dial one of the following numbers.

PIN 0233 5723 57 #

Join via voice-only. Your microphone will be muted. Press *3 to unmute it.

Frequently used dial-in numbers:

Canada (English): +19292704096
  tel:+19292704096,,0233572357#<tel:%2B19292704096%2C%2C0233572357%23>

China, Peoples Republic (中文): 4008198763
  tel:4008198763,,0233572357#<tel:4008198763%2C%2C0233572357%23>

Germany (Deutsch): +498923128020
  tel:+498923128020,,0233572357#<tel:%2B498923128020%2C%2C0233572357%23>

Spain (Español): +34912158038
  tel:+34912158038,,0233572357#<tel:%2B34912158038%2C%2C0233572357%23>

United Kingdom (English): +442076606076
  tel:+442076606076,,0233572357#<tel:%2B442076606076%2C%2C0233572357%23>

United States (English): +19292704096
  tel:+19292704096,,0233572357#<tel:%2B19292704096%2C%2C0233572357%23>

All dial-in numbers:

Argentina (Español): +541159842552
  tel:+541159842552,,0233572357#<tel:%2B541159842552%2C%2C0233572357%23>

Australia (English): +61282784325
  tel:+61282784325,,0233572357#<tel:%2B61282784325%2C%2C0233572357%23>

Austria (Deutsch): +4313602774621
  tel:+4313602774621,,0233572357#<tel:%2B4313602774621%2C%2C0233572357%23>

Belgium (English): +3226200317
  tel:+3226200317,,0233572357#<tel:%2B3226200317%2C%2C0233572357%23>

Brazil (English): +551138788268
  tel:+551138788268,,0233572357#<tel:%2B551138788268%2C%2C0233572357%23>

Bulgaria (English): +35929358238
  tel:+35929358238,,0233572357#<tel:%2B35929358238%2C%2C0233572357%23>

Canada (Français): +18887768707
  tel:+18887768707,,0233572357#<tel:%2B18887768707%2C%2C0233572357%23>

Canada (English): +18887768708
  tel:+18887768708,,0233572357#<tel:%2B18887768708%2C%2C0233572357%23>

Canada (English): +19292704096
  tel:+19292704096,,0233572357#<tel:%2B19292704096%2C%2C0233572357%23>

Canada (Français): +15148412132
  tel:+15148412132,,0233572357#<tel:%2B15148412132%2C%2C0233572357%23>

Chile (Español): +56226188362
  tel:+56226188362,,0233572357#<tel:%2B56226188362%2C%2C0233572357%23>

China, Peoples Republic (中文): 4008198763
  tel:4008198763,,0233572357#<tel:4008198763%2C%2C0233572357%23>

Colombia (Español): +5714864866
  tel:+5714864866,,0233572357#<tel:%2B5714864866%2C%2C0233572357%23>

Costa Rica (Español): +50625397362
  tel:+50625397362,,0233572357#<tel:%2B50625397362%2C%2C0233572357%23>

Croatia (English): +38517776197
  tel:+38517776197,,0233572357#<tel:%2B38517776197%2C%2C0233572357%23>

Czech Republic (English): +420225382900
  tel:+420225382900,,0233572357#<tel:%2B420225382900%2C%2C0233572357%23>

Denmark (English): +4535158116
  tel:+4535158116,,0233572357#<tel:%2B4535158116%2C%2C0233572357%23>

Dominican Republic (Español): +18299566315
  tel:+18299566315,,0233572357#<tel:%2B18299566315%2C%2C0233572357%23>

Ecuador (Español): +1800000742
  tel:+1800000742,,0233572357#<tel:%2B1800000742%2C%2C0233572357%23>

El Salvador (Español): +50321367565
  tel:+50321367565,,0233572357#<tel:%2B50321367565%2C%2C0233572357%23>

Estonia (English): +3726868885
  tel:+3726868885,,0233572357#<tel:%2B3726868885%2C%2C0233572357%23>

Finland (English): +358981710072
  tel:+358981710072,,0233572357#<tel:%2B358981710072%2C%2C0233572357%23>

France (Français): +33185148486
  tel:+33185148486,,0233572357#<tel:%2B33185148486%2C%2C0233572357%23>

Germany (Deutsch): +498923128020
  tel:+498923128020,,0233572357#<tel:%2B498923128020%2C%2C0233572357%23>

Greece (English): +302111809487
  tel:+302111809487,,0233572357#<tel:%2B302111809487%2C%2C0233572357%23>

Guatemala (Español): +50223661200
  tel:+50223661200,,0233572357#<tel:%2B50223661200%2C%2C0233572357%23>

Hungary (English): +3614292267
  tel:+3614292267,,0233572357#<tel:%2B3614292267%2C%2C0233572357%23>

Indonesia (English): +622150851722
  tel:+622150851722,,0233572357#<tel:%2B622150851722%2C%2C0233572357%23>

Ireland (English): +35315339866
  tel:+35315339866,,0233572357#<tel:%2B35315339866%2C%2C0233572357%23>

Israel (English): +97237207564
  tel:+97237207564,,0233572357#<tel:%2B97237207564%2C%2C0233572357%23>

Italy (Italiano): +390699748020
  tel:+390699748020,,0233572357#<tel:%2B390699748020%2C%2C0233572357%23>

Japan (English): +81366344738
  tel:+81366344738,,0233572357#<tel:%2B81366344738%2C%2C0233572357%23>

Kazakhstan (English): +77273122918
  tel:+77273122918,,0233572357#<tel:%2B77273122918%2C%2C0233572357%23>

Korea South (English): +82264108576
  tel:+82264108576,,0233572357#<tel:%2B82264108576%2C%2C0233572357%23>

Latvia (English): +37166163137
  tel:+37166163137,,0233572357#<tel:%2B37166163137%2C%2C0233572357%23>

Lithuania (English): +37052141723
  tel:+37052141723,,0233572357#<tel:%2B37052141723%2C%2C0233572357%23>

Luxembourg (Français): +35227300013
  tel:+35227300013,,0233572357#<tel:%2B35227300013%2C%2C0233572357%23>

Malaysia (English): +60320535108
  tel:+60320535108,,0233572357#<tel:%2B60320535108%2C%2C0233572357%23>

Mexico (Español): +525550912420
  tel:+525550912420,,0233572357#<tel:%2B525550912420%2C%2C0233572357%23>

Morocco (English): +212520480311
  tel:+212520480311,,0233572357#<tel:%2B212520480311%2C%2C0233572357%23>

Netherlands (English): +31207219093
  tel:+31207219093,,0233572357#<tel:%2B31207219093%2C%2C0233572357%23>

Norway (English): +4723500290
  tel:+4723500290,,0233572357#<tel:%2B4723500290%2C%2C0233572357%23>

Oman (English): +96880074490
  tel:+96880074490,,0233572357#<tel:%2B96880074490%2C%2C0233572357%23>

Oman (English): 80074490
  tel:80074490,,0233572357#<tel:80074490%2C%2C0233572357%23>

Pakistan (English): +92518108858
  tel:+92518108858,,0233572357#<tel:%2B92518108858%2C%2C0233572357%23>

Peru (Español): +5117087113
  tel:+5117087113,,0233572357#<tel:%2B5117087113%2C%2C0233572357%23>

Philippines (English): +63283953534
  tel:+63283953534,,0233572357#<tel:%2B63283953534%2C%2C0233572357%23>

Poland (English): +48225048376
  tel:+48225048376,,0233572357#<tel:%2B48225048376%2C%2C0233572357%23>

Portugal (English): +351210608117
  tel:+351210608117,,0233572357#<tel:%2B351210608117%2C%2C0233572357%23>

Romania (English): +40311305020
  tel:+40311305020,,0233572357#<tel:%2B40311305020%2C%2C0233572357%23>

Russian Federation (Русский): +73433511796
  tel:+73433511796,,0233572357#<tel:%2B73433511796%2C%2C0233572357%23>

Russian Federation (Русский): +74232492964
  tel:+74232492964,,0233572357#<tel:%2B74232492964%2C%2C0233572357%23>

Russian Federation (Русский): +74957459864
  tel:+74957459864,,0233572357#<tel:%2B74957459864%2C%2C0233572357%23>

Russian Federation (Русский): +78127186937
  tel:+78127186937,,0233572357#<tel:%2B78127186937%2C%2C0233572357%23>

Singapore (English): +6563131571
  tel:+6563131571,,0233572357#<tel:%2B6563131571%2C%2C0233572357%23>

Slovakia (English): +421250112159
  tel:+421250112159,,0233572357#<tel:%2B421250112159%2C%2C0233572357%23>

Slovenia (English): +38616002736
  tel:+38616002736,,0233572357#<tel:%2B38616002736%2C%2C0233572357%23>

South Africa (English): +27118446101
  tel:+27118446101,,0233572357#<tel:%2B27118446101%2C%2C0233572357%23>

Spain (Español): +34912158038
  tel:+34912158038,,0233572357#<tel:%2B34912158038%2C%2C0233572357%23>

Sweden (English): +46851992037
  tel:+46851992037,,0233572357#<tel:%2B46851992037%2C%2C0233572357%23>

Switzerland (English): +41225675325
  tel:+41225675325,,0233572357#<tel:%2B41225675325%2C%2C0233572357%23>

Thailand (English): +6621040793
  tel:+6621040793,,0233572357#<tel:%2B6621040793%2C%2C0233572357%23>

Turkey (English): +902123755830
  tel:+902123755830,,0233572357#<tel:%2B902123755830%2C%2C0233572357%23>

United Arab Emirates (English): 800035704335
  tel:800035704335,,0233572357#<tel:800035704335%2C%2C0233572357%23>

United Kingdom (English): +442076606076
  tel:+442076606076,,0233572357#<tel:%2B442076606076%2C%2C0233572357%23>

United States (English): +19292704096
  tel:+19292704096,,0233572357#<tel:%2B19292704096%2C%2C0233572357%23>

Uruguay (Español): +59829028657
  tel:+59829028657,,0233572357#<tel:%2B59829028657%2C%2C0233572357%23>

Venezuela (Español): +582123358895
  tel:+582123358895,,0233572357#<tel:%2B582123358895%2C%2C0233572357%23>

Vietnam (English): +842844581451
  tel:+842844581451,,0233572357#<tel:%2B842844581451%2C%2C0233572357%23>

Jun 26

OpenChain Specification 2.0 in Simplified Chinese – Updated content to improve readability and accuracy

By News

Our friends from OPPO have updated the OpenChain Specification 2.0 in Simplified Chinese.

This is useful if you want to check out the details of our International standard for open source compliance.

Get this translation

Check out all our translations

Jun 22

Webinar: OpenChain China, Japan, Korea – a discussion on community building

By community, Featured, licensing, News, standards, Webinar

In this webinar we covered “OpenChain China, Japan, Korea – a discussion on community building” featuring short interviews with Jerry (China), Haksung (Korea) and Fukuchi San (Japan) about local community activity. Our goal was to share knowledge on what has worked, what has not, and how momentum can be kept in these unusual times. We hope these lessons will assist our fellows in Europe and North America while also illustrating some of the key successes in Asia.

This is part of the bi-weekly OpenChain Webinar series. Every two weeks we have international speakers covering a wide range of topics related to practical open source compliance challenges, solutions and considerations.

Check Out The Rest Of Our Webinars

This is OpenChain Webinar #6, released on 2020-06-22.

Jun 02

Webinar: Software Heritage + Making Compliance Scalable in a Container World

By community, Featured, legal, licensing, News, Webinar

This time we explored Software Heritage, an initiative whose goal is to collect, preserve, and share software code, and continued our discussion of containers from the perspective of scalable compliance.

Our speakers

Roberto Di Cosmo, Director at Software Heritage, explained why this initiative collects and preserves software in source code form with the understanding that software embodies key technical and scientific knowledge that humanity cannot afford to risk losing. His presentation helped provide insight into how such initiatives can link into activities like compliance automation in open source compliance, an area of immediate interest to the OpenChain community.

Scott Peterson, Senior Commercial Counsel at Red Hat, talked about how we can make compliance scalable in a container world. This talk will build on other recent presentations with a particular focus on efficiency and portability, with a “registry-native” approach to source code availability. Scott explained how this does not require updating container registries to include source code specific features, but instead can exploit features that are already contained in current registries.

Check Out the Slides

https://www.slideshare.net/ShaneCoughlan3/openchain-webinar-5-software-heritage
https://www.slideshare.net/ShaneCoughlan3/openchain-webinar-5-making-compliance-scalable-in-a-container-world

Check Out The Rest Of Our Webinars

This is OpenChain Webinar #5, released on 2020-06-02.

May 31

OpenChain Webinar #5: Software Heritage + Making Compliance Scalable in a Container World – Coming June 1st @ 9am Pacific

By News

The OpenChain Project has launched a series of bi-weekly free webinars that provide access to people and knowledge that we would otherwise obtain at events. We hold our fifth meeting on Monday the 1st of June at 9am Pacific with two guest speakers.

This time we are exploring Software Heritage, an initiative whose goal is to collect, preserve, and share software code, and continuing our discussion of containers from the perspective of scalable compliance.

Roberto Di Cosmo, Director at Software Heritage, will explain why this initiative collects and preserves software in source code form with the understanding that software embodies key technical and scientific knowledge that humanity cannot afford to risk losing. This presentation will help provide insight into how such initiatives can link into activities like compliance automation in open source compliance, an area of immediate interest to the OpenChain community.

Scott Peterson, Senior Commercial Counsel at Red Hat, will talk about how we can make compliance scalable in a container world. This talk will build on other recent presentations with a particular focus on efficiency and portability, with a “registry-native” approach to source code availability. Scott will explain how this does not require updating container registries to include source code specific features, but instead can exploit features that are already contained in current registries.

Each talk will run for 10~15 minutes and there will be plenty of time for questions, comments and suggestions. As with all OpenChain Project activities, our goal is to facilitate knowledge-sharing between peers.

Everyone is invited to join this free webinar via zoom. It will also be recorded and made available later on our website.

Join Our Zoom Meeting

Password *

  • 123456

One Tap Telephone (no screensharing)

  • +358 9 4245 1488,,9990120120# Finland
  • +33 7 5678 4048,,9990120120# France
  • +49 69 7104 9922,,9990120120# Germany
  • +852 5808 6088,,9990120120# Hong Kong
  • +39 069 480 6488,,9990120120# Italy
  • +353 6 163 9031,,9990120120# Ireland
  • +81 524 564 439,,9990120120# Japan
  • +82 2 6105 4111,,9990120120# Korea
  • +34 917 873 431,,9990120120# Spain
  • +46 850 539 728,,9990120120# Sweden
  • +41 43 210 71 08,,9990120120# Switzerland
  • +44 330 088 5830,,9990120120# UK
  • +16699006833,,9990120120# US (San Jose)
  • +12532158782,,9990120120# US

Find your local number: https://zoom.us/u/abeUqy3kYQ
Not all countries have available numbers.

After dialing the local number enter 9990120120#

May 27

OpenChain Newsletter #37

By Monthly Newsletter, News

Newsletter – Issue 37 – May 2020

Latest OpenChain Member

OpenChain @ Webinars #3 & 4:

OpenChain @ Work Groups (Selected Highlight)

OpenChain @ Events (Selected Highlight)

A Brief Introduction to OpenChain – May 2020

More News

Check Out All Our Previous Newsletters

May 21

Webinar: Unpacking SPDX 2 2 + SPDX Lite

By Featured, legal, licensing, News, standards, Webinar

In this webinar we unpacked how the newly released SPDX 2.2. SPDX, as a leading industry standard for Software Bill of Materials, plays a pivotal role in the implementation of practical manual and automated compliance programs.

Kate Stewart, Sr. Director of Strategic Programs at the Linux Foundation, explained how SPDX 2.2 works and what it means for the community. Kate has been a key driver of this standard over the last 10 years and can answer all your questions about what the current standard means, what projects support it, and the current state of the tooling landscape.

Yoshiyuki Ito, Principal Expert at RENESAS Electronics, provided an overview of SPDX Lite. This is a “Profile” for the SPDX 2.2 standard that helps companies deploy the Software Bill of Materials to match certain workflows, particularly with respect to suppliers to large companies using existing processes. Ito San and others in the OpenChain Japan Work Group created SDPX Lite to help ensure that the standard could seek adoption in as many production environments as possible with minimal friction.

Check Out The Rest Of Our Webinars

This is OpenChain Webinar #4, released on 2020-05-21.

May 11

OpenChain Japan WG「役割ごとの教育資料」SWGのご紹介

By News

 

株式会社日立製作所 岩田吉隆

はじめに

今回は、OpenChain Japan WG「役割ごとの教育資料」SWGについて紹介します。

活動概要

メンバ

ソニー、オリンパス、日立(リーダ)

活動状況

  • F2F会議での検討、作業(現在まで9回開催)
  • Japan WG会議での報告(第7回~第11回)
  • Planning SWG他での共通教育資料案のレビュー
  • GitHubでの検討資料公開
検討資料
資料案

OSSのコンプライアンスにかかる教育の状況

先ず、コンプライアンスにかかる教育の状況について議論しました。

a. OpenChain設立前から、OSSに関する教育を実施している会社もある。
b. これから、教育を実施する会社は、どういう教育内容、対象者からスタートすべきか、検討が必要。
c. 会社毎のビジネス形態により、 OSSに関わる必要なビジネスフローは異なる。
d. OSSに関わる上で、役割ごとに本当に必要最小限な教育観点は異なっている。
e. Curriculum※ を全て教育内容に盛り込むと、分量が多すぎる。
f. Specification※, Curriculumとの整合性も考慮が必要。

(※:SpecificationはOpenChainの一連の要件を定義している仕様書、CurriculumはOpenChainのSpecificationを下支えするトレーニング教材)

進め方の方針

コンプライアンスにかかる教育の状況を踏まえ、進め方の方針について検討しました。

a. 既に各社実施されている教育の体系、対象者、形態(講演会、集合研修、e-learning、資料閲覧、他)、タイミング、英語版有無を、可能な範囲で事例として提示。
b. a.に関して、各教育がビジネスフロー上で、どの対象者をカバーしているかを明示。
c. 各教育の目次、章/節の概要程度まで、可能な範囲で提示。
d. a, b, cの事例を元に、下記を整理する。
  ①最初にsmall startするための必要最小限の項目は?
  ②役割ごとに、教育資料として必要な項目は?共通項目、役割ごとの独自項目は?
  ③ライセンス関連で必要な項目は?
  ④SPDXの活用方法は?
  ⑤役割ごとの共通教育資料の案を作成

4社の事例の分析

先ずステップ1として、4社の事例の分析からスタートしました。

a. 各社のOSSに関する教育の例を収集

No.会社事例数
1製品ベンダー19
2製品ベンダー25
3製品ベンダー31
4製品ベンダー42

b.下記の分析観点について、分析、報告
  i. OSSに関する教育のニーズ
  ii. OpenChainのSpecificationに準拠する。
  iii. Curriculumの過不足を考慮
  iv. 役割ごとの教育の検討 (4社のケーススタディ)
    ⇒ GitHubへアップ

4社の事例からの提案と検討

次にステップ2として、4社の事例の分析結果を基に、共通教育資料の案の作成を行っています。
a. 4社の事例の分析結果を元に、共通教育資料の検討を実施
  i. Specificationを満たすためにコンプライアンスプログラムの記載は必須
  ii. Curriculumの過不足を配慮
  iii. リーフレットで使用されている語彙、表現を考慮
  iv. 各社の一般向け基礎教育の共通内容を考慮

b. 製品ベンダーのソフトウェア開発者向け共通教育資料のコンプライアンスプログラム・バージョンの案の提案を行う。a.のi.~ⅲ.は必須項目とし、ⅳ.の共通内容を重点的に、ⅳ.の一部内容は概略的に、説明する方向で詳細化を図る。OSSを使用して製品を開発するために、製品ベンダーのソフトウェア開発者向けというターゲットを設定した。

c. 役割ごとの分担と責任の明確化の例示
  Specification上での役割の必須要件の例示を行う。

d. 案作成の検討を通して、下記章立てにて作成中

  • OSS概説
  • 知的財産権
  • OSSライセンス
  • OSSコンプライアンスプログラム
  • OSS導入時の検討
  • OSSレビュー
  • OSS配布
  • まとめ
  • 問い合わせ先
  • 参考文献・団体

e. d.の各章毎に、GitHub上でJapan WG内のレビューを行う。

おわりに

以上、OpenChain Japan WG「役割ごとの教育資料」SWGについて簡単に紹介しました。更に、教育資料の事例の拡充や、共通教育資料案の紹介とレビューを行う予定です。皆様の参加をお待ちしています。