News

1. News
Oliver informed all that Haksung created an overview about sw360 in Korean language.
Further Oliver created a new branch “containers” in our Github repo and provided there the material shown in the last meetings. The idea is to collect all material about containers and license compliance in the directory “Container-License-Compliance”, once having good content available Oliver wants to reach out to Shane and ask him whether is would be possible to generate an official OpenChain “container compliance leaflet”.

Alexios shared that the development of SPDX-3.0 has started. SPDX-3.0 will support different profiles which will implement different use cases. Now there is a good opportunity to introduce changes to the SPDX standard, which break backward compatibility, since the version 3.0 will not be backward compatible with the previous versions. He also said if there are requirements towards the specification from our side, we are warmly welcome to contribute them. The new version will contain examples how it shall be used.
The Github repos of SPDX specification can be found here: https://github.com/spdx/spdx-spec

2. License compliant containers:
Oliver presented the content of the branch and the directory https://github.com/zvr/Sharing-creates-value/tree/containers/Container-License-Compliance . There was the comment that we shall also provide a “Q&A” on which tools shall be used in order to achieve the best practices. Further is was suggested to provide also a description of the desired results  and provide concrete examples.

3. New features in sw360
Michael presented the new features implemented in sw360. There will be changelog functionality in order to verify who changed what. Sw360 is able to “read” SPDX Boms and to generate the corresponding data. He asked for support in further testing this feature because there are many different scenarios, which have to be covered. The integration of sw360 with FOSSology via REST API is improved and FOSSology scans can be triggered automatically.
There was the question whether sw360 is able to generate the “OSS disclosure document” – yes it is possible to generate the OSS disclosure document with sw360. There are two options available to do that – either via REST API or via GUI. The same applies to the generation of the source code bundle.

4. Next steps:
Next meeting will be at 8th of April the invitation was sent to the mailing list
Proposed Agenda Item: continue on best practices for container compliance

Review The Slides Presented

https://www.slideshare.net/ShaneCoughlan3/12th-meeting-openchain-reference-tooling-work-group-25th-march-slides 

The full video minutes of our most recent OpenChain Korea Work Group meeting are now available. This was a virtual meeting due to the COVID-19 situation. Great thanks to all involved in hosting the event and preparing this video! Special thanks to Haksung Jang @ SK Telecom and Seo Yeon Lee @ LINE for getting these post event reports together.

Keep Up With The Korean Work Group

• https://openchain-project.github.io/OpenChain-KWG

Join The Korean Mailing List

• https://lists.openchainproject.org/g/korea-wg

During the December 2019 period the OpenChain Japan Work Group ran a series of articles covering OpenChain, their work, and what it means to companies. We will be republishing this calendar in Japanese on the main OpenChain blog over the coming weeks, and we hope to share some English translations after that.

Check Out The First Article

• https://www.openchainproject.org/news/2020/03/29/%E3%82%88%E3%81%86%E3%81%93%E3%81%9Dopenchain-japan-wg%E3%81%B8%EF%BC%81

If you want to skip ahead, you can see the whole series here:

• https://qiita.com/advent-calendar/2019/openchainjapanswg

OpenChain Project Request for Comments

Oliver, chair of our reference tooling work group, has started to draft best practices for license complaint containers. Have some thoughts? Want to help?

Engage via the Reference Tooling Mailing List

• https://groups.io/g/oss-based-compliance-tooling/message/518

GTC Law and FOSSID, two official partners of the OpenChain Project, will host a webinar on March 26th 2020 at 9:30 am EST that covers open source software and code snippets: the benefits, the pratfalls, and how to use FOSSID tools to manage compliance and mitigate risks.

This webinar will dive into OpenChain and will explain the value proposition for businesses leveraging open source software in products or services.

Learn More

• https://fossid.com/2020/03/10/webinar-with-gtc-law-and-fossid-march-26-930am-est/

Register

• https://zoom.us/webinar/register/WN_eVUk8_WJQ5uecWwSaPY1mg

Shane Coughlan, General Manager of the Linux Foundation OpenChain Project,  Keith Bergelt, OIN CEO, take a look at open source expectation & Open Source Software (OSS)-related behavior in the supply chain ecosystem for virtually every business and every industry in this week’s Open Source For You magazine.

Read the Article

SAN FRANCISCO MARCH 24, 2020 – Today the OpenChain Project welcomes Lex Pan Law and Opsequio as our latest official partners. Lex Pan Law, a technology law firm based in the United States, has a long and deep background in intellectual property and free and open source licensing, as well as other associated corporate and business law issues like securing patent, copyright and trademark protection, IP portfolio strategy and development, strategic technology licensing, IP asset assessment and mergers & acquisition.  Opsqeuio (www.opsequ.io), a virtual open source program office (OSPO) services company also based in the United States, has a long background in setting up and running software provenance and open source compliance programs in high technology organizations, and its services are designed to provide consultation and coverage for small-to-medium-sized organizations not yet ready to set up their own internal OSPO, and supplemental support for larger companies which have an existing OSPO.  

Their partnership with the OpenChain Project marks another milestone in building out global support for user companies adopting our industry standard for open source compliance and provides a local resource for companies and organizations in the Pacific Northwest region of North America looking to adopt OpenChain practices or to become OpenChain conformant.

“OpenChain provides a wealth of resources for companies and organizations looking to adopt industry-leading practices around software compliance,” says McCoy Smith, Founding Attorney of Lex Pan Law and Founder of Opsequio. “As someone who has followed the development of OpenChain as a standard and as a community since its inception, I am thrilled for Lex Pan Law and Opsequio to become part of that community, and to help our clients and customers to take full advantage of everything OpenChain has to offer.”

“As OpenChain has seen increased adoption globally there has been a steady push for expanding the network of support available for user companies refining their compliance programs,” says Shane Coughlan, OpenChain General Manager. “Our relationship with Lex Pan Law and Opsequio continues to bolster our position in both the North American and global market, particularly in the growing tech hubs in the Pacific Northwest, and it also formalizes our cooperative relationship in a manner aligned with the project’s strategic goals. I am looking forward to close collaboration with Lex Pan Law and Opsequio as we support our user companies in the global rollout of the OpenChain standard in the supply chain and the acceptance of OpenChain as an ISO standard later this year.”

About Lex Pan Law & Opsequio

Lex Pan Law (www.lexpan.law) is a full-service technology and intellectual property law firm, based in Portland, Oregon, USA, with over 35 years of experience in virtually every facet of technology and law, including extensive experience and community contacts in the free and open source licensing world (including software, hardware, and content). Opsequio (www.opsequ.io) offers virtual open source program office services, and has close to 20 years of experience in setting up, managing, and growing an open source program office in a multinational Fortune 50 technology company. Both organizations are led by McCoy Smith, a leading speaker and author on intellectual property issues and their intersection with free and open source licensing.  He is on the editorial board of the Journal of Open Law, Technology & Society (www.jolts.world).

About the OpenChain Project

The OpenChain Project builds trust in open source by making open source license compliance simpler and more consistent. The OpenChain Specification defines a core set of requirements every quality compliance program must satisfy. The OpenChain Curriculum provides the educational foundation for open source processes and solutions, whilst meeting a key requirement of the OpenChain Specification. OpenChain Conformance allows organizations to display their adherence to these requirements. The result is that open source license compliance becomes more predictable, understandable and efficient for participants of the software supply chain. More information can be found at www.openchainproject.org.

About The Linux Foundation

The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and industry adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage. 

Linux is a registered trademark of Linus Torvalds.

Media Contacts:

OpenChain Project

Shane Coughlan
+818040358083
scoughlan@linuxfoundation.org

Lex Pan Law & Opsequio

McCoy Smith
+15037998470
mccoy@linux.com
mccoy@lexpan.law

The OpenChain Project has a substantial presence on GitHub. We use our space to store core documents like the project charter and specification, our growing library of reference material under CC-0 licensing, and other material like our project image assets. This allows our global community to quickly access, share and improve all aspects of our work.

We have recently been expanding the membership of our project repositories and we would be delighted to welcome you too. As of today, with 76 members and 34 pending invitations, we have a diverse community of technical, legal and management experts sharing knowledge to make open source compliance easier, faster and better.

Get Involved

• https://github.com/OpenChain-Project

The Open Compliance Summit is held annually in Japan. It is an exclusive 2-day event for Linux Foundation members and select invitees that provides an excellent opportunity for organizations to share knowledge around open source compliance. This conference is designed to build connections that streamline interactions between companies of all sizes in all sectors.

We had a great event on the 17th and 18th of December 2019 and – given our position as the key event globally focused on open source compliance – we ran a survey from attendees. Here are the results.

All of this feedback will be going into making the 2020 event event better. Thank you everyone!

Learn More about Open Compliance Summit 2020

• https://events.linuxfoundation.org/open-compliance-summit/