(1) We are doing to do a reset of the group to help people engage more, especially with regards bringing back more technical people and technical updates. (2) First, we use the Sharing Creates Value GitHub repo as the single source of truth for organizing things from now on, including (a) new content, (b) polls for next steps and (c) arranging future meetings. (3) We move to a new agenda that brings back the emphasis on engineering as follows: – News (~10 mins?); – Technical discussions unpacking open source tools etc (~30-40 mins?); – Update on the meta level (capabilities map) (~10 mins?). (4) We will also introduce a fix group of chairs (volunteers) to help ensure the meetings are driven forward while not overloading any one person. Redundancy and mutual support is the goal.
Seeking a volunteer to help run the 3rd Tuesday of August 🙂
Shane can help run both meetings in September.
Marcel is going to help run the first meeting in October.
Other items:
Make the Global Calendar clearer – including timezone offsets – so people can use this as the single-source of truth for confirming our call times. Done. See: https://www.openchainproject.org/participate
The Software Engineering Maintenance and Evolution Research Unit (SEMERU) lab at William and Mary is running a new survey relating to third-party software license compliance. The target audience is “people with a background in law, preferably with a law degree and some amount of experience in practice.”
Research Goal and Procedure
The purpose of this study is to investigate issues, needs, and opportunities related to open source software licensing. In particular, this study aims to investigate how legal practitioners address concerns related to software licensing and identifying pain points and unmet needs.
If you decide to participate, you will take a brief survey via the Qualtrics platform. The study will last about 15 minutes during which time you will be asked questions regarding your familiarity and experience with several topics related to open source software licensing that pertain to your work.
With your permission, we may contact you by email and invite you to participate in a follow-up interview.
The College of William & Mary is a public research university in Williamsburg, Virginia. Founded in 1693 by a royal charter issued by King William III and Queen Mary II, it is the second-oldest institution of higher education in the United States and the ninth-oldest in the English-speaking world.
The OpenChain Newsletter provides a monthly summary of our work. It contains an overview of what we are doing to build trust around license compliance and security in the open source supply chain. We accept suggestions and ideas. Feel free to mail us at any time.
Collabora, a leading open source software consultancy, has become the latest organization to announce an OpenChain ISO/IEC 5230 conformant program.
“One of the key benefits of ISO standards created by the OpenChain Project is to signal the adoption and use of the processes necessary for quality compliance or security programs related to open source,” says Shane Coughlan, OpenChain General Manager. “The announcement by Collabora of an ISO/IEC 5230 conformant program is an example of their commitment to excellence around open source license compliance management. We are delighted to welcome them to our community of conformance, and we look forward to fostering a productive long-term collaboration around our shared industry.”
“Being a ISO9001:2015 and ISO27001:2017 certified organization, we are delighted to join the OpenChain Project’s extensive global community,” says Eleni Katsoula, Engineering Operations Manager at Collabora. Along with so many of Collabora’s esteemed customers being Platinum members of the OpenChain community, we look forward to promoting the project’s focus on commercial and non-commercial open source process management.”
About Collabora
Collabora is a global consultancy specializing in delivering the benefits of Open Source software to the commercial world. Whether it’s the Linux kernel, graphics, multimedia or machine learning, Collabora’s expertise spans across all key areas of Open Source software development. By harnessing the potential of community-driven projects, and re-using existing components, Collabora helps its clients focus on creating product differentiation, enabling them to develop the best solutions. From tailoring the latest Open Source technologies to your projects, to integrating Open Source methodologies into your organization, Collabora can help you navigate the ever-evolving world of Open Source. Learn more at collabora.com.
This webinar was lead by Clare Dillon, the Executive Director of InnerSource Commons, and it highlighted the activities and value behind the InnerSource movement. InnerSource is the use of open source best practices for software development within the confines of an organization. Understanding this has become a key part of business strategy for forward-looking organizations.
Two Resource Flagged By Our Speaker
FINOS InnerSource Special Interest Group project on InnerSource licenses – an overview: https://youtu.be/bQz12Rwzzbk
The OpenChain Japan Work Group held its 28th meeting (3rd hybrid) on the 11th of July. This meeting contained an exceptional roster of speakers and topics covered. OpenSSF, SPDX 3.0, OSPO leadership, education material and addressing common licensing misunderstandings. You name it, we covered it. Check out the recording below in Japanese for details:
Be part of this:
Everyone is invited to be part of the OpenChain Japan Work Group and contribute to (or simply participate in) future activities.
Initially scoped to focus on the Security Assurance specification, the conversations lead to improved material for the License Compliance specification as well.
The discussion then proceeded on a related topic:
What is a quality or complete SBOM for licensing or security use cases?
Of course, both the next generation License Compliance specification and the next generation Security Assurance specification also have pre-existing open issues for review:
Join a Complimentary Live Webinar Hosted by The Linux Foundation on August 9, 2023 | 08:00 AM PDT (UTC-7)
A formal specification for an IT project allows implementers to understand what is required to build an implementation (or create a process) that conforms to that specification, and it allows a conformance test suite (or checklist) to be developed that can be used to check an implementation’s conformance. Users of tools that (partly or fully) conform to that specification can use the specification to learn the potential impact of moving source code, data, or processes between different implementations.
This presentation outlines a number of considerations involved when creating a formal IT specification, in general, and for software, in particular, such as a programming language or library.1
[Note: this will NOT be specific to making an ISO standard; that will be the subject of another webinar.]
