The OpenChain Project recently held an election for Specification Work Group co-chair. The suggested nominees from the community vote were passed to the OpenChain Governing Board for review and – on the 8th of December – were unanimously accepted by the OpenChain Platinum Members.
The most recent OpenChain Monthly Call focused on editing our license compliance specification (ISO/IEC 5230). We are currently in an edit cycle that will see an update prepared for end-2023 for potential 2024 release. In this call we touched on scope and definitions based on previously submitted issues.
As one key example of our discussion, we covered this GitHub issue:
At the Open Compliance Summit 2022 there was an informal discussion around the recently launched OpenChain Export Control Work Group. The slides are below.
Google, an OpenChain Governing Board member and early adopter of the first generation OpenChain standard for open source license compliance, has announced formal adoption of ISO/IEC 5230, the International Standard for open source license compliance.
“Google has been at the forefront of open source development and the compliant use of open source from its earliest days,” says Hilary Richardson, Open Source Attorney at Google. “The Google Open Source Programs Office prides itself on bringing the best of open source to Google and the best of Google to open source. Responsible use of open source includes respecting developers through compliant use of their code. Google’s participation in the OpenChain project is an important part of supporting industry maturity and predictability in open source compliance.”
“Google has long been a driver of the OpenChain Project, and has been pivotal in the development and granting of ISO/IEC 5230,” says Shane Coughlan, OpenChain General Manager. “Their conformance announcement aligns their OpenChain program with our shared industry norm, and serves as inspiration for the cloud supply chain and beyond.”
About the OpenChain Project
The OpenChain Project has an extensive global community that involves thousands of companies collaborating to make the supply chain quicker, more effective and more efficient. We work together to create trust between entities around open source. Our job is to increase trust in the open source supply chain. We do this by maintaining ISO/IEC 5230:2020, the International Standard for open source license compliance, and our Security Assurance Reference Specification. We also have a large global community where knowledge is shared to reduce friction and increase efficiency across all aspects of open source process management.
The Linux Foundation is the world’s largest non-profit connecting global technical experts, and providing them with a neutral and trusted platform to develop open source projects. Founded in 2000 as the home of the Linux Kernel, the Linux Foundation has grown to host hundreds of open source projects, with a community spanning 2,950+ members, 540,000+ contributing developers, and 19,000+ contributing companies.
This OpenChain webinar was released as a recording adjacent to the Open Compliance Summit keynotes here in Yokohama, Japan. This time we are having ‘A WebAssembly Fireside Chat with Armijn Hemel,’ unpacking work being done around WebAssembly, compliance and the questions lawyers can usefully ask.
Get the full report Armijn prepared for Linux Foundation here:
Automation plays a huge part in scaling open source compliance in the supply chain. The availability of open source automation for open source compliance is an area where the OpenChain Project has an extremely active work group (check out their mailing list here), so we were interested to note the release of FOSSLight by LG Electronics in 2021. This is a framework for open source compliance used by LG Electronics, LINE and ETRI. It goes beyond scanning and offers a management hub, all at zero cost, and with an open community around it.
FOSSlight and LG Electronics have been awarded the Social DNA Innovation Award 2022 for this work. Well done Kyoungae and all the team!
The annual OpenChain Advent Calendar is now out! It is the 4th year of our calendar and our 100th article will be published on Christmas Day, the 25th of December 2022. Following advent tradition, the articles will be revealed daily, and then it is time for us to take a break, eat nice food, and watch our favorite movies.
This calendar is maintained by our Japan Work Group and lead by Watanabe San from Hitachi Solutions with help from Fukuchi San of Sony and many more. You can access it at this link: https://qiita.com/advent-calendar/2022/openchainjapanwg
Do you want to jump to the first article? Sure! It is from Shane Coughlan, OpenChain General Manager, and is available in both English and Japanese. Watanabe San created the Japanese translation: https://qiita.com/AyumiWatanabe/items/832146867fde6560f2d1
This webinar covers The Eclipse Software Defined Vehicle (SDV) Project. SDV is a Working Group within the Eclipse Foundation that facilitates open source development of automotive software. The aim is to provide a forum for individuals and organizations to build and promote open source solutions for worldwide automotive industry markets. Using a “code first” approach, SDV-related projects focus on building the industry’s first open source software stacks and associated tooling for the core functionality of a new class of automobile.
