News

The minutes are below. The slides discussed during the meeting are also below for reference.

4th meeting OpenChain tooling work group from Shane Coughlan

OSM Toolchain: Use Cases from Shane Coughlan

1. News

Oliver gave an overview about “what happened since last meeting”
Two new user stories are available in the Github repo:
             Initial user story – Software-Developer-Epic.md https://github.com/Open-Source-Compliance/Sharing-creates-value/blob/master/User-Stories/Software-Developer-User-Stories/Software-Developer-Epic.md
             Initial user story – Compliance-Assistant-Epic.md https://github.com/Open-Source-Compliance/Sharing-creates-value/blob/master/User-Stories/Compliance-Assistant-User-Stories/Compliance-Assistant-Epic.md

A new version of the one pager slide was circulated on the mailing list. The objective is to have the first release next week.

Upcoming Events:
             Oliver presented an overview of the interesting session from an OSS compliance perspective at Eclipsecon.
             Alexios asked about an overview of the interesting sessions at OSS Summit Europe. Michael J. sent an email with interesting talks at the OSS Summit Europe to the mailing list.

2. Sw360antenna
Lars gave an overview about their work concerning automation and integration of the OSS compliance tools in the CI/CD workflow. He introduced two use cases (please see attached slides):
1. Automatic management of 3rd party dependencies
             This use case applies to “normal” software development, where the OSS component approval is triggered by the integration of the component.
2. Upfront dependency approval
             This use case applies to software development in regulated environments like safety critical systems, where the OSS components which will be integrated must be known upfront. If an unknown component is detected this will cause a policy violation.
             Aaron added that this use case is also common in the financial sector.

Lars mentioned that for having an overview about the licensing situation scancode is used and for the curation, approval and release FOSSology is used.
He gave a nice live demo showing the working implementation of use case 1. Oliver mentioned that this demo covers the following functional blocks of the big picture:
             Dependency resolver
             Source package downloader
             License & Copyright Scanner
             Policy Checker
             Component & application inventory
             FOSS Compliance Bundle generator

The documentation of use case 1 is available on https://eclipse.github.io/antenna/1.0.0-SNAPSHOT

3. Next Steps
             User stories:
                            Kate mentioned that there is no user story covering the recipients of the compliance artifacts – the persons/organizations receiving the results of the process and results produced by the toolchain. Oliver said that such a user story will be added.

             Next meeting:
                            The next regular Wednesday meeting will be on 6th of Nov. On 10th of Oct there is the face to face meeting in Darmstadt

Does your company do open source? It is time to get involved with The Linux Foundation‘s OpenChain Project, the industry standard to make open source compliance quick, easy and efficient. Meet us at Open Source Summit Europe, hop on a call or join our mailing lists. All welcome!

Become Part of What We Do

• https://www.openchainproject.org/get-started/participate

Get The Agenda

https://wiki.linuxfoundation.org/_media/openchain/openchain_agenda_10-07-2019.pdf

Review all OpenChain Work Team Calls

• https://wiki.linuxfoundation.org/openchain/minutes

This is a record of the OpenChain Project Work Team Call from 10-07-2019.

Get the agenda slides

• https://wiki.linuxfoundation.org/_media/openchain/openchain_agenda_10-07-2019.pdf

Read the written minutes

• https://wiki.linuxfoundation.org/_media/openchain/openchain_work_team_call_10-07-2019.pdf

Watch the video minutes

• https://www.youtube.com/watch?v=yt4kbq8WXlM&feature=youtu.be

All OpenChain call outcomes are archived on our wiki

• https://wiki.linuxfoundation.org/openchain/minutes

The OpenChain Korea Work Group will hold its fourth meeting on the 2nd of December 2019 between 15:00 and 17:00 at Korea Telecom in Seoul. As always this meeting will be held in Korean and all parties from open source user companies are welcome to attend.

Venue Information

• https://www.ktds.com/company/about_location.jsp

More Information about the Korean Work Group

• https://wiki.linuxfoundation.org/openchain/openchain-korean-working-group

Bonus News for 2020!

The fifth and sixth meetings have been announced for March and June 2020. Kakao and NCSoft respectively will be the hosts. Please watch this space for more details.

The OpenChain Automotive Workgroup has announced its second meeting. Join us at Open Source Summit Europe on the 29th October. Please note that we are in a hotel adjacent to the main conference venue.

Where?

August Lumiere Room
Lyon Marriott Hotel Cité International
70 Quai Charles de Gaulle, 69463 Lyon, France

This is a Face-to-Face meeting with dial-in capability. See below for dial-in details.

When?

09:00~12:00 on the 29th of October 2019

What’s the Agenda?

• Jonas Öberg (Scania)
  Open Source at Scania
• Yuichi Kusakabe (Denso Ten)
  How to use OSS license tools (SW360 and SPDX Lite) with AGL release software
• Shunsuke Tokumoto (Fujitsu)
  License management with SPDX
• Sebastian Schuberth (Bosch)
  Bosch’s Activities in Automating OSS
• Masato Endo (Toyota)
  Introduction of OpenChain and Automotive WG

Do I Need to Register?

No.

How Do I Dial-In?

• Join the call: https://uberconference.com/openchainproject
• Optional US dial in number: 855-889-3011
  (No PIN needed)
• Get international numbers:
  https://www.uberconference.com/international
  • Dial the country number based on your location.
  • Enter 855 889 3011 and then # to enter the room.

How Do I Join The Automotive Work Group Mailing List?

Head over to Groups.io:

• https://groups.io/g/openchain-automotive-work-group/

The License Info Exchange Sub Work Group will host a meeting on the 15th of October. This meeting will be hosted by Fujitsu Marketing (Shinagawa, Tokyo). Everyone is welcome to join!

Learn More About This Sub-Group

• https://wiki.linuxfoundation.org/openchain/jwg_lincense_sg_page

The Planning Sub Work Group will host a meeting on the 18th of October. This meeting will be hosted by Fujitsu ( Musashi-nakahara, Kawasaki). Everyone is welcome to join!

Learn More About This Sub-Group

• https://wiki.linuxfoundation.org/openchain/jwg_planning_sg_page

The Tooling Sub Work Group will host a meeting on the 17th of October. This meeting will be hosted by DeNA (Shibuya, Tokyo). Everyone is welcome to join!

Learn More About This Sub-Group

• https://wiki.linuxfoundation.org/openchain/jwg_tooling_sg_page

The OpenChain Project will be taking center stage during the Risk and Compliance in Open Source panel at the Nordic OpenInfra Days on the 3rd of October.

“Amanda Brock will chair the panel and consider what is risk in open source and what does it take to make software Trustable from a legal and compliance perspective. The Linux Foundation’s OpenChain compliance project has rapidly gained traction and is supported by companies like Microsoft, Google, Facebook, Intel, Toyota and Scania. Andrew Katz from Orcro, a Linux Foundation partner, has been advising companies on open source compliance for many years, and draws on the practical experience he has with clients large and small in discussing this. Martin Von Willebrand will consider how to implement an end-to-end automated open source compliance tool chain and Professor Björn Lundell will highlight findings and challenges from extensive research related to clarifying terms (and obtaining patent licences) for use of IT standards allowing for implementation in open source projects.”

Learn More

• https://openinfranordics.com/program/