News

The minutes are below. The slides discussed during the meeting are presented here as well for reference.

OpenChain Tooling Work Group Meeting #2 – Agenda Slides from Shane Coughlan

OpenChain Tooling Work Group Meeting #2 – Guest Presentation from Shane Coughlan

1. News
Shane gave a short summary of reactions during the OSS Summit NA on the earlier announcement of the Tooling Group. The reactions on the announcement were very positive and there is a global interest to have a OSS based compliance toolchain. There is high interest in developing and testing glue code to hook the existing tools together to form a ready to use reference toolchain.
Michael Jaeger also summarized the OSS Summit NA. There were presentations about OSS based compliance tools FOSSology, ORT, sw360. There was also a talk about the CHAOSS project and its areas of interest. The Japanese OpenChain Work Group had a booth presenting OpenChain.

The list of upcoming events was updated.
The F2F Meeting of the Open Source Tooling Group is taking place on October 10 09:15 – 16:15 at ESA: ESOC – European Space Operations Centre, Robert-Bosch-Strasse 5, 64293 Darmstadt, Germany, everybody is invited to join either in person or via remote access.
The Eclipsecon Europe taking place in Ludwigsburg Germany,  October 21 – 24, 2019 the program can be checked via https://www.eclipsecon.org/europe2019/schedule/2019-10-22

2. Introduction of the existing work
On slide 6 Big Picture – Integrated Compliance Toolchain the questions were raised whether the an “Issue tracker” shall also be listed. –> big picture will be updated
The proposal was made to rename the functional block “Component Analysis Service” to “Forensic Code Analysis Service” –> big picture will be updated.
As another Scanner “license finder” from Pivotal was mentioned https://github.com/pivotal/LicenseFinder
The glossary and the component landscape will be aligned with the big picture functional blocks
On slide 7 tests shall be added to the areas of work

3. Areas to focus on
Frances Paulisch and Arun Azhakesan gave an overview about the current development in the context of an OSS based compliances toolchain at Siemens Healthineers. The slides are attached.
In the following discussion tracecode was mentioned as a tool to analyze the traced execution of a build to identify which files are built into binaries and ultimately deployed in the software. It could help to work on the demands about Yocto builds.

4.Next steps
Reorganization of the repo sharing-creates-value to the focus OSS compliance toolchain
Preparation of a reference slide set about the Open Source Tooling Group. A proposal was made to provide in addition “One Slide telling the Open Source Tooling Group story”. Arun mentioned that he will give a presentation about the Open Source Tooling Group during the Kickoff Meeting of the Indian OpenChain Work Group kickoff and that he will share the slides as a starting point to create the reference slide set
The proposal was made to write user stories in order to derive a clear picture what needs to be done in order to make the turn-key solution happen.
Peter volunteered to check the internal documentation which parts it can be shared.
Marcel volunteered to provide some user stories.

The OpenChain Project is delighted to announce that our free online self-certification is now available in Korean. This translation was contributed by Haksung Jang and marks a major milestone in our roll-out of international services to support adoption of our industry standard.

Self-Certify in Korean

• https://certification.openchainproject.org

The OpenChain Project is delighted to announce that OpenChain Self-Certification is now available in Korean. This translation, joining our English and Japanese self-certification, marks another milestone in ensuring that companies around the world can quickly, easily and effectively adopt the key requirements of a quality open source compliance program. Great thanks are due to Haksung Jang from LG Electronics for his fantastic work in this translation.

Access OpenChain Self-Certification in Korean

• https://certification.openchainproject.org/?locale=ko

Nicole from TUV SUD has provided some slides outlining how Independent Compliance Assessments work and how they may be applied to the OpenChain Project. These can potentially be seen as one of three pillars to assist organizations in OpenChain Conformance.

1. Self-Certification, the core of the project, and our recommended activity for companies of all sizes in all markets.
2. Independent Compliance Assessment, where a company self-certifies but has the process assisted or reviewed by a third party, which may be a consultancy, a law firm or another organization.
3. Third-Party Certification, where a certification body such as TUV SUD provides an audited review and formal certification to a company.

The slides are a work in progress. It should be reviewed, edited and polished so we can consider formal inclusion in the OpenChain reference materials and so that we can roll out a case study explaining this approach to OpenChain Conformance.

Review the Slides

• https://docs.google.com/presentation/d/1E1am2wo0K3PbovtoByEOkvLWK2SLfv_cLFXo7VXJJ9o/edit#slide=id.g5bc6567d1d_0_115

Thanks to the hard work of Andrew Katz and his teams at Moorcrofts and Orcro the OpenChain Policy Template for OpenChain Specification 2.0 is nearly ready. This provides extensive building blocks to help organizations of any size in any market create an open source policy.

Final call for comments. We are targeting a release date of 27th of September to coincide with our OpenChain workshop in Taipei.

Changes Since Our Beta

1. General tidy up and improvement in the use of defined terms.
2. Improvement of the copyright notice applicable to the document as a whole (it’s CC0 apart from the Specification itself).
3. Improvement of the Roles tab. The Roles tab has been expanded with a number of new roles, and for each of them there is now a sample set of competencies, either at high level or detailed level.
4. Addition of the Training tab. This now contains a list of possible training modules (and includes all of the chapters in the OpenChain curriculum slide deck), as well as some more company specific ones. For each of these, there is a matrix which relates each role (as defined in the roles tab) to each of the training modules available. A ‘1’ in the appropriate cell in the matrix indicates that this training is necessary for that particular role.

Get these guides and many more documents in the OpenChain Reference Library.

The Tooling Work Group will host its second meeting on the 18th of September. This meeting will be hosted by Oliver Fendt of Siemens and continues the exploratory discussion regarding the state of open source tooling for open source compliance today. Everyone is welcome to join!

At the scheduled time click to join the voice, video or screen sharing session:

Join using the Circuit Desktop App or mobile app:
circuit://circuit.siemens.com/guest?token=45522636-5f35-4822-9262-2e0441cfb2ec

Join using the Circuit web client or mobile app:
https://circuit.siemens.com/guest?token=45522636-5f35-4822-9262-2e0441cfb2ec

To participate in a voice-only conference, dial one of the following numbers and use this code:

PIN 2915 2060 74 #

Your microphone will be muted. Press *3 to unmute it.

Frequently used dial-in numbers:

Canada (English):
+19292704096
+19292704096,,2915206074#

China, Peoples Republic (中文):
4008198763 (Toll free)
4008198763,,2915206074#

Germany (Deutsch):
+498923128020
+498923128020,,2915206074#

Japan (English):
+81366344738
+81366344738,,2915206074#

Korea (English):
+82264108576
+82264108576,,2915206074#

Spain (Español):
+34912158038
+34912158038,,2915206074#

United Kingdom (English):
+442076606076
+442076606076,,2915206074#

United States (English):
+19292704096
t+19292704096,,2915206074#

Get The Agenda

• https://wiki.linuxfoundation.org/_media/openchain/openchain_agenda_09-09-2019.pdf

Get the Guest Speaker Slides

• Guest Speaker: Mark Gisi on SParts (PDF)
• Guest Speaker: Philippe Ombredanne on ScanCode (PDF)

Review all OpenChain Work Team Calls

• https://wiki.linuxfoundation.org/openchain/minutes

Video minutes are now available for the first OpenChain Automotive Work Group Meeting on the 19th of July 2019. This meeting, bringing together collaborators from dozens of companies across three continents, marked the beginning of a global effort to seek common, resource effective solutions for open source license compliance.

The regularly scheduled OpenChain First Second Monday call will take place today at 09:00 Pacific / 18:00 CET. This call was moved forward one week due to a US holiday.

OpenChain Agenda 09-09-2019 from Shane Coughlan

We will be having Mark Gisi introduce the SParts Project as a featured guest, then a presentation by Philippe Ombredanne on ScanCode before moving our focus to the OpenChain ISO Spec.

Join the call: https://uberconference.com/openchainproject

• Optional US dial in number: 855-889-3011 No PIN needed
• If you need to use an international phone number please check: https://www.uberconference.com/international for country numbers.
  • Canada(647) 694-4842
  • Finland09 42450409
  • Germany030 30807999
  • Ireland(01) 525 5652
  • Italy06 9480 3196
  • Spain911 23 89 04
  • Sweden08-408 394 78
  • United Kingdom020 3514 1993
  • United States(401) 283-2000
• 1. Dial the country number based on your location.
• 2. Enter 855 889 3011 and then # to enter the room.

This is a record of the OpenChain Project Work Team Call from 09-09-2019.

Get the agenda slides

• https://wiki.linuxfoundation.org/_media/openchain/openchain_agenda_09-09-2019.pdf

Read the written minutes

• https://wiki.linuxfoundation.org/_media/openchain/openchain_work_team_call_09-09-2019.pdf

Watch the video minutes

• https://www.youtube.com/watch?v=EP7U7cFhNPM

All OpenChain call outcomes are archived on our wiki

• https://wiki.linuxfoundation.org/openchain/minutes