Fukuchi San from Sony has provided us with a draft outlining where the various sections of the OpenChain Specification fit into company process workflows. This is building on a document that was previously available for OpenChain Specification 1.2. The goal is to provide a quick framing of our industry standard for organizations considering adoption, considering conformance, or managing these activities.
We would like to collect feedback on this document as it is likely to disseminate widely throughout our community in various languages over time. Email our General Manager (scoughlan@linuxfoundation.org) or any of our mailing lists to provide comments and suggestions.
The 10th OpenChain Project interview is live! Meet Alex, who makes sure our collection of international activities are recorded and fit together, and who brought previous interviews to publication.
Stefan from Fiducia & GAD IT announced yesterday that work is well advanced on a German translation of our Supplier Education Leaflet. Originally created by a sub-group of the OpenChain Japan Work Group, the supplier education leaflet is available in Japanese, English, Simplified and Traditional Chinese, as well as in Vietnamese as a draft.
Stefan’s full announcement and call for support
As discussed yesterday in Nuremberg during our kick-off meeting of the German OpenChain Working Group, I would like to reach out for support regarding finalisation of a translation of the Open Chain Supplier Leaflet into German.
The layout is not yet as complete as in the original – I would like to finalise the design after having sorted out the final German text. Thus, in a first round, quality checking of the text would be a good point to start 🙂
The video minutes for the first meeting of the OpenChain Germany Work Group are now available. This meeting was kindly hosted by Siemens in Nuremberg and featured 38 people from 29 companies. A big thank you to everyone who made it happen.
New from EACG: OpenChain Cheat Sheet – Conformance Requirements in One Page. This is a handy way to contextualize the whole industry standard for open source compliance in a single, easy-to-read handout.
Our partners over at PwC Germany have just released a video outlining their Third Part Certification for OpenChain Project. This is another example of the growing user community and support community around our industry standard for open source compliance.
The OpenChain Reference Tooling Work Group held a series of meetings adjacent to the FOSDEM conference in Brussels. Here are the outcomes and minutes as provided by Oliver Fendt.
Big Picture
It would be good to have information about “who is using which open source tool to do OSS compliance work” to create an overview that might help during internal discussions about appropriate tooling. We did not find an exact solution for this but there was consensus to work on enhancing a planned TODO Group survey with concrete questions about OSS based compliance tool usage. The survey is scheduled to be launched in June 2020.
It would help if we could create a detailed description of the functional building blocks (e.g. license & copyright scanner) available and which tool(s) implement the desired functionality or part thereof. A similar concept is also an outcome of the “requirements” session, see below.
Glue Code
To produce practical glue code a concrete use case is necessary. If you have a concrete use case and the tools intended to address this use case it is easy to identify the glue code required for implementation. This also provides the possibility to address whether the APIs of the tools support the implementation of the use case. When a tool does not support the needed API it is then practical and possible to file a targeted issue for that specific tool.
We intend to create a place where one can share information about different integration scenarios or proof of concepts different person are currently working on, in order to avoid duplicated efforts and to be able to connect to others addressing the same concerns. Two examples: Martin is willing to share the information about his company’s Yocto proof-of-concept and Arun will share information about work in his company.
* Oliver Fendt has taken an action item to create a place (directory) in our Github repo that this and other information can be shared and coordinated.
There is also the possibility that existing tools have integration scenarios with on their roadmap and that for these scenarios glue code is unnecessary. Coordination is key.
Requirements
There was consensus that documentation is needed to describe the progress from user stories (what do I want/need to do) to capabilities of the functional building blocks that make up the big picture (e.g. License & copyright scanner). It is important to provide concrete instances of tools which implement the necessary capabilities. This will also be a good base to identify needed glue code and/or APIs to be implemented in the concrete tools.
If you want to contribute to realize our targeted results you are highly welcome. Jump in and comment on the issues we will create based on these outcomes.
A message from Shane Coughlan, OpenChain General Manager
Dear Everyone First of all, I would like to offer my personal best wishes and thoughts to everyone who is impacted. The safety of yourself, your family, your friends and your colleagues is the most important thing. Every decision in the OpenChain Project will be taken from this perspective. We expect events in Asia and abroad to be altered or cancelled due to the outbreak. More specifically:
On February 6th I will attend the first OpenChain Germany meeting. However, if the virus appears in South West Japan I will cancel my attendance. I do not want to risk carrying the virus to Europe.
On February 18 the 13th OpenChain Japan meeting happens in Tokyo. The Japan Work Group will monitor the situation and decide if we need to change our plans. Updates to follow.
On March 3rd the third OpenChain China meeting happens in Beijing. We will monitor the situation and decide if we cancel within the next two weeks. Updates to follow.
Our events in Taiwan are being decided by our local organizers, SZ and Lucien. Updates to follow.
Our events in Korea are undecided. I will talk with our local community. Updates to follow.
Our co-hosting of the first Asian Legal Network Conference will continue, but the event has moved from Q1 to Fall. Updates to follow.
Regardless of where you are, please take care. I am hearing reports of shortages of face masks and other materials in more locations. If you are in one of these locations please contact me at scoughlan@linuxfoundation.org. I will send supplies. Let’s take care of each other. Regards Shane
