株式会社日立製作所 今田律夫

はじめに

OpenChainプロジェクト は、The Linux Foundation の公式プロジェクトの一つです。今回は、OpenChainプロジェクトおよびOpenChain Japan WGについてご紹介します。

OpenChainプロジェクト

オープンソースソフトウェア (以下ではOSSと略します) の活用にあたっては、各ソフトウェアの著作者が定めたライセンスを遵守する必要があります。特に、組織においてOSSを活用する場合、組織に入ってくるOSS (Inbound)、組織から出ていくOSS (Outbound) の両方について適切な管理が行われるよう、管理体制の確立が必要になります。OpenChainプロジェクトは、各組織が組織内に確立すべきOSSコンプライアンスプログラムの要件をOpenChain仕様として定義し、その普及を推進しています。また、OpenChainプロジェクトは、OpenChain仕様のISO規格化を進めています。

OpenChainプロジェクトの会員資格

OpenChainプロジェクトの会員資格には、The Linux Foundationの会員企業が参加できる有償のプラチナ会員と、コミュニティ会員とがあります。プラチナ会員は本稿の執筆時点で、Adobe, ARM, Bosch, Cisco, Comcast, Facebook, 富士通, Google, 日立製作所, Microsoft, パナソニック, Qualcomm, Siemens, ソニー, 東芝, トヨタ自動車, Uber, Western Digitalの18社です。コミュニティ会員は誰でも参加でき、メーリングリスト、電話会議、ワークショップ等を通じて、前述のOpenChain仕様の策定やその他関連文書の作成など、様々な活動に参加できます。

OpenChain Japan WG

上記のプラチナ会員に複数の日本企業が参加したことをきっかけとして、OSSコンプライアンスに関して日本語で情報交換を行える場所を作りたいということで、2017年に活動を開始しました。以来、メーリングリストや定期的な会合を開催するなど、活動を継続しています。

OpenChain Japan WGの活動状況

2～3カ月ごとに全体会合を開催しています。これまでに11回の全体会合を開催しました。

• 第1回会合　2017年12月27日(水) ソニー本社　クリエイティブラウンジ
• 第2回会合　2018年2月22日（木）日立製作所 品川オフィス
• 第3回会合　2018年4月19日（木）パナソニック Wonder Lab Osaka（大阪）
• 第4回会合　2018年6月13日（水）トヨタ自動車名古屋オフィス（ミッドランドスクエア）
• 第5回会合　2018年8月31日（金）富士通川崎工場（神奈川県川崎市）
• 第6回会合　2018年10月31日（水）東芝（神奈川県川崎市幸区）
• 第7回会合　2018年12月5日（水）テュフズードジャパン（東京都新宿区）
• 第8回会合　2019年2月28日(木) 三菱電機 本社（東京都千代田区）
• 第9回会合　2019年4月18日(木) デンソーテン（兵庫県神戸市）
• 第10回会合　2019年7月16日(火) 富士通ソリューションスクエア（東京都大田区）
• 第11回会合　2019年9月19日(木) オリンパス (技術開発センター宇津木)

また上記以外に数回のAd hoc会合も開催しています。これらの会合の様子は、Wiki に写真を掲載していますのでご覧ください。今後のイベントにつきましては、こちら をご覧ください。

サブワーキンググループ (SWG) 活動

テーマ毎にSWGを作って活動しています。本稿の執筆時点では以下のSWGが活動しています。各SWGの活動内容については、このアドベントカレンダーで順次ご紹介します。

• Planning SWG
• FAQ SWG
• サプライチェーン上流向けリーフレット SWG
• 「役割ごとの教育資料」SWG
• 組織間のライセンス情報授受 SWG
• プロモーション SWG
• ツール SWG

メーリングリストへの参加方法

OpenChain Japan WGには4つのメーリングリストがあります。各メーリングリストに参加するには、それぞれ下記のアドレスにメールを送信してください。機械的に処理されますので、メール本文の記載は必要ありません。なお、システム変更に伴い2019年10月30日以降、メーリングリストの参加方法が変わりました。以前の情報をお持ちの方はご注意ください。

OpenChain Japan WG ML: japan-wg+subscribe@lists.openchainproject.org
ライセンス情報 SWG ML: japan-sg-licensing+subscribe@lists.openchainproject.org
Planning SWG ML: japan-sg-planning+subscribe@lists.openchainproject.org
Tooling SWG ML: japan-sg-tooling+subscribe@lists.openchainproject.org

OpenChain プロジェクトのメーリングリストについては、こちらをご覧ください。

Slack

メンバーのコミュニケーションの手段として、Slackも活用しています。

おわりに

以上、OpenChain プロジェクトおよびOpenChain Japan WGについて簡単にご紹介しました。OpenChain Japan WGは、OSSコンプライアンスに関して日本語で仲間づくり、情報交換、OSSコミュニティへの貢献ができる場です。皆様のご参加をお待ちしています。

Proposed Agenda

1. Continue on best practices for container compliance  

Join The Call

• Join using the Circuit Desktop App or mobile app:
  circuit://circuit.siemens.com/guest?token=fbb05519-298c-491e-9aa0-461cc468a867
• Join using the Circuit web client or mobile app:
  https://circuit.siemens.com/guest?token=fbb05519-298c-491e-9aa0-461cc468a867

To enjoy the best possible experience while working with Circuit on your desktop computer, try Circuit Desktop App, Chrome or Firefox.

• To participate in a voice-only conference, dial one of the below numbers and enter this code: 6784 3507 96 #
• Your microphone will be muted. Press *3 to unmute it.

Frequently used dial-in numbers:

Canada (English): +19292704096
  tel:+19292704096,,6784350796#

China, Peoples Republic (中文): 4008198763
  tel:4008198763,,6784350796#

Germany (Deutsch): +498923128020
  tel:+498923128020,,6784350796#

Spain (Español): +34912158038
  tel:+34912158038,,6784350796#

United Kingdom (English): +442076606076
  tel:+442076606076,,6784350796#

United States (English): +19292704096
  tel:+19292704096,,6784350796#

All dial-in numbers:

Argentina (Español): +541159842552
  tel:+541159842552,,6784350796#

Australia (English): +61282784325
  tel:+61282784325,,6784350796#

Austria (Deutsch): +4313602774621
  tel:+4313602774621,,6784350796#

Belgium (English): +3226200317
  tel:+3226200317,,6784350796#

Brazil (English): +551138788268
  tel:+551138788268,,6784350796#

Bulgaria (English): +35929358238
  tel:+35929358238,,6784350796#

Canada (Français): +18887768707
  tel:+18887768707,,6784350796#

Canada (English): +18887768708
  tel:+18887768708,,6784350796#

Canada (English): +19292704096
  tel:+19292704096,,6784350796#

Canada (Français): +15148412132
  tel:+15148412132,,6784350796#

Chile (Español): +56226188362
  tel:+56226188362,,6784350796#

China, Peoples Republic (中文): 4008198763
  tel:4008198763,,6784350796#

Colombia (Español): +5714864866
  tel:+5714864866,,6784350796#

Costa Rica (Español): +50625397362
  tel:+50625397362,,6784350796#

Croatia (English): +38517776197
  tel:+38517776197,,6784350796#

Czech Republic (English): +420225382900
  tel:+420225382900,,6784350796#

Denmark (English): +4535158116
  tel:+4535158116,,6784350796#

Dominican Republic (Español): +18299566315
  tel:+18299566315,,6784350796#

Ecuador (Español): +1800000742
  tel:+1800000742,,6784350796#

El Salvador (Español): +50321367565
  tel:+50321367565,,6784350796#

Estonia (English): +3726868885
  tel:+3726868885,,6784350796#

Finland (English): +358981710072
  tel:+358981710072,,6784350796#

France (Français): +33185148486
  tel:+33185148486,,6784350796#

Germany (Deutsch): +498923128020
  tel:+498923128020,,6784350796#

Greece (English): +302111809487
  tel:+302111809487,,6784350796#

Guatemala (Español): +50223661200
  tel:+50223661200,,6784350796#

Hungary (English): +3614292267
  tel:+3614292267,,6784350796#

Indonesia (English): +622150851722
  tel:+622150851722,,6784350796#

Ireland (English): +35315339866
  tel:+35315339866,,6784350796#

Israel (English): +97237207564
  tel:+97237207564,,6784350796#

Italy (Italiano): +390699748020
  tel:+390699748020,,6784350796#

Japan (English): +81366344738
  tel:+81366344738,,6784350796#

Kazakhstan (English): +77273122918
  tel:+77273122918,,6784350796#

Korea South (English): +82264108576
  tel:+82264108576,,6784350796#

Latvia (English): +37166163137
  tel:+37166163137,,6784350796#

Lithuania (English): +37052141723
  tel:+37052141723,,6784350796#

Luxembourg (Français): +35227300013
  tel:+35227300013,,6784350796#

Malaysia (English): +60320535108
  tel:+60320535108,,6784350796#

Mexico (Español): +525550912420
  tel:+525550912420,,6784350796#

Morocco (English): +212520480311
  tel:+212520480311,,6784350796#

Netherlands (English): +31207219093
  tel:+31207219093,,6784350796#

Norway (English): +4723500290
  tel:+4723500290,,6784350796#

Oman (English): +96880074490
  tel:+96880074490,,6784350796#

Oman (English): 80074490
  tel:80074490,,6784350796#

Pakistan (English): +92518108858
  tel:+92518108858,,6784350796#

Peru (Español): +5117087113
  tel:+5117087113,,6784350796#

Philippines (English): +63283953534
  tel:+63283953534,,6784350796#

Poland (English): +48225048376
  tel:+48225048376,,6784350796#

Portugal (English): +351210608117
  tel:+351210608117,,6784350796#

Romania (English): +40311305020
  tel:+40311305020,,6784350796#

Russian Federation (Русский): +73433511796
  tel:+73433511796,,6784350796#

Russian Federation (Русский): +74232492964
  tel:+74232492964,,6784350796#

Russian Federation (Русский): +74957459864
  tel:+74957459864,,6784350796#

Russian Federation (Русский): +78127186937
  tel:+78127186937,,6784350796#

Singapore (English): +6563131571
  tel:+6563131571,,6784350796#

Slovakia (English): +421250112159
  tel:+421250112159,,6784350796#

Slovenia (English): +38616002736
  tel:+38616002736,,6784350796#

South Africa (English): +27118446101
  tel:+27118446101,,6784350796#

Spain (Español): +34912158038
  tel:+34912158038,,6784350796#

Sweden (English): +46851992037
  tel:+46851992037,,6784350796#

Switzerland (English): +41225675325
  tel:+41225675325,,6784350796#

Thailand (English): +6621040793
  tel:+6621040793,,6784350796#

Turkey (English): +902123755830
  tel:+902123755830,,6784350796#

United Arab Emirates (English): 800035704335
  tel:800035704335,,6784350796#

United Kingdom (English): +442076606076
  tel:+442076606076,,6784350796#

United States (English): +19292704096
  tel:+19292704096,,6784350796#

Uruguay (Español): +59829028657
  tel:+59829028657,,6784350796#

Venezuela (Español): +582123358895
  tel:+582123358895,,6784350796#

Vietnam (English): +842844581451
  tel:+842844581451,,6784350796#

1. News
Oliver informed all that Haksung created an overview about sw360 in Korean language.
Further Oliver created a new branch “containers” in our Github repo and provided there the material shown in the last meetings. The idea is to collect all material about containers and license compliance in the directory “Container-License-Compliance”, once having good content available Oliver wants to reach out to Shane and ask him whether is would be possible to generate an official OpenChain “container compliance leaflet”.

Alexios shared that the development of SPDX-3.0 has started. SPDX-3.0 will support different profiles which will implement different use cases. Now there is a good opportunity to introduce changes to the SPDX standard, which break backward compatibility, since the version 3.0 will not be backward compatible with the previous versions. He also said if there are requirements towards the specification from our side, we are warmly welcome to contribute them. The new version will contain examples how it shall be used.
The Github repos of SPDX specification can be found here: https://github.com/spdx/spdx-spec

2. License compliant containers:
Oliver presented the content of the branch and the directory https://github.com/zvr/Sharing-creates-value/tree/containers/Container-License-Compliance . There was the comment that we shall also provide a “Q&A” on which tools shall be used in order to achieve the best practices. Further is was suggested to provide also a description of the desired results  and provide concrete examples.

3. New features in sw360
Michael presented the new features implemented in sw360. There will be changelog functionality in order to verify who changed what. Sw360 is able to “read” SPDX Boms and to generate the corresponding data. He asked for support in further testing this feature because there are many different scenarios, which have to be covered. The integration of sw360 with FOSSology via REST API is improved and FOSSology scans can be triggered automatically.
There was the question whether sw360 is able to generate the “OSS disclosure document” – yes it is possible to generate the OSS disclosure document with sw360. There are two options available to do that – either via REST API or via GUI. The same applies to the generation of the source code bundle.

4. Next steps:
Next meeting will be at 8th of April the invitation was sent to the mailing list
Proposed Agenda Item: continue on best practices for container compliance

Review The Slides Presented

12th Meeting OpenChain Reference Tooling Work Group – 25th March – Slides from Shane Coughlan

https://www.slideshare.net/ShaneCoughlan3/12th-meeting-openchain-reference-tooling-work-group-25th-march-slides 

SW360 Update Tooling Telco from Shane Coughlan

The full video minutes of our most recent OpenChain Korea Work Group meeting are now available. This was a virtual meeting due to the COVID-19 situation. Great thanks to all involved in hosting the event and preparing this video! Special thanks to Haksung Jang @ SK Telecom and Seo Yeon Lee @ LINE for getting these post event reports together.

Keep Up With The Korean Work Group

• https://openchain-project.github.io/OpenChain-KWG

Join The Korean Mailing List

• https://lists.openchainproject.org/g/korea-wg

During the December 2019 period the OpenChain Japan Work Group ran a series of articles covering OpenChain, their work, and what it means to companies. We will be republishing this calendar in Japanese on the main OpenChain blog over the coming weeks, and we hope to share some English translations after that.

Check Out The First Article

• https://www.openchainproject.org/news/2020/03/29/%E3%82%88%E3%81%86%E3%81%93%E3%81%9Dopenchain-japan-wg%E3%81%B8%EF%BC%81

If you want to skip ahead, you can see the whole series here:

• https://qiita.com/advent-calendar/2019/openchainjapanswg

OpenChain Project Request for Comments

Oliver, chair of our reference tooling work group, has started to draft best practices for license complaint containers. Have some thoughts? Want to help?

Engage via the Reference Tooling Mailing List

• https://groups.io/g/oss-based-compliance-tooling/message/518

GTC Law and FOSSID, two official partners of the OpenChain Project, will host a webinar on March 26th 2020 at 9:30 am EST that covers open source software and code snippets: the benefits, the pratfalls, and how to use FOSSID tools to manage compliance and mitigate risks.

This webinar will dive into OpenChain and will explain the value proposition for businesses leveraging open source software in products or services.

Learn More

• https://fossid.com/2020/03/10/webinar-with-gtc-law-and-fossid-march-26-930am-est/

Register

• https://zoom.us/webinar/register/WN_eVUk8_WJQ5uecWwSaPY1mg

Shane Coughlan, General Manager of the Linux Foundation OpenChain Project,  Keith Bergelt, OIN CEO, take a look at open source expectation & Open Source Software (OSS)-related behavior in the supply chain ecosystem for virtually every business and every industry in this week’s Open Source For You magazine.

Read the Article

Continuing Improvements to the OSS Supply Chain Ecosystem

SAN FRANCISCO MARCH 24, 2020 – Today the OpenChain Project welcomes Lex Pan Law and Opsequio as our latest official partners. Lex Pan Law, a technology law firm based in the United States, has a long and deep background in intellectual property and free and open source licensing, as well as other associated corporate and business law issues like securing patent, copyright and trademark protection, IP portfolio strategy and development, strategic technology licensing, IP asset assessment and mergers & acquisition.  Opsqeuio (www.opsequ.io), a virtual open source program office (OSPO) services company also based in the United States, has a long background in setting up and running software provenance and open source compliance programs in high technology organizations, and its services are designed to provide consultation and coverage for small-to-medium-sized organizations not yet ready to set up their own internal OSPO, and supplemental support for larger companies which have an existing OSPO.  

Their partnership with the OpenChain Project marks another milestone in building out global support for user companies adopting our industry standard for open source compliance and provides a local resource for companies and organizations in the Pacific Northwest region of North America looking to adopt OpenChain practices or to become OpenChain conformant.

“OpenChain provides a wealth of resources for companies and organizations looking to adopt industry-leading practices around software compliance,” says McCoy Smith, Founding Attorney of Lex Pan Law and Founder of Opsequio. “As someone who has followed the development of OpenChain as a standard and as a community since its inception, I am thrilled for Lex Pan Law and Opsequio to become part of that community, and to help our clients and customers to take full advantage of everything OpenChain has to offer.”

“As OpenChain has seen increased adoption globally there has been a steady push for expanding the network of support available for user companies refining their compliance programs,” says Shane Coughlan, OpenChain General Manager. “Our relationship with Lex Pan Law and Opsequio continues to bolster our position in both the North American and global market, particularly in the growing tech hubs in the Pacific Northwest, and it also formalizes our cooperative relationship in a manner aligned with the project’s strategic goals. I am looking forward to close collaboration with Lex Pan Law and Opsequio as we support our user companies in the global rollout of the OpenChain standard in the supply chain and the acceptance of OpenChain as an ISO standard later this year.”

About Lex Pan Law & Opsequio

Lex Pan Law (www.lexpan.law) is a full-service technology and intellectual property law firm, based in Portland, Oregon, USA, with over 35 years of experience in virtually every facet of technology and law, including extensive experience and community contacts in the free and open source licensing world (including software, hardware, and content). Opsequio (www.opsequ.io) offers virtual open source program office services, and has close to 20 years of experience in setting up, managing, and growing an open source program office in a multinational Fortune 50 technology company. Both organizations are led by McCoy Smith, a leading speaker and author on intellectual property issues and their intersection with free and open source licensing.  He is on the editorial board of the Journal of Open Law, Technology & Society (www.jolts.world).

About the OpenChain Project

The OpenChain Project builds trust in open source by making open source license compliance simpler and more consistent. The OpenChain Specification defines a core set of requirements every quality compliance program must satisfy. The OpenChain Curriculum provides the educational foundation for open source processes and solutions, whilst meeting a key requirement of the OpenChain Specification. OpenChain Conformance allows organizations to display their adherence to these requirements. The result is that open source license compliance becomes more predictable, understandable and efficient for participants of the software supply chain. More information can be found at www.openchainproject.org.

About The Linux Foundation

The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and industry adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage. 

Linux is a registered trademark of Linus Torvalds.

Media Contacts:

OpenChain Project

Shane Coughlan
+818040358083
scoughlan@linuxfoundation.org

Lex Pan Law & Opsequio

McCoy Smith
+15037998470
mccoy@linux.com
mccoy@lexpan.law