Re: OpenChain spec v0.1


Kelly Williams
 

Thanks, Sami and Jilayne.  I added the purpose statement to the Etherpad and included it on the agenda for Monday. 

 

From: Jilayne Lovejoy [mailto:Jilayne.Lovejoy@...]
Sent: Thursday, October 15, 2015 3:09 PM
To: Marr, David; Sami Atabani; openchain@...; Williams, Kelly
Subject: Re: [OpenChain] OpenChain spec v0.1

 

Agreed!! :)

 

I think the “purpose” of OpenChain is to establish best practices / guidelines / roadmap (whatever we call it) that supports achieving the goals for the effective management of OSS.  Those goals being, in sum: <insert Sami’s text>

 

This all reminds me - are we supposed to come with a “mission statement” and “purpose” or “vision” or some other such corporate internal marketing–speak, which I’m never quite good at… and never quite sure of the distinction between…

 

I suppose, if I were to take a stab and extend the purpose and goals of OpenChain to what our vision would be (vision = the OpenChain vision of the future!!) it might be:

  • that all (most?) companies in the supply chain follow internal policies and procedures that realize the following goals <Sami’s text>
  • Via collaboratively developed and openly provide guidelines  (the actual stuff OpenChain develops)

 

Oh my… must stop typing now… 

 

Jilayne

 

On 10/14/15, 6:28 PM, "openchain-bounces@... on behalf of Marr, David" <openchain-bounces@... on behalf of dmarr@...> wrote:

 

My impression is that this seems to be a very good capture of our purpose.  Dave

 

From: openchain-bounces@... [mailto:openchain-bounces@...] On Behalf Of Sami Atabani
Sent: Wednesday, October 14, 2015 2:07 PM
To: openchain@...; Williams, Kelly
Subject: Re: [OpenChain] OpenChain spec v0.1

 

Hi Kelly,

 

Unfortunately, I won’t be able to join the next session on Monday due to travel commitment but would be happy for this to be discussed during my absence or delayed for next time.

 

My thoughts are captured below and can be used as the basis for defining the purpose:

 

  • A clear OSS approval process
    • Review and approve incoming OSS based on use case and applicable licence
    • Identify obligations based on licence and use case
    • Track and record key OSS details
  • Verify what OSS is used and distributed in products/deliverables prior to release
    • Identify a bill of material for all OSS used within a product/deliverable through automated scans and/or visual inspections
    • Compare against the list of approved OSS and address any discrepancies
  • Compliance with applicable obligations & post-contract management
    • Confirm that obligations have been fulfilled and put auditable process in place to verify compliance
    • Ensure any outwards licence compatibility issues are considered and addressed

 

I hope this will be useful.

 

Best regards,

 

Sami

 

From:openchain-bounces@... [mailto:openchain-bounces@...] On Behalf Of Sami Atabani
Sent: 07 October 2015 15:41
To: Williams, Kelly; openchain@...
Subject: Re: [OpenChain] OpenChain spec v0.1

 

Hi Kelly,

 

One thought occurred to me while looking at the clean document and was planning to raise during our next session is to have a summary of our initiative at the top of the document to capture the purpose. Perhaps this is something that we can add to our agenda for next time?

 

Best regards,

 

Sami

 

From:openchain-bounces@... [mailto:openchain-bounces@...] On Behalf Of Williams, Kelly
Sent: 06 October 2015 23:11
To:
openchain@...
Subject: [OpenChain] OpenChain spec v0.1

 

Hi Everyone,

 

We’ve done the first pass on cleaning up the spec in particular changing the language to imperative language.  Version 0.1 is now posted on the Etherpad (https://etherpad.wikimedia.org/p/openchain) and the original spec is archived on the wiki.

 

Let me know if you have any questions regarding the scope of the clean-up.

 

Best regards,
Kelly


-- IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

ARM Limited, Registered office 110 Fulbourn Road, Cambridge CB1 9NJ, Registered in England & Wales, Company No: 2557590
ARM Holdings plc, Registered office 110 Fulbourn Road, Cambridge CB1 9NJ, Registered in England & Wales, Company No: 2548782


-- IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

ARM Limited, Registered office 110 Fulbourn Road, Cambridge CB1 9NJ, Registered in England & Wales, Company No: 2557590
ARM Holdings plc, Registered office 110 Fulbourn Road, Cambridge CB1 9NJ, Registered in England & Wales, Company No: 2548782


-- IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

ARM Limited, Registered office 110 Fulbourn Road, Cambridge CB1 9NJ, Registered in England & Wales, Company No: 2557590
ARM Holdings plc, Registered office 110 Fulbourn Road, Cambridge CB1 9NJ, Registered in England & Wales, Company No: 2548782

Join main@lists.openchainproject.org to automatically receive all group messages.