Re: OSADL demo for consideration of certification prototype -- OpenChain agenda 12/7

Jilayne Lovejoy <Jilayne.Lovejoy@...>

Hi Michel, Jim,

I wanted to highlight something Michel said that I find interesting: "We
consider our process as a competitive advantage…” - this seems to be
counter-intuitive to the whole goal of OpenChain. If companies (still)
thought that good process around the management of open source software
was a competitive advantage, I don’t think we’d have been able to even get
OpenChain off the ground as a concept. My feeling or observation is that
companies have evolved past this belief and realized that to facilitate
trust in the software supply chain we need to have transparency around how
open source software is managed - just having the software bill of
materials with no insight on how it was generated is not enough. Good
open source management should not be a competitive advantage - no one
benefits by that. Of course, as Michel and Jim raised and also has been
discussed on the calls, the extent of sharing need not include
confidential information (unless mutually agreed upon by the relevant
parties, of course).

Anyway, I may have read Michel’s words too broadly or strictly (sorry,
Michel, if so!) but I thought it was a good opportunity, in any case, to
acknowledge the evolution of how the use of open source software in
corporations is viewed - we’ve come a long way!


On 12/18/15, 11:40 AM, "openchain-bounces@... on
behalf of Jim Hutchison" <openchain-bounces@... on
behalf of hutch@...> wrote:

Hi Michel,

These are helpful observations, as we are looking for a solution folks
would want to use productively.
In considering OpenChain, we should be able to steer clear of
contract/agreement terms. This will be good to keep an eye on as we
proceed in formulating the certification questions.

The group discussion appears to be trending towards using such an on-line
mechanism, and with text crafted from the OpenChain text. Ideally we will
make the questions flexible to many business processes, while retaining
inquiry to illuminate adherence to the core concerns.


Jim Hutchison
Qualcomm Technologies, Inc.

At 02:04 AM 12/10/2015, RUFFIN, MICHEL (MICHEL) wrote:
Jim, I look at the questionnaire
1) the question are not formulated very clearly and are not always
applying to Alcatel-Lucent, because we use different solutions that the
one represented in the questionnaire
2) the questionnaire is asking to link documents on our process. We
consider our process as a competitive advantage and cannot disclose the
details like this and second there is confidential information in it on
the way we interprete licenses, the deal we have with some foss suppliers
to interprete their license differently or on our patent, so I cannot
link documents

Michel.Ruffin@..., PhD
Software Coordination Manager, COO - B&ITT
Distinguished Member of Technical Staff
Tel +33 6 75 25 21 94
Alcatel-Lucent International, Centre de Villarceaux - France

-----Message d'origine-----
De : Jim Hutchison [mailto:hutch@...]
Envoyé : jeudi 10 décembre 2015 01:18
Objet : OSADL demo for consideration of certification prototype --
[OpenChain] OpenChain agenda 12/7

Hi Michel,

In our last OpenChain meeting, OSADL shared this prototype with the
working group. You might find it interesting, as a representation of
current thinking of how we might collect certification data.
User name: openchain
Password: buE93oaCw

If you don't submit at the end, Till assured us they would receive no
data. Also they would not be worried by test/hypothetical data you might
enter in trying out their prototype.


Jim Hutchison
OpenChain mailing list

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

Join to automatically receive all group messages.