Re: OSADL demo for consideration of certification prototype -- OpenChain agenda 12/7
Yes, much of what each of us might do in our company roles is often intended to benefit folks downstream through good compliance and some of those practices might be positive differentiators for a company, but the reason why we (or at least I) wish to make contributions to OpenChain is because we would happily trade those possible differentiators for the outcomes of better ecosystem compliance, shortened time-to-market, and cost savings.toggle quoted messageShow quoted text
From: openchain-bounces@... [mailto:openchain-bounces@...] On Behalf Of RUFFIN, MICHEL (MICHEL)
Sent: Monday, January 04, 2016 12:54 PM
To: Jilayne Lovejoy; Hutchison, Jim
Subject: Re: [OpenChain] OSADL demo for consideration of certification prototype -- OpenChain agenda 12/7
Well we consider our FOSS process as a competitive advantage toward our competitors, this does not mean that we do not want anybody to reach this level. But the day Openchain will issue a compliance system we should be able to prove that we are following all criteria. While it takes years to a big company to reach these criteria (we started our FOSS process in 2003).
Now our customers are asking questions on this topics and we are happy to meet their expectations and from what they said it is not the case of some of our competitors. When they name an ALU product, we are able to provide them the list of FOSS included in it, the license and take guarantees on FOSS IPR issues. We also provide them a package to respect FOSS license obligations.
I cannot guarantee this is 100% true but perhaps 70% to 80% and we are trying to reach 100% (I am trying at this stage to get the 100%, it is very difficult to do this in a big company)
So yes we are doing this to be competitive and yes we do it to respect the law, but Alcatel-Lucent wish to be a good citizen, we get a lot of advantage in using open source, but recognize that there is a philosophy behind open source and we want to respect it. In the training for our FOSS experts we say "respecting the FOSS obligations is not only a matter of law it is also respecting a philosophy, if you cannot respect the FOSS license obligations, do not use it"
Software Coordination Manager, COO - B&ITT Distinguished Member of Technical Staff Tel +33 6 75 25 21 94 Alcatel-Lucent International, Centre de Villarceaux - France
De : Jilayne Lovejoy [mailto:Jilayne.Lovejoy@...]
Envoyé : lundi 4 janvier 2016 18:57
À : Jim Hutchison; RUFFIN, MICHEL (MICHEL)
Cc : openchain@...
Objet : Re: [OpenChain] OSADL demo for consideration of certification prototype -- OpenChain agenda 12/7
Hi Michel, Jim,
I wanted to highlight something Michel said that I find interesting: "We consider our process as a competitive advantage…” - this seems to be counter-intuitive to the whole goal of OpenChain. If companies (still) thought that good process around the management of open source software was a competitive advantage, I don’t think we’d have been able to even get OpenChain off the ground as a concept. My feeling or observation is that companies have evolved past this belief and realized that to facilitate trust in the software supply chain we need to have transparency around how open source software is managed - just having the software bill of materials with no insight on how it was generated is not enough. Good open source management should not be a competitive advantage - no one benefits by that. Of course, as Michel and Jim raised and also has been discussed on the calls, the extent of sharing need not include confidential information (unless mutually agreed upon by the relevant parties, of course).
Anyway, I may have read Michel’s words too broadly or strictly (sorry, Michel, if so!) but I thought it was a good opportunity, in any case, to acknowledge the evolution of how the use of open source software in corporations is viewed - we’ve come a long way!
On 12/18/15, 11:40 AM, "openchain-bounces@... on behalf of Jim Hutchison" <openchain-bounces@... on behalf of hutch@...> wrote:
These are helpful observations, as we are looking for a solution folks would want to use productively.
In considering OpenChain, we should be able to steer clear of contract/agreement terms. This will be good to keep an eye on as we proceed in formulating the certification questions.
The group discussion appears to be trending towards using such an on-line mechanism, and with text crafted from the OpenChain text. Ideally we will make the questions flexible to many business processes, while retaining inquiry to illuminate adherence to the core concerns.
Qualcomm Technologies, Inc.
At 02:04 AM 12/10/2015, RUFFIN, MICHEL (MICHEL) wrote:
Jim, I look at the questionnaire_______________________________________________
OpenChain mailing list
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
OpenChain mailing list