Re: OSADL demo for consideration of certification prototype -- OpenChain agenda 12/7


Shane Martin Coughlan <shane@...>
 

Hi Dave

I wanted to chime in and note that this perspective aligns with what I have heard from larger companies in China, Japan and Korea with significant Open Source engagement. The general perception appears to be that improved ecosystem compliance offers long-term strategic benefits which offset the “cost" of reducing short-term individual company compliance process advantages.

Regards

Shane

On Jan 5, 2016, at 06:20 , Marr, David <dmarr@...> wrote:

Yes, much of what each of us might do in our company roles is often intended to benefit folks downstream through good compliance and some of those practices might be positive differentiators for a company, but the reason why we (or at least I) wish to make contributions to OpenChain is because we would happily trade those possible differentiators for the outcomes of better ecosystem compliance, shortened time-to-market, and cost savings.

Dave

-----Original Message-----
From: openchain-bounces@... [mailto:openchain-bounces@...] On Behalf Of RUFFIN, MICHEL (MICHEL)
Sent: Monday, January 04, 2016 12:54 PM
To: Jilayne Lovejoy; Hutchison, Jim
Cc: openchain@...
Subject: Re: [OpenChain] OSADL demo for consideration of certification prototype -- OpenChain agenda 12/7

Well we consider our FOSS process as a competitive advantage toward our competitors, this does not mean that we do not want anybody to reach this level. But the day Openchain will issue a compliance system we should be able to prove that we are following all criteria. While it takes years to a big company to reach these criteria (we started our FOSS process in 2003).

Now our customers are asking questions on this topics and we are happy to meet their expectations and from what they said it is not the case of some of our competitors. When they name an ALU product, we are able to provide them the list of FOSS included in it, the license and take guarantees on FOSS IPR issues. We also provide them a package to respect FOSS license obligations.

I cannot guarantee this is 100% true but perhaps 70% to 80% and we are trying to reach 100% (I am trying at this stage to get the 100%, it is very difficult to do this in a big company)

So yes we are doing this to be competitive and yes we do it to respect the law, but Alcatel-Lucent wish to be a good citizen, we get a lot of advantage in using open source, but recognize that there is a philosophy behind open source and we want to respect it. In the training for our FOSS experts we say "respecting the FOSS obligations is not only a matter of law it is also respecting a philosophy, if you cannot respect the FOSS license obligations, do not use it"

Michel

Michel
Michel.Ruffin@..., PhD
Software Coordination Manager, COO - B&ITT Distinguished Member of Technical Staff Tel +33 6 75 25 21 94 Alcatel-Lucent International, Centre de Villarceaux - France


-----Message d'origine-----
De : Jilayne Lovejoy [mailto:Jilayne.Lovejoy@...]
Envoyé : lundi 4 janvier 2016 18:57
À : Jim Hutchison; RUFFIN, MICHEL (MICHEL)
Cc : openchain@...
Objet : Re: [OpenChain] OSADL demo for consideration of certification prototype -- OpenChain agenda 12/7

Hi Michel, Jim,

I wanted to highlight something Michel said that I find interesting: "We consider our process as a competitive advantage…” - this seems to be counter-intuitive to the whole goal of OpenChain. If companies (still) thought that good process around the management of open source software was a competitive advantage, I don’t think we’d have been able to even get OpenChain off the ground as a concept. My feeling or observation is that companies have evolved past this belief and realized that to facilitate trust in the software supply chain we need to have transparency around how open source software is managed - just having the software bill of materials with no insight on how it was generated is not enough. Good open source management should not be a competitive advantage - no one benefits by that. Of course, as Michel and Jim raised and also has been discussed on the calls, the extent of sharing need not include confidential information (unless mutually agreed upon by the relevant parties, of course).

Anyway, I may have read Michel’s words too broadly or strictly (sorry, Michel, if so!) but I thought it was a good opportunity, in any case, to acknowledge the evolution of how the use of open source software in corporations is viewed - we’ve come a long way!

Jilayne


On 12/18/15, 11:40 AM, "openchain-bounces@... on behalf of Jim Hutchison" <openchain-bounces@... on behalf of hutch@...> wrote:

Hi Michel,

These are helpful observations, as we are looking for a solution folks would want to use productively.
In considering OpenChain, we should be able to steer clear of contract/agreement terms. This will be good to keep an eye on as we proceed in formulating the certification questions.

The group discussion appears to be trending towards using such an on-line mechanism, and with text crafted from the OpenChain text. Ideally we will make the questions flexible to many business processes, while retaining inquiry to illuminate adherence to the core concerns.

Thanks,

Jim Hutchison
Qualcomm Technologies, Inc.

At 02:04 AM 12/10/2015, RUFFIN, MICHEL (MICHEL) wrote:
Jim, I look at the questionnaire
1) the question are not formulated very clearly and are not always
applying to Alcatel-Lucent, because we use different solutions that the
one represented in the questionnaire
2) the questionnaire is asking to link documents on our process. We
consider our process as a competitive advantage and cannot disclose the
details like this and second there is confidential information in it on
the way we interprete licenses, the deal we have with some foss
suppliers to interprete their license differently or on our patent, so
I cannot link documents

Michel
Michel.Ruffin@..., PhD
Software Coordination Manager, COO - B&ITT Distinguished Member of
Technical Staff Tel +33 6 75 25 21 94 Alcatel-Lucent International,
Centre de Villarceaux - France

-----Message d'origine-----
De : Jim Hutchison [mailto:hutch@...] Envoyé : jeudi 10
décembre 2015 01:18 À : RUFFIN, MICHEL (MICHEL); RUFFIN, MICHEL
(MICHEL) Objet : OSADL demo for consideration of certification
prototype -- [OpenChain] OpenChain agenda 12/7

Hi Michel,

In our last OpenChain meeting, OSADL shared this prototype with the
working group. You might find it interesting, as a representation of
current thinking of how we might collect certification data.

https://www.foss-slca.org
User name: openchain
Password: buE93oaCw

If you don't submit at the end, Till assured us they would receive no
data. Also they would not be worried by test/hypothetical data you
might enter in trying out their prototype.

Regards,

Jim Hutchison
_______________________________________________
OpenChain mailing list
OpenChain@...
https://lists.linuxfoundation.org/mailman/listinfo/openchain


IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
_______________________________________________
OpenChain mailing list
OpenChain@...
https://lists.linuxfoundation.org/mailman/listinfo/openchain
_______________________________________________
OpenChain mailing list
OpenChain@...
https://lists.linuxfoundation.org/mailman/listinfo/openchain

Join main@lists.openchainproject.org to automatically receive all group messages.