Re: OpenChain agenda 5/16

Mark Gisi

I may not be able to attend the upcoming Monday OpenChain meeting (6/6) so here are my comments to address Jeremiah’s two concerns.





Hi Jeremiah,


>> I would like to hear something from OpenChain regarding vendor neutrality in the proposals section. 


One of the core principles that guided the drafting of the first version of the spec was that the requirements should focus solely on  *what* and *why* aspects of a FOSS compliance program and not the *how* and *when*. To quote the spec draft (which is attached):

The requirements represent a base level (minimum) set of requirements a program must satisfy to be considered OpenChain compliant. The specification focuses on the “what” and “why” qualities of a compliance program as opposed to the “how” and “when” considerations. This ensures a practical level of flexibility that enables different organizations to tailor their policies and processes to best fit their objectives.”


It is important to note that the spec is NOT a best practice guide. It represents a core set of requirements that a quality  FOSS compliance program should satisfy. The “What and Why” principle supports the ability to allow multiple different “how and when” FOSS program implementations to successfully coexist. This approach accommodates the neutrality consideration you raised. Also worth noting - the group that drafted the first version of the spec functioned like an open source project by openly obtaining input from  dozens of companies and organizations. There was no specific criteria to participate. It is for these reasons I believe the first draft of the spec was able to successful preserve organization neutrality.



>> …

>> … have resources on community compliance that perhaps might be reused in some way perhaps


The development of the spec is open to all.  A lot of feedback from many perspectives was considered. There was no shortage of recommendations and considerations including points similar to the ones covered in the above GPL compliance guide. Note that the spec and the guide, although related and complimentary, serve different objectives. Another spec guiding principle was for the requirements was not to provide legal interpretation. Such interpretations are delegated to the respective organizations (part of the how and when). The GPL guide represents a good example of a “How and When” set of procedures with a special focus on compliance of a specific set of FOSS licenses, which is complimentary  with the OpenChain spec. Since the spec’s evolution will continue to function similar to an open source project, which resources are considered will dependent upon i) who decides to participate  (scratch an itch) and ii) what resources they bring to the discussion. The approach taken supports the situation where if the spec is found to be lacking in some way, and that existing relevant public resources exist, that they would be offered up to guide its remediation.






From: openchain-bounces@... [mailto:openchain-bounces@...] On Behalf Of Jeremiah Foster
Sent: Wednesday, May 18, 2016 3:31 AM
To: Williams, Kelly
Cc: openchain@...
Subject: Re: [OpenChain] OpenChain agenda 5/16




On Wed, May 18, 2016 at 1:40 AM, Williams, Kelly <kellyw@...> wrote:

Hi Everyone,


The presentation and minutes are posted on the wiki


Thank you Kelly for the minutes and slides -- this is much appreciated.


My feedback;


1. I would like to hear something from OpenChain regarding vendor neutrality in the proposals section. I think it is implied somewhat, but I don't think it would hurt to make this explicit. By vendor neutrality I mean that no particular company, or particular company process, or even a particular community process, is considered the orthodoxy. This allows for greater balance of the "permissive" and "copyleft" dichotomy which I think is also mirrored in the "open source" and "free software" community. That dichotomy is confusing to many companies and ought to be ameliorated as much as it can be and I think neutrality and focus on pragmatic aspects of compliance will best serve those companies involved in open source and hopefully improve the number that are in compliance with all FOSS licenses.


2. I think there have been some important changes in compliance since OpenChain was founded that would be nice for OpenChain to address proactively, namely the community compliance process. This process, largely made public last year, is exemplified by sites like this one: but not limited to this. Both the SFC and FSF have resources on community compliance that perhaps might be reused in some way perhaps.


Lastly, thanks everyone for the clear, and clearly communicated proposals. I think this is hugely important for widespread adoption.







Let me know if I missed anything or if you have any questions.





From: openchain-bounces@... [mailto:openchain-bounces@...] On Behalf Of Williams, Kelly
Sent: Friday, May 13, 2016 3:51 PM
To: openchain@...
Subject: [OpenChain] OpenChain agenda 5/16


Note: new time and phone bridge info


Hi Everyone,


Here is the agenda for Mon, 5/2 16 at 5pm (PST):


·         Domain name survey results

·         Curriculum

·         Specification


Join the call:

Optional dial in number: 877-297-7470

Alternate number: 512-910-4433

No PIN needed


If you need to use a local phone number, please consult:

for the specific country numbers.


1. Dial the local number based on your location.

2. Enter 512 910 4433, then #.






OpenChain mailing list



Jeremiah C. Foster



Pelagicore AB

Ekelundsgatan 4, 6tr, SE-411 18
Gothenburg, Sweden

M: +46 (0)73 093 0506

Join to automatically receive all group messages.