Re: OpenChain agenda 5/16
I may not be able to attend the upcoming Monday OpenChain meeting (6/6) so here are my comments to address Jeremiah’s two concerns.
>> I would like to hear something from OpenChain regarding vendor neutrality in the proposals section.
One of the core principles that guided the drafting of the first version of the spec was that the requirements should focus solely on *what* and *why* aspects of a FOSS compliance program and not the *how* and *when*. To quote the spec draft (which is attached):
“The requirements represent a base level (minimum) set of requirements a program must satisfy to be considered OpenChain compliant. The specification focuses on the “what” and “why” qualities of a compliance program as opposed to the “how” and “when” considerations. This ensures a practical level of flexibility that enables different organizations to tailor their policies and processes to best fit their objectives.”
It is important to note that the spec is NOT a best practice guide. It represents a core set of requirements that a quality FOSS compliance program should satisfy. The “What and Why” principle supports the ability to allow multiple different “how and when” FOSS program implementations to successfully coexist. This approach accommodates the neutrality consideration you raised. Also worth noting - the group that drafted the first version of the spec functioned like an open source project by openly obtaining input from dozens of companies and organizations. There was no specific criteria to participate. It is for these reasons I believe the first draft of the spec was able to successful preserve organization neutrality.
>> … have resources on community compliance that perhaps might be reused in some way perhaps
The development of the spec is open to all. A lot of feedback from many perspectives was considered. There was no shortage of recommendations and considerations including points similar to the ones covered in the above GPL compliance guide. Note that the spec and the guide, although related and complimentary, serve different objectives. Another spec guiding principle was for the requirements was not to provide legal interpretation. Such interpretations are delegated to the respective organizations (part of the how and when). The GPL guide represents a good example of a “How and When” set of procedures with a special focus on compliance of a specific set of FOSS licenses, which is complimentary with the OpenChain spec. Since the spec’s evolution will continue to function similar to an open source project, which resources are considered will dependent upon i) who decides to participate (scratch an itch) and ii) what resources they bring to the discussion. The approach taken supports the situation where if the spec is found to be lacking in some way, and that existing relevant public resources exist, that they would be offered up to guide its remediation.
From: openchain-bounces@... [mailto:openchain-bounces@...]
On Behalf Of Jeremiah Foster
On Wed, May 18, 2016 at 1:40 AM, Williams, Kelly <kellyw@...> wrote:
The presentation and minutes are posted on the wiki https://wiki.linuxfoundation.org/openchain/minutes.
Thank you Kelly for the minutes and slides -- this is much appreciated.
1. I would like to hear something from OpenChain regarding vendor neutrality in the proposals section. I think it is implied somewhat, but I don't think it would hurt to make this explicit. By vendor neutrality I mean that no particular company, or particular company process, or even a particular community process, is considered the orthodoxy. This allows for greater balance of the "permissive" and "copyleft" dichotomy which I think is also mirrored in the "open source" and "free software" community. That dichotomy is confusing to many companies and ought to be ameliorated as much as it can be and I think neutrality and focus on pragmatic aspects of compliance will best serve those companies involved in open source and hopefully improve the number that are in compliance with all FOSS licenses.
2. I think there have been some important changes in compliance since OpenChain was founded that would be nice for OpenChain to address proactively, namely the community compliance process. This process, largely made public last year, is exemplified by sites like this one: http://copyleft.org/guide/comprehensive-gpl-guidepa2.html but not limited to this. Both the SFC and FSF have resources on community compliance that perhaps might be reused in some way perhaps.
Lastly, thanks everyone for the clear, and clearly communicated proposals. I think this is hugely important for widespread adoption.