Re: Slides


Dave Marr
 

These comments resonate with me as well.  As an attempt to capture the two related but distinct discussions on this point so far I’m seeing proposals to:

 

·         Build a pre-set, standard time duration for an entity’s OpenChain Certification.  An annual duration was proposed. Additional justification for setting a duration is because over time the person(s) in the FOSS Compliance Role might transition from that role, whether leaving the entity or changing job responsibilities within the entity.

 

·         Consider either a distinction for companies that have been purchased or provide a period (such as three to six months) for the certifying company to certify that the new “subsidiary” can be considered compliant.

 

On the second point, I’m attracted to the suggestion of making a distinction.  Perhaps any OpenChain Certification should extend to the entity and its subsidiaries at the time of certification (a snapshot in time), without automatic application to new subs, until the next annual(?) certification?

 

Dave

 

From: openchain-bounces@... [mailto:openchain-bounces@...] On Behalf Of Radcliffe, Mark
Sent: Monday, June 06, 2016 1:01 PM
To: Armijn Hemel - Tjaldur Software Governance Solutions <armijn@...>; openchain@...
Subject: Re: [OpenChain] Slides

 

If the certification includes an identification of the person who is responsible (and I think that it should), I suggest that one requirement of certification is that they keep someone in that role during the period of certification.

 

From: openchain-bounces@... [mailto:openchain-bounces@...] On Behalf Of Armijn Hemel - Tjaldur Software Governance Solutions
Sent: Monday, June 06, 2016 12:14 PM
To: openchain@...
Subject: Re: [OpenChain] Slides

 

On 06-06-16 21:03, Michael Dolan wrote:

One issue I know happens in supply chains based on hearing stories is that the person responsible for open source software compliance may leave the company, take a new role, etc and the company does not backfill them.


This is *so* true and a major reason to put a time limit on certification.

armijn

 

-- 
Armijn Hemel, MSc
Tjaldur Software Governance Solutions

Please consider the environment before printing this email.

The information contained in this email may be confidential and/or legally privileged. It has been sent for the sole use of the intended recipient(s). If the reader of this message is not an intended recipient, you are hereby notified that any unauthorized review, use, disclosure, dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please reply to the sender and destroy all copies of the message. To contact us directly, send to postmaster@.... Thank you.

Join main@lists.openchainproject.org to automatically receive all group messages.