Re: comments on OpenChain Compliance 2016-H1 Specification

J Lovejoy

I think we decided on the call today to use "conformance" and "conforms to" in the spec so the FAQs will need to also be updated to reflect that change. 

Sent from my phone, please excuse my brevity

On Jun 20, 2016, at 7:11 PM, Karen Sandler <karen@...> wrote:

On 2016-06-20 19:03, Mike Linksvayer wrote:
+1 to all of Karen's comments.
I've been finding the double usage of compliance in this context
confusing, both for people I'm talking to, and for me -- I'm not
confident they get it. Conformance seems like the right word for
OpenChain, but not only to remove double
[3] explains why ISO 9000 uses "conformity" rather than "compliance"
(but not why "conformity" rather than "conformance"; latter seems
adequate to me). Final paragraph:
_Conformity_ can be viewed as internally driven, such as our
voluntary, consensus-based standards. _Compliance_ can be viewed as
externally imposed. So, we should use _conformity_, not conformance or
compliance, when referring to fulfilling product and process
requirements. Of course, if customers impose conformity to ISO 9001,
your organization may feel like it has to _comply_ rather
than _conform_.
Conform[ance] seems right for OpenChain, compliance for open source licenses.

Reviewing the FAQ, I think it all looks even more confusing with the double meaning of the term compliance. For example:

"Does all software in an organization need to be covered by an OpenChain Compliance program to achieve program compliance?"


OpenChain mailing list

Join to automatically receive all group messages.