Re: Proposal - OpenChain Quality of Conformance Assessment Levels (including a sub-proposal for tooling quality assessment levels)


It does appear this mental model can provide an avenue forward.

Speculation: if the market(s) dictate various concepts of evolution, we will probably see differentiation by sector regarding preferred evolution paths. For example, what aerospace and defense sees as natural may be alien to automotive, despite neither sector being better or worse in where they land. This applies with perhaps greater contrast when we consider sectors like consumer electronics or consumables. When a cigarette company (for example) thinks about continual evolution of their compliance program, where they land will probably be significantly different to where a global phone-maker lands.

This is no bad thing. It provides plenty space for user-company groupings or third-party certifiers to model grading for open source license compliance programs. And it does not undermine the fact that OpenChain ISO 5230 defines the key requirements of a quality open source compliance program.

On Aug 26, 2021, at 6:22, Christopher Wood <cvw01@...> wrote:

Hello all
This is a great discussion.  I do like Jacob's suggestion with some simple notation that indicates that the "levels" or whatever you call them are cumulative going from the base (Level 1 up through Level 4).  I also believe that formal adoption of each level's requirements will become necessary for any "vendor or supplier" due to market demands and agree with Shane that they should probably not be dictated by the OpenChain Project.  To show that the additive features of the Chart 10 could be added to an inverted stack of the levels. (Level 1 is foundational to the concept and building on Level 1 gives you advanced capabilities as a 4th column.

Join to automatically receive all group messages.