Re: Hello World!


Jeremiah Foster <jeremiah.foster@...>
 




On Thu, Aug 28, 2014 at 3:28 PM, Marr, David <dmarr@...> wrote:
>
>
> On Aug 28, 2014, at 1:39 AM, Jeremiah Foster <jeremiah.foster@...> wrote:
>
> > Hello,
> >
> > Firstly, and most importantly, I'd really like to thank those who've done the organization and brainstorming to get this list and idea off the ground. I know there are a lot of people behind the scenes at the Linux Foundation and other places who've done a lot of important work. Thank you.
>
> Echoing the thanks to the LF for kindly hosting the WG.
>
> > Secondly, I have some concern around cadence. Telephone meetings once every week require momentum, otherwise its just a bit of conversation and while that is always good, it doesn't show much progress. I'd recommend once every other week unless its demonstrated that more is needed. If we stick to once a week, the project will likely have to have some project management -- milestones, deliverables, deadlines. There are already a lot of resources for people to discuss compliance, FSF compliance lists, FSFE legal, Debian-legal, etc. We don't need another list, we need codified methodology that's widely accepted both de facto and de jure.
>
> Could not agree more.  BTW in addition to Mike’s support on hosting the discussion, we already have a PM on this list.  Kelly Williams is not an open source expert but here for the PM aspect.  We must not allow this to devolve into another list.

Excellent news, hello Kelly! If I can be a PM resource in anyway, taking minutes, issue tracking, what have you, please let me know.

>
> > Lastly, I'd strongly urge all of us to kill our darlings. We need to not try and chose technology winners.  For example, while SPDX looks great, its not widely adopted. Debian has its own format and Yocto is using SPDX version 1.1. Its hard to use, has numerous supported versions (1.1, 1.2 and 2.0 in development) and feels a bit like a solution looking for a problem. Being Java based (there is Go code and python code now) its better suited for those working in a Windows environment and while I'm certain that is a highly lucrative market, for Free Software developers it tends to be anathema. If SPDX is the right and only ISO certifiable solution, we ought to be able to demonstrate that in detail and with strong technical and legal support.
>
> Agreed re no sacred cows.  SPDX has a lot of thought built into it already by folks who understand the way software moves through software companies, hence the initial comments.
>
> Towards offering some initial thoughts re attribution formats, would think we’d want a format that (1) allows easy reuse, (2) automation potential via metadata-tagged fields, (3) essential data types defined, (4) a data schema that allows file-level tracking, and (5) integratability with the most popular version control systems.  Probably more comes to mind by others.

+1

> Would you be willing to work with Jilayne and others on the Workstream-still-to-be-formed on the appropriate options?

I'm more than happy to provide time and resources to the workstream; I'm invested in OpenChain, I see it as a great opportunity to mitigate the last major hurdle to FOSS adoption.

> > To be successful, you'll have to be widely adopted. This is the exact same measure of success FOSS software projects have to meet. The recent migration of systemd into Debian forcing Ubuntu to migrate away from Upstart ought to be a cautionary tale: forks often fail.
> >
> > Please don't fork the compliance process. Please make it better, standardized, and transparent.
>
> Again, could not agree more.  As a separate note re Workstreams — a possible way for us to approach that is to first have a top level discussion on the desired characteristics of the needed elements before breaking that discussion off, into its Workstream.  This discussion is an example.

I agree and am heartened by the fact that so many on the list seem already well prepared, have thought about the issues and are stakeholders. That can be hard to measure at distance over the phone but I'm grateful to your response and Mark Gisi's which show this list has great potential.

Regards,

Jeremiah

Join main@lists.openchainproject.org to automatically receive all group messages.