Date   

OpenChain Specification Work Team - Fourth Monday Call - Mon, 2020-09-28 5:00pm-6:00pm #cal-reminder

main@lists.openchainproject.org Calendar <main@...>
 

Reminder: OpenChain Specification Work Team - Fourth Monday Call

When: Monday, 28 September 2020, 5:00pm to 6:00pm, (GMT-07:00) America/Los Angeles

Where:Zoom - https://us02web.zoom.us/j/9990120120?pwd=NzVCaFE2L1RRRFZaSkk0dm8xdlplUT09

View Event

Organizer: Shane Coughlan scoughlan@...

Description:

Join Zoom Meeting ( https://us02web.zoom.us/j/9990120120?pwd=NzVCaFE2L1RRRFZaSkk0dm8xdlplUT09 )
Meeting ID: 999 012 0120
Password: 123456


Software-defined vertical industries: transformation through open source

 


Re: Helping to improve our web-app (translations)

Haksung
 

Hi Shane!

I sent a PR for Korean translation of the preamble : https://github.com/OpenChain-Project/Online-Self-Certification-Web-App/pull/181

Best Regards,
Haksung

On Sep 23, 2020 2:45 PM +0900, Shane Coughlan <scoughlan@...>, wrote:
Translation time for our web app!

Hey everyone! We have added a new preamble to make it easier to understand the beginning of the online self-certification questionnaire.

Can you help translate it into Korean, Chinese (both types), Japanese and German?
https://github.com/OpenChain-Project/Online-Self-Certification-Web-App/pull/180

You do not need to go onto GitHub if you are not used to it. I just need a translation for:
"We recommend having a look at the OpenChain Reference Training Slides and the OpenChain Reference Policy Template before undergoing Self-Certification. It will help frame the questions that follow."

Shane





Antwort: [germany-wg] Helping to improve our web-app (translations)

Stefan Thanheiser
 

Hi all,
Hi Shane,

I would translate the sentence
"We recommend having a look at the OpenChain Reference Training Slides and the OpenChain Reference Policy Template before undergoing Self-Certification. It will help frame the questions that follow."
into German as follows:
"Wir empfehlen Ihnen, einen Blick in die Trainingsunterlagen und das 'Policy Template' aus dem OpenChain-Referenzmaterial zu werfen, bevor Sie die Selbst-Zertifizierung vornehmen. Dies wird Sie bei der Beantwortung der folgenden Fragen unterstützen."

Does anyone have a better suggestion?

Kind regards,

Stefan



Stefan Thanheiser

Fiducia & GAD IT AG
IT Governance / Asset, Lizenz und Procurement
Telefon +49 721 4004-1860
Mobil +49 170 3304133
E-Mail stefan.thanheiser@...



Fiducia & GAD IT AG | www.fiduciagad.de
AG Frankfurt a. M. HRB 102381 | Sitz der Gesellschaft: Frankfurt a. M. | USt-IdNr. DE 143582320
Vorstand: Martin Beyer (Vorstandssprecher), Ulrich Coenen, Birgit Frohnhoff, Jörg Staff
Vorsitzender des Aufsichtsrats: Jürgen Brinkmann





"Shane Coughlan" ---23.09.2020 07:44:51---Translation time for our web app! Hey everyone! We have added a new preamble to make it easier to un

Von: "Shane Coughlan" <scoughlan@...>
An: OpenChain Main <main@...>
Kopie: OpenChain Japan <japan-wg@...>, OpenChain Germany <germany-wg@...>, OpenChain Korea <korea-wg@...>, OpenChain Taiwan <taiwan-wg@...>
Datum: 23.09.2020 07:44
Betreff: [germany-wg] Helping to improve our web-app (translations)
Gesendet von: germany-wg@...





Translation time for our web app!

Hey everyone! We have added a new preamble to make it easier to understand the beginning of the online self-certification questionnaire.

Can you help translate it into Korean, Chinese (both types), Japanese and German?
https://github.com/OpenChain-Project/Online-Self-Certification-Web-App/pull/180

You do not need to go onto GitHub if you are not used to it. I just need a translation for:
"We recommend having a look at the OpenChain Reference Training Slides and the OpenChain Reference Policy Template before undergoing Self-Certification. It will help frame the questions that follow."

Shane







Helping to improve our web-app (translations)

 

Translation time for our web app!

Hey everyone! We have added a new preamble to make it easier to understand the beginning of the online self-certification questionnaire.

Can you help translate it into Korean, Chinese (both types), Japanese and German?
https://github.com/OpenChain-Project/Online-Self-Certification-Web-App/pull/180

You do not need to go onto GitHub if you are not used to it. I just need a translation for:
"We recommend having a look at the OpenChain Reference Training Slides and the OpenChain Reference Policy Template before undergoing Self-Certification. It will help frame the questions that follow."

Shane


Re: OpenChain Korea Meeting #7 - 22nd of September from 2pm local time

 

A reminder: we go live in 20 minutes! 

On Sep 4, 2020, at 16:01, Shane Coughlan <scoughlan@...> wrote:


<Screen Shot 2020-09-04 at 15.58.10.png>
Exciting news! All welcome. I will be opening with a summary of our current status…this is the day our ISO voting process wraps up!

Regards

Shane


OpenChain Bi-Weekly Webinar - Mon, 2020-09-21 #cal-notice

main@lists.openchainproject.org Calendar <noreply@...>
 

OpenChain Bi-Weekly Webinar

When:
Monday, 21 September 2020
5:00pm to 6:00pm
(GMT-07:00) America/Los Angeles

Where:
https://us02web.zoom.us/j/9990120120?pwd=NzVCaFE2L1RRRFZaSkk0dm8xdlplUT09

Organizer:
scoughlan@... 00818040358083

Description:
This is part of the bi-weekly OpenChain Webinar series. Every two weeks we have international speakers covering a wide range of topics related to practical open source compliance challenges, solutions and considerations. You can learn more about this series here: https://www.openchainproject.org/webinars-interviews

Join Our Zoom Meeting

One Tap Telephone (no screensharing)

  • +358 9 4245 1488,,9990120120# Finland
  • +33 7 5678 4048,,9990120120# France
  • +49 69 7104 9922,,9990120120# Germany
  • +852 5808 6088,,9990120120# Hong Kong
  • +39 069 480 6488,,9990120120# Italy
  • +353 6 163 9031,,9990120120# Ireland
  • +81 524 564 439,,9990120120# Japan
  • +82 2 6105 4111,,9990120120# Korea
  • +34 917 873 431,,9990120120# Spain
  • +46 850 539 728,,9990120120# Sweden
  • +41 43 210 71 08,,9990120120# Switzerland
  • +44 330 088 5830,,9990120120# UK
  • +16699006833,,9990120120# US (San Jose)
  • +12532158782,,9990120120# US

Find your local number: https://zoom.us/u/abeUqy3kYQ
Not all countries have available numbers.

After dialing the local number enter 9990120120#


OpenChain Bi-Weekly Webinar - Mon, 2020-09-21 5:00pm-6:00pm #cal-reminder

main@lists.openchainproject.org Calendar <main@...>
 

Reminder: OpenChain Bi-Weekly Webinar

When: Monday, 21 September 2020, 5:00pm to 6:00pm, (GMT-07:00) America/Los Angeles

Where:https://us02web.zoom.us/j/9990120120?pwd=NzVCaFE2L1RRRFZaSkk0dm8xdlplUT09

View Event

Organizer: Shane Coughlan scoughlan@... 00818040358083

Description: This is part of the bi-weekly OpenChain Webinar series. Every two weeks we have international speakers covering a wide range of topics related to practical open source compliance challenges, solutions and considerations. You can learn more about this series here: https://www.openchainproject.org/webinars-interviews

Join Our Zoom Meeting

One Tap Telephone (no screensharing)

  • +358 9 4245 1488,,9990120120# Finland
  • +33 7 5678 4048,,9990120120# France
  • +49 69 7104 9922,,9990120120# Germany
  • +852 5808 6088,,9990120120# Hong Kong
  • +39 069 480 6488,,9990120120# Italy
  • +353 6 163 9031,,9990120120# Ireland
  • +81 524 564 439,,9990120120# Japan
  • +82 2 6105 4111,,9990120120# Korea
  • +34 917 873 431,,9990120120# Spain
  • +46 850 539 728,,9990120120# Sweden
  • +41 43 210 71 08,,9990120120# Switzerland
  • +44 330 088 5830,,9990120120# UK
  • +16699006833,,9990120120# US (San Jose)
  • +12532158782,,9990120120# US

Find your local number: https://zoom.us/u/abeUqy3kYQ
Not all countries have available numbers.

After dialing the local number enter 9990120120#


OpenChain Bi-Weekly Webinar - Mon, 2020-09-21 5:00pm-6:00pm #cal-reminder

main@lists.openchainproject.org Calendar <main@...>
 

Reminder: OpenChain Bi-Weekly Webinar

When: Monday, 21 September 2020, 5:00pm to 6:00pm, (GMT-07:00) America/Los Angeles

Where:https://us02web.zoom.us/j/9990120120?pwd=NzVCaFE2L1RRRFZaSkk0dm8xdlplUT09

View Event

Organizer: Shane Coughlan scoughlan@... 00818040358083

Description: This is part of the bi-weekly OpenChain Webinar series. Every two weeks we have international speakers covering a wide range of topics related to practical open source compliance challenges, solutions and considerations. You can learn more about this series here: https://www.openchainproject.org/webinars-interviews

Join Our Zoom Meeting

One Tap Telephone (no screensharing)

  • +358 9 4245 1488,,9990120120# Finland
  • +33 7 5678 4048,,9990120120# France
  • +49 69 7104 9922,,9990120120# Germany
  • +852 5808 6088,,9990120120# Hong Kong
  • +39 069 480 6488,,9990120120# Italy
  • +353 6 163 9031,,9990120120# Ireland
  • +81 524 564 439,,9990120120# Japan
  • +82 2 6105 4111,,9990120120# Korea
  • +34 917 873 431,,9990120120# Spain
  • +46 850 539 728,,9990120120# Sweden
  • +41 43 210 71 08,,9990120120# Switzerland
  • +44 330 088 5830,,9990120120# UK
  • +16699006833,,9990120120# US (San Jose)
  • +12532158782,,9990120120# US

Find your local number: https://zoom.us/u/abeUqy3kYQ
Not all countries have available numbers.

After dialing the local number enter 9990120120#


Re: License issue on linuximq

G, Rahul Mohan
 

Hi Joel,

 

Yes, that is what I inferred.

 

Regards,

Rahul

 

From: main@... <main@...> On Behalf Of ???(Joel)
Sent: Saturday, September 19, 2020 12:20 PM
To: main@...
Subject: Re: [openchain] License issue on linuximq

 

Hi Rahul. Thanks for the clue. A member of our team also noticed this commit. So just I assume your opinion is that it should be GPLv2+ since they intentionally changed the text, right?

 

Joel Cao

Engineer

Open Source Program Office | OPPO

+86-13817587682

 

 



2020919 14:42G, Rahul Mohan via lists.openchainproject.org <rahul.g=siemens.com@...> 写道:

 

Dear Joel and Carlo, 

 

They have changed the license. 

 

 

<image001.png>

 

Regards,

Rahul

From: main@... <main@...> On Behalf Of Carlo Piana
Sent: Friday, September 18, 2020 4:26 PM
To: main@...
Subject: Re: [openchain] License issue on linuximq

 

Dear Joel,

 

My take in this case is that the specific licensing in the file trumps the overarching license for the project. I wonder if there is any contrarian views. Certainly they should have explained better what their intention was.

 

Actually I see they use GPL 2+, which is incidentally somewhat aligned, meaning that you can treat the software equally as 2+ or 3+. So perhaps the intention is to prefer the latter, but allow for the earlier version.

 

Cheers

 

Carlo

 

 

 


Da: "曹知渊(Joel)" <joel.cao@...>
A: "main@..." <main@...>
Inviato: Venerdì, 18 settembre 2020 12:39:06
Oggetto: [openchain] License issue on linuximq

Hello everyone.

 

We are considering using https://github.com/imq/linuximq in some product. The files are patches for Linux Kernel. But the license of this project seems a bit confusing. As stated in the README, the license is GPLv3+. GPLv3+ is not compatible with GPLv2 which means these patches should not be applied to Linux Kernel. But if you open the patches, you will find GPLv2 notice in there instead of GPLv3+. So can we just simply treat this project as a GPLv2’ed one? Thanks.

 

Joel Cao

Engineer

Open Source Program Office | OPPO

+86-13817587682

 

 

 


OPPO

 

电子邮件及其附件含OPPO公司的保密信息,仅限于邮件指明的收件人使用(包含个人及群组)。禁止任何人在未经授权的情况下以任何形式使用。如果您错收了本邮件,请立即以电子邮件通知发件人并删除本邮件及其附件。

This e-mail and its attachments contain confidential information from OPPO, which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction, or dissemination) by persons other than the intended recipient(s) is prohibited. If you receive this e-mail in error, please notify the sender by phone or email immediately and delete it!

 

 


Re: License issue on linuximq

曹知渊(Joel)
 

Hi Rahul. Thanks for the clue. A member of our team also noticed this commit. So just I assume your opinion is that it should be GPLv2+ since they intentionally changed the text, right?

Joel Cao
Engineer
Open Source Program Office | OPPO
+86-13817587682



2020年9月19日 14:42,G, Rahul Mohan via lists.openchainproject.org <rahul.g=siemens.com@...> 写道:

Dear Joel and Carlo, 
 
They have changed the license. 
 
 
<image001.png>
 
Regards,
Rahul
From: main@... <main@...> On Behalf Of Carlo Piana
Sent: Friday, September 18, 2020 4:26 PM
To: main@...
Subject: Re: [openchain] License issue on linuximq
 
Dear Joel,
 
My take in this case is that the specific licensing in the file trumps the overarching license for the project. I wonder if there is any contrarian views. Certainly they should have explained better what their intention was.
 
Actually I see they use GPL 2+, which is incidentally somewhat aligned, meaning that you can treat the software equally as 2+ or 3+. So perhaps the intention is to prefer the latter, but allow for the earlier version.
 
Cheers
 
Carlo
 
 
 

Da: "曹知渊(Joel)" <joel.cao@...>
A: "main@..." <main@...>
Inviato: Venerdì, 18 settembre 2020 12:39:06
Oggetto: [openchain] License issue on linuximq
Hello everyone.
 
We are considering using https://github.com/imq/linuximq in some product. The files are patches for Linux Kernel. But the license of this project seems a bit confusing. As stated in the README, the license is GPLv3+. GPLv3+ is not compatible with GPLv2 which means these patches should not be applied to Linux Kernel. But if you open the patches, you will find GPLv2 notice in there instead of GPLv3+. So can we just simply treat this project as a GPLv2’ed one? Thanks.
 
Joel Cao
Engineer
Open Source Program Office | OPPO
+86-13817587682
 
 
 

OPPO
 
电子邮件及其附件含OPPO公司的保密信息,仅限于邮件指明的收件人使用(包含个人及群组)。禁止任何人在未经授权的情况下以任何形式使用。如果您错收了本邮件,请立即以电子邮件通知发件人并删除本邮件及其附件。
This e-mail and its attachments contain confidential information from OPPO, which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction, or dissemination) by persons other than the intended recipient(s) is prohibited. If you receive this e-mail in error, please notify the sender by phone or email immediately and delete it!
 



Re: License issue on linuximq

G, Rahul Mohan
 

Dear Joel and Carlo,

 

They have changed the license.

 

 

 

Regards,

Rahul

From: main@... <main@...> On Behalf Of Carlo Piana
Sent: Friday, September 18, 2020 4:26 PM
To: main@...
Subject: Re: [openchain] License issue on linuximq

 

Dear Joel,

 

My take in this case is that the specific licensing in the file trumps the overarching license for the project. I wonder if there is any contrarian views. Certainly they should have explained better what their intention was.

 

Actually I see they use GPL 2+, which is incidentally somewhat aligned, meaning that you can treat the software equally as 2+ or 3+. So perhaps the intention is to prefer the latter, but allow for the earlier version.

 

Cheers

 

Carlo

 

 

 


Da: "曹知渊(Joel)" <joel.cao@...>
A: "main@..." <main@...>
Inviato: Venerdì, 18 settembre 2020 12:39:06
Oggetto: [openchain] License issue on linuximq

Hello everyone.

 

We are considering using https://github.com/imq/linuximq in some product. The files are patches for Linux Kernel. But the license of this project seems a bit confusing. As stated in the README, the license is GPLv3+. GPLv3+ is not compatible with GPLv2 which means these patches should not be applied to Linux Kernel. But if you open the patches, you will find GPLv2 notice in there instead of GPLv3+. So can we just simply treat this project as a GPLv2’ed one? Thanks.

 

Joel Cao

Engineer

Open Source Program Office | OPPO

+86-13817587682

 

 

 


OPPO

 

电子邮件及其附件含OPPO公司的保密信息,仅限于邮件指明的收件人使用(包含个人及群组)。禁止任何人在未经授权的情况下以任何形式使用。如果您错收了本邮件,请立即以电子邮件通知发件人并删除本邮件及其附件。

This e-mail and its attachments contain confidential information from OPPO, which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction, or dissemination) by persons other than the intended recipient(s) is prohibited. If you receive this e-mail in error, please notify the sender by phone or email immediately and delete it!

 


Re: License issue on linuximq

曹知渊(Joel)
 

Filed an issue several days ago but still waiting for reply. T_T

Joel Cao
Engineer
Open Source Program Office | OPPO
+86-13817587682



2020年9月18日 22:25,Manbeck, Jack via lists.openchainproject.org <j-manbeck2=ti.com@...> 写道:

I would contact the repo owner for clarification. In situations like this, that is what we normally do.
 
Best Regards,
 
Jack Manbeck
Texas Instruments
 
From: main@... [mailto:main@...] On Behalf Of Carlo Piana
Sent: Friday, September 18, 2020 6:56 AM
To: main@...
Subject: [EXTERNAL] Re: [openchain] License issue on linuximq
 
Dear Joel,
 
My take in this case is that the specific licensing in the file trumps the overarching license for the project. I wonder if there is any contrarian views. Certainly they should have explained better what their intention was.
 
Actually I see they use GPL 2+, which is incidentally somewhat aligned, meaning that you can treat the software equally as 2+ or 3+. So perhaps the intention is to prefer the latter, but allow for the earlier version.
 
Cheers
 
Carlo
 
 
 

Da: "曹知渊(Joel)" <joel.cao@...>
A: "main@..." <main@...>
Inviato: Venerdì, 18 settembre 2020 12:39:06
Oggetto: [openchain] License issue on linuximq
Hello everyone.
 
We are considering using https://github.com/imq/linuximq in some product. The files are patches for Linux Kernel. But the license of this project seems a bit confusing. As stated in the README, the license is GPLv3+. GPLv3+ is not compatible with GPLv2 which means these patches should not be applied to Linux Kernel. But if you open the patches, you will find GPLv2 notice in there instead of GPLv3+. So can we just simply treat this project as a GPLv2’ed one? Thanks.
 
Joel Cao
Engineer
Open Source Program Office | OPPO
+86-13817587682
 
 
 

OPPO
 
电子邮件及其附件含OPPO公司的保密信息,仅限于邮件指明的收件人使用(包含个人及群组)。禁止任何人在未经授权的情况下以任何形式使用。如果您错收了本邮件,请立即以电子邮件通知发件人并删除本邮件及其附件。
This e-mail and its attachments contain confidential information from OPPO, which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction, or dissemination) by persons other than the intended recipient(s) is prohibited. If you receive this e-mail in error, please notify the sender by phone or email immediately and delete it!
 



Re: License issue on linuximq

Manbeck, Jack
 

I would contact the repo owner for clarification. In situations like this, that is what we normally do.

 

Best Regards,

 

Jack Manbeck

Texas Instruments

 

From: main@... [mailto:main@...] On Behalf Of Carlo Piana
Sent: Friday, September 18, 2020 6:56 AM
To: main@...
Subject: [EXTERNAL] Re: [openchain] License issue on linuximq

 

Dear Joel,

 

My take in this case is that the specific licensing in the file trumps the overarching license for the project. I wonder if there is any contrarian views. Certainly they should have explained better what their intention was.

 

Actually I see they use GPL 2+, which is incidentally somewhat aligned, meaning that you can treat the software equally as 2+ or 3+. So perhaps the intention is to prefer the latter, but allow for the earlier version.

 

Cheers

 

Carlo

 

 

 


Da: "曹知渊(Joel)" <joel.cao@...>
A: "main@..." <main@...>
Inviato: Venerdì, 18 settembre 2020 12:39:06
Oggetto: [openchain] License issue on linuximq

Hello everyone.

 

We are considering using https://github.com/imq/linuximq in some product. The files are patches for Linux Kernel. But the license of this project seems a bit confusing. As stated in the README, the license is GPLv3+. GPLv3+ is not compatible with GPLv2 which means these patches should not be applied to Linux Kernel. But if you open the patches, you will find GPLv2 notice in there instead of GPLv3+. So can we just simply treat this project as a GPLv2’ed one? Thanks.

 

Joel Cao

Engineer

Open Source Program Office | OPPO

+86-13817587682

 

 

 


OPPO

 

电子邮件及其附件含OPPO公司的保密信息,仅限于邮件指明的收件人使用(包含个人及群组)。禁止任何人在未经授权的情况下以任何形式使用。如果您错收了本邮件,请立即以电子邮件通知发件人并删除本邮件及其附件。

This e-mail and its attachments contain confidential information from OPPO, which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction, or dissemination) by persons other than the intended recipient(s) is prohibited. If you receive this e-mail in error, please notify the sender by phone or email immediately and delete it!

 


Re: License issue on linuximq

Carlo Piana
 

Dear Joel,

My take in this case is that the specific licensing in the file trumps the overarching license for the project. I wonder if there is any contrarian views. Certainly they should have explained better what their intention was.

Actually I see they use GPL 2+, which is incidentally somewhat aligned, meaning that you can treat the software equally as 2+ or 3+. So perhaps the intention is to prefer the latter, but allow for the earlier version.

Cheers

Carlo




Da: "曹知渊(Joel)" <joel.cao@...>
A: "main@..." <main@...>
Inviato: Venerdì, 18 settembre 2020 12:39:06
Oggetto: [openchain] License issue on linuximq
Hello everyone.

We are considering using https://github.com/imq/linuximq in some product. The files are patches for Linux Kernel. But the license of this project seems a bit confusing. As stated in the README, the license is GPLv3+. GPLv3+ is not compatible with GPLv2 which means these patches should not be applied to Linux Kernel. But if you open the patches, you will find GPLv2 notice in there instead of GPLv3+. So can we just simply treat this project as a GPLv2’ed one? Thanks.

Joel Cao
Engineer
Open Source Program Office | OPPO
+86-13817587682




OPPO

本电子邮件及其附件含有OPPO公司的保密信息,仅限于邮件指明的收件人使用(包含个人及群组)。禁止任何人在未经授权的情况下以任何形式使用。如果您错收了本邮件,请立即以电子邮件通知发件人并删除本邮件及其附件。

This e-mail and its attachments contain confidential information from OPPO, which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction, or dissemination) by persons other than the intended recipient(s) is prohibited. If you receive this e-mail in error, please notify the sender by phone or email immediately and delete it!



License issue on linuximq

曹知渊(Joel)
 

Hello everyone.

We are considering using https://github.com/imq/linuximq in some product. The files are patches for Linux Kernel. But the license of this project seems a bit confusing. As stated in the README, the license is GPLv3+. GPLv3+ is not compatible with GPLv2 which means these patches should not be applied to Linux Kernel. But if you open the patches, you will find GPLv2 notice in there instead of GPLv3+. So can we just simply treat this project as a GPLv2’ed one? Thanks.

Joel Cao
Engineer
Open Source Program Office | OPPO
+86-13817587682




OPPO

本电子邮件及其附件含有OPPO公司的保密信息,仅限于邮件指明的收件人使用(包含个人及群组)。禁止任何人在未经授权的情况下以任何形式使用。如果您错收了本邮件,请立即以电子邮件通知发件人并删除本邮件及其附件。

This e-mail and its attachments contain confidential information from OPPO, which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction, or dissemination) by persons other than the intended recipient(s) is prohibited. If you receive this e-mail in error, please notify the sender by phone or email immediately and delete it!


OpenChain Specification Second Monday Call September 2020 - Full Recording

 

The full recording of the OpenChain Specification Second Monday September 2020 is now available. This is a great way to connect with discussions about potential new reference material, clarifications and explorations of future evolution of the standard for open source compliance in the supply chain.
https://youtu.be/8FODiNmikjk


OpenChain Specification Work Team - Second Monday Meeting - Mon, 2020-09-14 #cal-notice

main@lists.openchainproject.org Calendar <noreply@...>
 

OpenChain Specification Work Team - Second Monday Meeting

When:
Monday, 14 September 2020
9:00am to 10:00am
(GMT-07:00) America/Los Angeles

Where:
Zoom

Organizer:
scoughlan@...

Description:

Join Zoom Meeting ( https://us02web.zoom.us/j/9990120120?pwd=NzVCaFE2L1RRRFZaSkk0dm8xdlplUT09 )
 
Meeting ID: 999 012 0120
Password: 123456


OpenChain Specification Work Team - Second Monday Meeting - Mon, 2020-09-14 9:00am-10:00am #cal-reminder

main@lists.openchainproject.org Calendar <main@...>
 

Reminder: OpenChain Specification Work Team - Second Monday Meeting

When: Monday, 14 September 2020, 9:00am to 10:00am, (GMT-07:00) America/Los Angeles

Where:Zoom

View Event

Organizer: Shane Coughlan scoughlan@...

Description:

Join Zoom Meeting ( https://us02web.zoom.us/j/9990120120?pwd=NzVCaFE2L1RRRFZaSkk0dm8xdlplUT09 )
 
Meeting ID: 999 012 0120
Password: 123456


Re: OpenChain Webinar #11 - Open Source Issues Remediation + Community Bridge and SPDX Online Tools + CII Best Practices - Full Recording

Jeremiah C. Foster
 

Thanks McCoy.


I suppose I oughtn't have said "there's no real notion of "premises" in the GPL", perhaps that was too broad a statement. I still think it is largely true as the example you've included seems to be referring to attributes that indicate a "consumer product" even if it has commercial uses or is installed via a licensed professional. It's my assumption that this type of attribute is meant to demonstrate that a smart thermostat running GNU/Linux (for example) still has to comply with the GPL even if it is installed in an office by an electrician. From GPLv3; "A product is a consumer product regardless of whether the product has substantial commercial, industrial or non-consumer uses, unless such uses represent the only significant mode of use of the product."


At the risk of beating a dead horse I think that "premises" is alluding to the bit of popular jargon "on-prem" which I take to mean an on premises installation of a server or a SaaS product. If that's the case it can potentially be confusing for those who don't have a clear picture of the GPL's notion of "distribution". If you're created a "derived work" with the GPL it doesn't matter which premises it runs at, rather it matters how you've distributed it. It's a rather small point but it is mine and a I made it. 😊


Regards,


Jeremiah 


From: main@... <main@...> on behalf of McCoy Smith <mccoy@...>
Sent: Friday, September 11, 2020 1:37:52 PM
To: main@...
Subject: Re: [openchain] OpenChain Webinar #11 - Open Source Issues Remediation + Community Bridge and SPDX Online Tools + CII Best Practices - Full Recording
 
*** THIS IS AN EXTERNAL EMAIL: Please do not reply, click on any links, or open any attachments unless you trust the sender and know that the content is safe. ***

Well, there is this: “A “User Product” is either (1) a “consumer product”, which means any tangible personal property which is normally used for personal, family, or household purposes, or (2) *anything designed or sold for incorporation into a dwelling.*

I don’t think that’s what the author meant by the language you quote below about “consumer premises.” [I haven’t looked at the slides]

 

FWIW, the language above was adapted from the Magnuson-Moss warranty act from the USA: https://www.law.cornell.edu/uscode/text/15/2301

 

Andy Wilson and I did a preso, quite some time ago, about the Installation Information requirement and how one should think about compliance with it, which I have posted to my website for those who really want to delve into this little-remarked upon provision. Bradley Kuhn also did a preso about it for the Linux Foundation more recently: https://events19.linuxfoundation.org/wp-content/uploads/2017/11/Safely-Copylefted-Cars-Reexamining-GPLv3-Installation-Information-Requirements-ALS-Bradley-Kuhn-Behan-Webster-1.pdf directed to the automotive industry

 

https://www.lexpan.law/post/gplv3-s-installation-information-requirement

 

From: main@... <main@...> On Behalf Of Jeremiah C. Foster
Sent: Friday, September 11, 2020 10:11 AM
To: OpenChain Main <main@...>
Subject: Re: [openchain] OpenChain Webinar #11 – Open Source Issues Remediation + Community Bridge and SPDX Online Tools + CII Best Practices – Full Recording

 

Hi OpenChainers!

 

Thanks Shane and everyone for the webinar. After reading the slides from the "Open Source Issues Remediation" I have a small nit to pick.

 

On slide 10 the author writes "the goal of the [GPL] v3 license is to prevent Tivoization". While that is clearly the goal of Section 6 of the GPL v3, that is not the goal of the entire license. The goal of the license, at least from what I understand from those who were involved in its creation, was to be more GPL-like. That means it is meant to be modified by the copyright holder just as source code licensed under the GPL v2 is meant to modified. This can create an extremely flexible license should the copyright holder need that. The GPLv3 also makes explicit some implicit elements of the previous versions of the GPL, like how to cure violations effectively and how software patents are treated. The overall goal was to make a better GPL license.

 

The author also writes "this [the GPLv3 anti-tivoization clause] is a problem, especially if the product is a consumer premises product." I would disagree with the idea that this is a "problem", the anti-tivoization clause actually is a solution to a host of problems where companies comply with the letter of the GPLv2 but prevent modification of a user's device through deliberate use of encryption or obfuscation. I don't think this comports with the spirit of the GPL family of licenses which is designed to give users control over the Free Software on their devices.

 

Lastly, there's no real notion of "premises" in the GPL though there certainly is a notion of a consumer product. A car might be an example of a consumer product that may contain GPLv3 source code but is not limited to "premises", thus the wording of the problem statement is somewhat misleading.

 

Regards,


Jeremiah

 

 

 


From: main@... <main@...> on behalf of Shane Coughlan <scoughlan@...>
Sent: Friday, September 11, 2020 6:11:41 AM
To: OpenChain Main
Subject: [openchain] OpenChain Webinar #11 – Open Source Issues Remediation + Community Bridge and SPDX Online Tools + CII Best Practices – Full Recording

 

*** THIS IS AN EXTERNAL EMAIL: Please do not reply, click on any links, or open any attachments unless you trust the sender and know that the content is safe. ***


In our biggest webinar to date, Jari Koivisto talked about Open Source Issues Remediation, Gary O’Neall talked about Community Bridge and SPDX Online Tools and David Wheeler talked about CII Best Practices (the project equivalent of the OpenChain standard). Check out the full recording and the slides below.
https://www.openchainproject.org/news/2020/09/11/openchain-webinar-11-open-source-issues-remediation-community-bridge-and-spdx-online-tools-cii-best-practices-full-recording

 



This e-mail and any attachment(s) are intended only for the recipient(s) named above and others who have been specifically authorized to receive them. They may contain confidential information. If you are not the intended recipient, please do not read this email or its attachment(s). Furthermore, you are hereby notified that any dissemination, distribution or copying of this e-mail and any attachment(s) is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender by replying to this e-mail and then delete this e-mail and any attachment(s) or copies thereof from your system. Thank you.




This e-mail and any attachment(s) are intended only for the recipient(s) named above and others who have been specifically authorized to receive them. They may contain confidential information. If you are not the intended recipient, please do not read this email or its attachment(s). Furthermore, you are hereby notified that any dissemination, distribution or copying of this e-mail and any attachment(s) is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender by replying to this e-mail and then delete this e-mail and any attachment(s) or copies thereof from your system. Thank you.