Date   

More OpenChain Case Studies: This time from consumer device companies

Shane Coughlan <coughlan@...>
 

Dear all

Something for the weekend? Here are some awesome OpenChain Project case studies! This time we are releasing three case studies from consumer device companies:
https://www.openchainproject.org/news/2018/07/12/openchain-announces-three-consumer-devices-case-studies

These build on our prior releases of automotive case studies along with a raft of releases from Hitachi, Sony, Toyota, Fujitsu and Hitachi Solutions.

(coming soon: beautiful formatting and a “case study pack”)

Regards

Shane

--
Shane Coughlan
General Manager, OpenChain
e: coughlan@...
p: +81 (0) 80 4035 8083
w: www.openchainproject.org

Professional profile: http://www.linkedin.com/in/shanecoughlan

Get my free book on open source compliance here:
https://www.linuxfoundation.org/news-media/research/practical-gpl-compliance


OpenChain Announces a Second Workshop in Taiwan - 9th August

Shane Coughlan <coughlan@...>
 

Dear all

I am delighted to announce that OpenChain Project will host a second free compliance workshop in Taipei during August. Both offer a chance to learn about how Sony and Panasonic do open source compliance (and OpenChain!).

Check out our event on the 9th August:
https://www.openchainproject.org/news/2018/07/12/openchain-announces-workshop-in-taipei

Check out our event on the 10th August:
https://www.openchainproject.org/news/2018/07/10/openchain-announces-legal-track-coscup

The first event will focus on overviews. The second event will dive into details.

Please tell your suppliers!

Regards

Shane

--
Shane Coughlan
General Manager, OpenChain
e: coughlan@...
p: +81 (0) 80 4035 8083
w: www.openchainproject.org

Professional profile: http://www.linkedin.com/in/shanecoughlan

Get my free book on open source compliance here:
https://www.linuxfoundation.org/news-media/research/practical-gpl-compliance


Re: OpenChain, ISO and TL9000

Shane Coughlan <coughlan@...>
 

Hi Karan

That would be absolutely fantastic! Look forward to hearing back when you are ready.

Regards

Shane

On Jul 13, 2018, at 24:51 , Karan.Marjara@... wrote:

Hi Shane,

I work in a Telecom company(Fujitsu Network Communications) and heard of TL9000 but have not really worked on the same. I can ask my peers to give some insights and will share the same with everyone.

Thanks,
Karan

-----Original Message-----
From: openchain-bounces@... [mailto:openchain-bounces@...] On Behalf Of Shane Coughlan
Sent: Thursday, July 12, 2018 4:57 AM
To: openchain@...
Subject: [OpenChain] OpenChain, ISO and TL9000

Dear all!

We have recently had some positive discussions about phase 2 of OpenChain - the step towards formal standardization. This would be a way to make it easier to include in the procurement cycle. We have previously identified that the procurement cycle is key to long-term adoption. This would be a way to make it easier to include in the procurement cycle.

Earlier today a telecom quality management system was flagged to me: TL9000:
https://urldefense.proofpoint.com/v2/url?u=http-3A__www.tl9000.org_about_tl9000_overview.html&d=DwICAg&c=09aR81AqZjK9FqV5BSCPBw&r=q8ynv9Ur2e3BgwTPN1sPKlp1og-6_pbJg85JRmJEX2g&m=xvQ8yxPRLmzX5R5G5eVLXUq7N9KKNIaFtY6HEpy37GE&s=MW1npHTpjbHx8u_MoXEmVZ1HIGdOOG4nNydzK9Snbbs&e=

Does anyone have experience in this space and perhaps some insights into how OpenChain as a standard can fit into telecom procurement?

Regards

Shane


--
Shane Coughlan
General Manager, OpenChain
e: coughlan@...
p: +81 (0) 80 4035 8083
w: https://urldefense.proofpoint.com/v2/url?u=http-3A__www.openchainproject.org&d=DwICAg&c=09aR81AqZjK9FqV5BSCPBw&r=q8ynv9Ur2e3BgwTPN1sPKlp1og-6_pbJg85JRmJEX2g&m=xvQ8yxPRLmzX5R5G5eVLXUq7N9KKNIaFtY6HEpy37GE&s=sXEVmVnlAEzdevz5cX_Ct-jI0cPsXzEB_NgAPrhfju8&e=

Professional profile: https://urldefense.proofpoint.com/v2/url?u=http-3A__www.linkedin.com_in_shanecoughlan&d=DwICAg&c=09aR81AqZjK9FqV5BSCPBw&r=q8ynv9Ur2e3BgwTPN1sPKlp1og-6_pbJg85JRmJEX2g&m=xvQ8yxPRLmzX5R5G5eVLXUq7N9KKNIaFtY6HEpy37GE&s=12r9B5BatL4kRvrdiJZZa76UEWqzeqM1LUngPN7I7-g&e=

Get my free book on open source compliance here:
https://urldefense.proofpoint.com/v2/url?u=https-3A__www.linuxfoundation.org_news-2Dmedia_research_practical-2Dgpl-2Dcompliance&d=DwICAg&c=09aR81AqZjK9FqV5BSCPBw&r=q8ynv9Ur2e3BgwTPN1sPKlp1og-6_pbJg85JRmJEX2g&m=xvQ8yxPRLmzX5R5G5eVLXUq7N9KKNIaFtY6HEpy37GE&s=u75andcwCWxh86T5LbbAs9FKmxCcaPUGEe5C83OfX-0&e=

_______________________________________________
OpenChain mailing list
OpenChain@...
https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.linuxfoundation.org_mailman_listinfo_openchain&d=DwICAg&c=09aR81AqZjK9FqV5BSCPBw&r=q8ynv9Ur2e3BgwTPN1sPKlp1og-6_pbJg85JRmJEX2g&m=xvQ8yxPRLmzX5R5G5eVLXUq7N9KKNIaFtY6HEpy37GE&s=GVoZXuJnZUDH6zFB-J6LArf9qudzXQwHemTr0F08YSM&e=


Re: Introductions and first contribution

Shane Coughlan <coughlan@...>
 

Hi Stefano!

On Jul 12, 2018, at 22:38 , Stefano Zacchiroli <zack@...> wrote:

Hi Shane, all, thanks for the warm welcome!

On Wed, Jul 11, 2018 at 09:10:06AM +0900, Shane Coughlan wrote:
Using Software Heritage as infrastructure to provide a standard
mechanism for satisfying source code distribution obligations
requirements is intriguing. Alexios, Stefano, would it be possible to
contribute them under CC-0 to the OpenChain curriculum reference
library? I believe it may fit into a stand-alone slide deck explaining
one possible approach for source code distribution.
as it happens I've met today with Alexios who (I found out today :)) is
also the curriculum chairman. We both prefer CC-BY-SA as license for
slides, which makes them not suitable for the curriculum library. But we
agree with you that some material about how to deposit CCSC tarballs to
Software Heritage should make its way to the curriculum library. We'll
be working on this, release it under CC0, and submit it for
consideration for the library.
Works for me! Thanks for taking this forward and building out a new contribution for the OpenChain Project. I am positive it will be immediately useful for our members. Great start to collaboration between OpenChain / Software Heritage :)

Regards

Shane



--
Shane Coughlan
General Manager, OpenChain
e: coughlan@...
p: +81 (0) 80 4035 8083
w: www.openchainproject.org

Professional profile: http://www.linkedin.com/in/shanecoughlan

Get my free book on open source compliance here:
https://www.linuxfoundation.org/news-media/research/practical-gpl-compliance


Re: OpenChain, ISO and TL9000

Karan Marjara
 

Hi Shane,

I work in a Telecom company(Fujitsu Network Communications) and heard of TL9000 but have not really worked on the same. I can ask my peers to give some insights and will share the same with everyone.

Thanks,
Karan

-----Original Message-----
From: openchain-bounces@... [mailto:openchain-bounces@...] On Behalf Of Shane Coughlan
Sent: Thursday, July 12, 2018 4:57 AM
To: openchain@...
Subject: [OpenChain] OpenChain, ISO and TL9000

Dear all!

We have recently had some positive discussions about phase 2 of OpenChain - the step towards formal standardization. This would be a way to make it easier to include in the procurement cycle. We have previously identified that the procurement cycle is key to long-term adoption. This would be a way to make it easier to include in the procurement cycle.

Earlier today a telecom quality management system was flagged to me: TL9000:
https://urldefense.proofpoint.com/v2/url?u=http-3A__www.tl9000.org_about_tl9000_overview.html&d=DwICAg&c=09aR81AqZjK9FqV5BSCPBw&r=q8ynv9Ur2e3BgwTPN1sPKlp1og-6_pbJg85JRmJEX2g&m=xvQ8yxPRLmzX5R5G5eVLXUq7N9KKNIaFtY6HEpy37GE&s=MW1npHTpjbHx8u_MoXEmVZ1HIGdOOG4nNydzK9Snbbs&e=

Does anyone have experience in this space and perhaps some insights into how OpenChain as a standard can fit into telecom procurement?

Regards

Shane


--
Shane Coughlan
General Manager, OpenChain
e: coughlan@...
p: +81 (0) 80 4035 8083
w: https://urldefense.proofpoint.com/v2/url?u=http-3A__www.openchainproject.org&d=DwICAg&c=09aR81AqZjK9FqV5BSCPBw&r=q8ynv9Ur2e3BgwTPN1sPKlp1og-6_pbJg85JRmJEX2g&m=xvQ8yxPRLmzX5R5G5eVLXUq7N9KKNIaFtY6HEpy37GE&s=sXEVmVnlAEzdevz5cX_Ct-jI0cPsXzEB_NgAPrhfju8&e=

Professional profile: https://urldefense.proofpoint.com/v2/url?u=http-3A__www.linkedin.com_in_shanecoughlan&d=DwICAg&c=09aR81AqZjK9FqV5BSCPBw&r=q8ynv9Ur2e3BgwTPN1sPKlp1og-6_pbJg85JRmJEX2g&m=xvQ8yxPRLmzX5R5G5eVLXUq7N9KKNIaFtY6HEpy37GE&s=12r9B5BatL4kRvrdiJZZa76UEWqzeqM1LUngPN7I7-g&e=

Get my free book on open source compliance here:
https://urldefense.proofpoint.com/v2/url?u=https-3A__www.linuxfoundation.org_news-2Dmedia_research_practical-2Dgpl-2Dcompliance&d=DwICAg&c=09aR81AqZjK9FqV5BSCPBw&r=q8ynv9Ur2e3BgwTPN1sPKlp1og-6_pbJg85JRmJEX2g&m=xvQ8yxPRLmzX5R5G5eVLXUq7N9KKNIaFtY6HEpy37GE&s=u75andcwCWxh86T5LbbAs9FKmxCcaPUGEe5C83OfX-0&e=

_______________________________________________
OpenChain mailing list
OpenChain@...
https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.linuxfoundation.org_mailman_listinfo_openchain&d=DwICAg&c=09aR81AqZjK9FqV5BSCPBw&r=q8ynv9Ur2e3BgwTPN1sPKlp1og-6_pbJg85JRmJEX2g&m=xvQ8yxPRLmzX5R5G5eVLXUq7N9KKNIaFtY6HEpy37GE&s=GVoZXuJnZUDH6zFB-J6LArf9qudzXQwHemTr0F08YSM&e=


Re: Introductions and first contribution

Stefano Zacchiroli
 

Hi Shane, all, thanks for the warm welcome!

On Wed, Jul 11, 2018 at 09:10:06AM +0900, Shane Coughlan wrote:
Using Software Heritage as infrastructure to provide a standard
mechanism for satisfying source code distribution obligations
requirements is intriguing. Alexios, Stefano, would it be possible to
contribute them under CC-0 to the OpenChain curriculum reference
library? I believe it may fit into a stand-alone slide deck explaining
one possible approach for source code distribution.
as it happens I've met today with Alexios who (I found out today :)) is
also the curriculum chairman. We both prefer CC-BY-SA as license for
slides, which makes them not suitable for the curriculum library. But we
agree with you that some material about how to deposit CCSC tarballs to
Software Heritage should make its way to the curriculum library. We'll
be working on this, release it under CC0, and submit it for
consideration for the library.

Cheers
--
Stefano Zacchiroli . zack@... . upsilon.cc/zack . . o . . . o . o
Computer Science Professor . CTO Software Heritage . . . . . o . . . o o
Former Debian Project Leader & OSI Board Director . . . o o o . . . o .
« the first rule of tautology club is the first rule of tautology club »


OpenChain, ISO and TL9000

Shane Coughlan <coughlan@...>
 

Dear all!

We have recently had some positive discussions about phase 2 of OpenChain - the step towards formal standardization. This would be a way to make it easier to include in the procurement cycle. We have previously identified that the procurement cycle is key to long-term adoption. This would be a way to make it easier to include in the procurement cycle.

Earlier today a telecom quality management system was flagged to me: TL9000:
http://www.tl9000.org/about/tl9000/overview.html

Does anyone have experience in this space and perhaps some insights into how OpenChain as a standard can fit into telecom procurement?

Regards

Shane


--
Shane Coughlan
General Manager, OpenChain
e: coughlan@...
p: +81 (0) 80 4035 8083
w: www.openchainproject.org

Professional profile: http://www.linkedin.com/in/shanecoughlan

Get my free book on open source compliance here:
https://www.linuxfoundation.org/news-media/research/practical-gpl-compliance


Re: Introductions and first contribution

Roberto Di Cosmo
 

Hi Kate,
sure, go ahead!

The only caveat is that currently the only way to spot SPDX at work is to
actually go through the process of depositing a software source code on
https://hal.inria.fr/ and start typing the name of a licence in the appropriate
text field in a (long) form (and you need to create an account, and follow the
instructions show here: bit.ly/swhdepositen ...)

We should definitely plan a joint communication when the service is open across
France (planned for end of September): who would be the right PR contact
on your side?

--
Roberto

On Wed, Jul 11, 2018 at 01:30:22PM -0500, Kate Stewart wrote:
Hi Roberto!

On Wed, Jul 11, 2018 at 1:10 PM, Roberto Di Cosmo <roberto@...> wrote:

Dear Shane,
     thanks for the warm welcome, we are very excited to collaborate with
OpenChain, and we are also engaged in fostering adoption of good practices
developed by many on this list into other areas, like scientific research.

For example, we convinced the national french scientific open access
portal,
HAL (see e.g. hal.inria.fr), to adopt the official SPDX licence list in the
software deposit service that will be generalised to all of France this
fall:
researchers that deposit software will be able to choose the licence(s) of
their deposit in a drop down list build out of the SPDX reference list,
and the deposited software will be archived into Software Heritage.


That's super cool - thank you!   ok for me to cross post this on the spdx
general list?    There others there that will find it intresting as well.

Kate
--
Roberto Di Cosmo

------------------------------------------------------------------
Computer Science Professor
(on leave at INRIA from IRIF/University Paris Diderot)

Software Heritage E-mail : roberto@...
INRIA Web : http://www.dicosmo.org
Bureau C123 Twitter : http://twitter.com/rdicosmo
2, Rue Simone Iff Tel : +33 1 80 49 44 42
CS 42112
75589 Paris Cedex 12
------------------------------------------------------------------
GPG fingerprint 2931 20CE 3A5A 5390 98EC 8BFC FCCA C3BE 39CB 12D3


Re: Introductions and first contribution

Kate Stewart
 

Hi Roberto!

On Wed, Jul 11, 2018 at 1:10 PM, Roberto Di Cosmo <roberto@...> wrote:
Dear Shane,
     thanks for the warm welcome, we are very excited to collaborate with
OpenChain, and we are also engaged in fostering adoption of good practices
developed by many on this list into other areas, like scientific research.

For example, we convinced the national french scientific open access portal,
HAL (see e.g. hal.inria.fr), to adopt the official SPDX licence list in the
software deposit service that will be generalised to all of France this fall:
researchers that deposit software will be able to choose the licence(s) of
their deposit in a drop down list build out of the SPDX reference list,
and the deposited software will be archived into Software Heritage.

That's super cool - thank you!   ok for me to cross post this on the spdx
general list?    There others there that will find it intresting as well.

Kate


Re: Introductions and first contribution

Roberto Di Cosmo
 

Dear Shane,
thanks for the warm welcome, we are very excited to collaborate with
OpenChain, and we are also engaged in fostering adoption of good practices
developed by many on this list into other areas, like scientific research.

For example, we convinced the national french scientific open access portal,
HAL (see e.g. hal.inria.fr), to adopt the official SPDX licence list in the
software deposit service that will be generalised to all of France this fall:
researchers that deposit software will be able to choose the licence(s) of
their deposit in a drop down list build out of the SPDX reference list,
and the deposited software will be archived into Software Heritage.

All the best

--
Roberto

On Wed, Jul 11, 2018 at 09:10:06AM +0900, Shane Coughlan wrote:
Welcome Roberto!

First of all, it is terrific to have the opportunity to work with Software Heritage. The resource you are creating to provide a record and context for code is invaluable. I hope that we can communicate and collaborate on several fronts throughout this year.

Using Software Heritage as infrastructure to provide a standard mechanism for satisfying source code distribution obligations requirements is intriguing. Alexios, Stefano, would it be possible to contribute them under CC-0 to the OpenChain curriculum reference library? I believe it may fit into a stand-alone slide deck explaining one possible approach for source code distribution.

By the way, for those not familiar with it, you can learn more about Software Heritage here:
https://www.softwareheritage.org
Some great companies are supporting the initiative, including Microsoft, Intel, Google and our very own GitHub.

Regards

Shane

On Jul 10, 2018, at 22:02 , Roberto Di Cosmo <roberto@...> wrote:

Dear all,
I'm very grateful to Shane for suggesting to join the OpenChain mailing
list, and delighted to participate in this essential effort to create common
standards for all open source compliance work.

At Software Heritage, our mission is to collect, preserve and share the source
code of all software ever written (more at www.softwareheritage.org), building a
universal archive and knowledge base that has a variety of applications.

One of these applications is directly related to compliance, and I believe it
may be interesting for OpenChain: it builds on Software Heritage as a mutualised
infrastructure to provide a standard mechanism for satisfying source code
distribution obligations.

A full presentation of this particular application has been delivered at FOSDEM
this year by Alexios Zavras and Stefano Zacchiroli, who imagined and developed
it; slides and videos of the talk are available online here:

https://fosdem.org/2018/schedule/event/outsourcing_distribution_requirements/

Unfortunately, the CC-BY annotation did not made it into the online version of
the slides, but I'm sure Alexios and Stefano (on this list) will be delighted to
confirm you can reuse/redistribute this material.

Looking forward to fruitful collaborations!

Cheers

--
Roberto

------------------------------------------------------------------
Computer Science Professor
(on leave at INRIA from IRIF/University Paris Diderot)

Director
Software Heritage E-mail : roberto@...
INRIA Web : http://www.dicosmo.org
Bureau C123 Twitter : http://twitter.com/rdicosmo
2, Rue Simone Iff Tel : +33 1 80 49 44 42
CS 42112
75589 Paris Cedex 12
------------------------------------------------------------------
GPG fingerprint 2931 20CE 3A5A 5390 98EC 8BFC FCCA C3BE 39CB 12D3
_______________________________________________
OpenChain mailing list
OpenChain@...
https://lists.linuxfoundation.org/mailman/listinfo/openchain
--
Roberto Di Cosmo

------------------------------------------------------------------
Computer Science Professor
(on leave at INRIA from IRIF/University Paris Diderot)

Software Heritage E-mail : roberto@...
INRIA Web : http://www.dicosmo.org
Bureau C123 Twitter : http://twitter.com/rdicosmo
2, Rue Simone Iff Tel : +33 1 80 49 44 42
CS 42112
75589 Paris Cedex 12
------------------------------------------------------------------
GPG fingerprint 2931 20CE 3A5A 5390 98EC 8BFC FCCA C3BE 39CB 12D3


Re: Incoming question for our project!

Steve Cropper
 

Hi Jilayne et al

Yes it is easy to say “create a whitelist” but in practice there is a lot of work involved depending on the size of your organisation.

The Open Chain curriculum will give some good guidance.

The important focus for the teams I worked with in the past was to reduce engineering friction by identifying the most benign licenses first then developing a process where senior engineers with legal support assessed the use case vs the license obligations. We used other criteria such as where the code came from and the trust worthiness of the source.

These engineers had the trust of the legal dept. to judge the less risky use cases accurately. Legal reviewed this work on a regular basis and were called in by the assessor engineers to review more complex use cases or new or high risk licenses (grey listed).
As many of us know, not every open source software package is well documented and you can’t always trust the stated license without reviewing the code base in some detail using commercial or home grown tools.

We then built approval Bills of Material that gave us historical record of who made the approval decisions and, as necessary, why.

Such processes need to be developed with the business focus, size and organisational culture of the Company in mind and may need independent help. Which is something I can help out with.

Cheers
Steve


Steve
+44 7982 525 965


On Jul 11, 2018, at 06:07, Jan Thielscher <jan.thielscher@...> wrote:

Thank you Jilayne for pointing that out!

 

It is rather astonishing how often – even for legal counsels - whitelists are meant to be the holy grail of compliance conformity. Sometimes we even find the requirement that all licenses appearing in a bill of materials must have gone through a validation process (we call that enforce whitelist). While the latter might be a good idea, it does not serve the goal as long as the list is companywide but not project specific.

 

Really required is a case specific assessment of the obligations triggered by the licenses involved concerning the context of application _and_ implementation (coupling, modification).

 

A very nice proof of the relevance of circumstances has been produced by OSADL at https://www.osadl.org/The-OSADL-Quick-License-Compliance-Check.conformant-licensing.0.html Give it a try and play with alternative answers. 😉

 

All other approaches (whitelisting, project specific whitelisting or blacklistiing) either bear the risk of being too restrictive and thus preventing the application of powerful components or being too permissive and therefor, not achieving the compliance aspect.

 

There are tools that may help you with this by automating assessments, but I do not want to go into marketing here 😉

 

Concerning the SPDX list, I would rather say it has more the character of a complete catalogue _and_ heritage. We use it for example as a reference base to determine the correct license or ingredients of it in automated license detection. A more suitable (due to length and relevance) entry point might be the list of approved licenses by the OSI at https://opensource.org/licenses/alphabetical .

 

Br

Jan

 

Von: <openchain-bounces@...> im Auftrag von Jilayne Lovejoy <Jilayne.Lovejoy@...>
Datum: Dienstag, 10. Juli 2018 um 23:45
An: Steve Cropper <stcroppe@...>, Shane Coughlan <coughlan@...>
Cc: "openchain@..." <openchain@...>
Betreff: Re: [OpenChain] Incoming question for our project!

 

Hi Steve!

 

It’s been awhile since we worked on SPDX together! A bit of an addition to your comment below:

 

The SPDX License List is quite long, so while it is certainly a good starting point for coming up with a list of licenses that meet one’s own criteria.

 

I whole heartedly agree with and want to stress Steve’s other comments regarding what you consider to be a “white list license” is going to depend greatly on how the software is being used, your business needs, and risk profile. Basically – what does it mean to be “white listed”? This is not necessarily going to be the same for every company or every product within a company. Given the specificity, I’d great pre-made lists with a certain amount of suspicion and contend they can end up doing more harm than good in confusing what the list is to be used for, how it should be used, by whom, and the potential for conflation with different scenarios. If you have legal counsel in your organization who already understands this stuff – being able to see what someone else has done can save some time, but for this kind of thing, my view is that for the legal counsel who already understands this stuff, they don’t need to see someone else’s list, as they can probably just as quick come up with what is OK or not OK for certain use cases within their organization.

 

https://choosealicense.com/licenses/ was created to help developers creating code to choose a license for their project (on Github) – it provides a very high-level description of each licenses, which is NOT tied to a specific use case. That is fine if you are a developer, who does not have access to a lawyer, and just wants to get your code out there and licensed so it can be used by others. But I don’t think it has any bearing on the “white list” purposes that you are probably referring to here.

 

Cheers,

Jilayne

 

From: <openchain-bounces@...> on behalf of Steve Cropper <stcroppe@...>
Date: Tuesday, July 10, 2018 at 1:38 PM
To: Shane Coughlan <coughlan@...>
Cc: OpenChain <openchain@...>
Subject: Re: [OpenChain] Incoming question for our project!

 

Hi Shane

 

I would start with the SPDX license list

 

 

The use cases will depend upon what the company does and its own business models.

 

If it is happy fully disclosing software source and participating fully in the related communities supplying the software they use then the list could be pretty broad. For hosting services but not redistributing then most licenses will work. 

 

Things get dodgy if they are a manufacturer and or have/use proprietary software. Distribution clauses and contamination issues will come into play using GPL as you know.

 

Best bet is to sit down with the SPDX list and their legal team and develop a whitelist mapped to use case.

 

Hope that helps

Steve

 

 

Steve

+44 7982 525 965

 


On Jul 10, 2018, at 09:51, Shane Coughlan <coughlan@...> wrote:

Hello all

I recently received a query regarding where there was any reference material on generating a list of “approved” OSS licenses for use within a company based type of usage. Typical uses may be: internal/testing only, incorporated into products, incorporated into websites, etc.

Any useful links or contacts to suggest?

Regards

Shane


--
Shane Coughlan
General Manager, OpenChain
e: coughlan@...            
p: +81 (0) 80 4035 8083                
w: www.openchainproject.org

Professional profile: http://www.linkedin.com/in/shanecoughlan

Get my free book on open source compliance here:
https://www.linuxfoundation.org/news-media/research/practical-gpl-compliance  

_______________________________________________
OpenChain mailing list
OpenChain@...
https://lists.linuxfoundation.org/mailman/listinfo/openchain

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.


OpenChain @ COSCUP in Taipei - August

Shane Coughlan <coughlan@...>
 

News, news, news.

The OpenChain Project is delighted to announce that we will be hosting a legal track at the upcoming COSCUP event in Taipei, Taiwan. This event is in partnership with the Discussion Meeting of FOSS Licensing Issues (DMFLI) and builds on three OpenChain workshops held in Taipei earlier this year. As always our goal is to build bridges, share knowledge, and lay the foundation for increased trust in software supply chains.
Learn More:
• Schedule of the legal track: https://dmfli.kktix.cc/events/openchain3
• General information about COSCUP: https://2018.coscup.org

Regards

Shane

--
Shane Coughlan
General Manager, OpenChain
e: coughlan@...
p: +81 (0) 80 4035 8083
w: www.openchainproject.org

Professional profile: http://www.linkedin.com/in/shanecoughlan

Get my free book on open source compliance here:
https://www.linuxfoundation.org/news-media/research/practical-gpl-compliance


Re: Incoming question for our project!

Jan Thielscher
 

Thank you Jilayne for pointing that out!

 

It is rather astonishing how often – even for legal counsels - whitelists are meant to be the holy grail of compliance conformity. Sometimes we even find the requirement that all licenses appearing in a bill of materials must have gone through a validation process (we call that enforce whitelist). While the latter might be a good idea, it does not serve the goal as long as the list is companywide but not project specific.

 

Really required is a case specific assessment of the obligations triggered by the licenses involved concerning the context of application _and_ implementation (coupling, modification).

 

A very nice proof of the relevance of circumstances has been produced by OSADL at https://www.osadl.org/The-OSADL-Quick-License-Compliance-Check.conformant-licensing.0.html Give it a try and play with alternative answers. 😉

 

All other approaches (whitelisting, project specific whitelisting or blacklistiing) either bear the risk of being too restrictive and thus preventing the application of powerful components or being too permissive and therefor, not achieving the compliance aspect.

 

There are tools that may help you with this by automating assessments, but I do not want to go into marketing here 😉

 

Concerning the SPDX list, I would rather say it has more the character of a complete catalogue _and_ heritage. We use it for example as a reference base to determine the correct license or ingredients of it in automated license detection. A more suitable (due to length and relevance) entry point might be the list of approved licenses by the OSI at https://opensource.org/licenses/alphabetical .

 

Br

Jan

 

Von: <openchain-bounces@...> im Auftrag von Jilayne Lovejoy <Jilayne.Lovejoy@...>
Datum: Dienstag, 10. Juli 2018 um 23:45
An: Steve Cropper <stcroppe@...>, Shane Coughlan <coughlan@...>
Cc: "openchain@..." <openchain@...>
Betreff: Re: [OpenChain] Incoming question for our project!

 

Hi Steve!

 

It’s been awhile since we worked on SPDX together! A bit of an addition to your comment below:

 

The SPDX License List is quite long, so while it is certainly a good starting point for coming up with a list of licenses that meet one’s own criteria.

 

I whole heartedly agree with and want to stress Steve’s other comments regarding what you consider to be a “white list license” is going to depend greatly on how the software is being used, your business needs, and risk profile. Basically – what does it mean to be “white listed”? This is not necessarily going to be the same for every company or every product within a company. Given the specificity, I’d great pre-made lists with a certain amount of suspicion and contend they can end up doing more harm than good in confusing what the list is to be used for, how it should be used, by whom, and the potential for conflation with different scenarios. If you have legal counsel in your organization who already understands this stuff – being able to see what someone else has done can save some time, but for this kind of thing, my view is that for the legal counsel who already understands this stuff, they don’t need to see someone else’s list, as they can probably just as quick come up with what is OK or not OK for certain use cases within their organization.

 

https://choosealicense.com/licenses/ was created to help developers creating code to choose a license for their project (on Github) – it provides a very high-level description of each licenses, which is NOT tied to a specific use case. That is fine if you are a developer, who does not have access to a lawyer, and just wants to get your code out there and licensed so it can be used by others. But I don’t think it has any bearing on the “white list” purposes that you are probably referring to here.

 

Cheers,

Jilayne

 

From: <openchain-bounces@...> on behalf of Steve Cropper <stcroppe@...>
Date: Tuesday, July 10, 2018 at 1:38 PM
To: Shane Coughlan <coughlan@...>
Cc: OpenChain <openchain@...>
Subject: Re: [OpenChain] Incoming question for our project!

 

Hi Shane

 

I would start with the SPDX license list

 

 

The use cases will depend upon what the company does and its own business models.

 

If it is happy fully disclosing software source and participating fully in the related communities supplying the software they use then the list could be pretty broad. For hosting services but not redistributing then most licenses will work. 

 

Things get dodgy if they are a manufacturer and or have/use proprietary software. Distribution clauses and contamination issues will come into play using GPL as you know.

 

Best bet is to sit down with the SPDX list and their legal team and develop a whitelist mapped to use case.

 

Hope that helps

Steve

 

 

Steve

+44 7982 525 965

 


On Jul 10, 2018, at 09:51, Shane Coughlan <coughlan@...> wrote:

Hello all

I recently received a query regarding where there was any reference material on generating a list of “approved” OSS licenses for use within a company based type of usage. Typical uses may be: internal/testing only, incorporated into products, incorporated into websites, etc.

Any useful links or contacts to suggest?

Regards

Shane


--
Shane Coughlan
General Manager, OpenChain
e: coughlan@...            
p: +81 (0) 80 4035 8083                
w: www.openchainproject.org

Professional profile: http://www.linkedin.com/in/shanecoughlan

Get my free book on open source compliance here:
https://www.linuxfoundation.org/news-media/research/practical-gpl-compliance  

_______________________________________________
OpenChain mailing list
OpenChain@...
https://lists.linuxfoundation.org/mailman/listinfo/openchain

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.


Re: Open Source Summit in Vancouver

Shane Coughlan <coughlan@...>
 

Hi Mark

This is very cool! I am looking forward to attending.

Regards

Shane

On Jul 11, 2018, at 24:56 , Gisi, Mark <Mark.Gisi@...> wrote:

Hi Shane,

Great to hear about the blockchain discussion. Will it be a formal talk?
It is a formal talk (http://sched.co/FANG). We will discuss launching a public ledger to track open source compliance artifacts for the Zephyr project. The ledger will include an "OpenChain boolean" flag for each compliance artifact registered with the ledger. This enables one to record whether any specific artifact (e.g., notice file, source archive, spdx doc, ...) was prepared using an OpenChain conforming process.

- Mark

-----Original Message-----
From: openchain-bounces@... [mailto:openchain-bounces@...] On Behalf Of Shane Coughlan
Sent: Monday, July 09, 2018 8:01 PM
To: openchain@...
Subject: Re: [OpenChain] Open Source Summit in Vancouver

Hi Mark!

Excellent that you will be there. This makes our current list:
Dave
David
Gary
Sami
Mark
Shane
Kate

Great to hear about the blockchain discussion. Will it be a formal talk?

Regards

Shane

On Jul 9, 2018, at 15:06 , Gisi, Mark <Mark.Gisi@...> wrote:

Hi Shane,

I will be attending the Vancouver summit.

I will also be discussing the "Supply chain trust multiplier" when OpenChain conformance is used in conjunction with a Blockchain ledger.

- Mark


-----Original Message-----
From: openchain-bounces@... [mailto:openchain-bounces@...] On Behalf Of Shane Coughlan
Sent: Monday, July 02, 2018 7:51 AM
To: Sami Atabani
Cc: openchain@...
Subject: Re: [OpenChain] Open Source Summit in Vancouver

This is going to be fun!

OK:
Dave
David
Gary
Sami
Shane
Kate (?)

Plenty of room for more! Just let me know.

Regards

Shane

On Jul 2, 2018, at 23:13 , Sami Atabani <Sami.Atabani@...> wrote:

Hi All,

I will be there too!

Thanks

Sami

-----Original Message-----
From: openchain-bounces@... <openchain-bounces@...> On Behalf Of Gary O'Neall
Sent: 29 June 2018 18:16
To: 'Shane Coughlan' <coughlan@...>; 'David Rudin' <David.Rudin@...>
Cc: openchain@...
Subject: Re: [OpenChain] Open Source Summit in Vancouver

I'll be there as well. Looking forward to catching up with everyone.

Gary

-----Original Message-----
From: openchain-bounces@... <openchain-
bounces@...> On Behalf Of Shane Coughlan
Sent: Friday, June 29, 2018 5:45 AM
To: David Rudin <David.Rudin@...>
Cc: openchain@...
Subject: Re: [OpenChain] Open Source Summit in Vancouver

Fantastic! Let’s make an (informal) event of it! How would gathering
at the Hyatt Regency Vancouver Mosaic Grille at 6pm on the 28th for
some light refreshments work? RSVP would be useful so I can make a rough booking.
I’m counting three so far (David, David and Shane).

Meanwhile, I plan to hold an OpenChain Workshop from 1pm to 5pm on the
28th for people new to the project and those wanting to get up to
speed on latest developments. Details to follow!

Regards

Shane

On Jun 29, 2018, at 09:32 , David Rudin (CELA)
<David.Rudin@...> wrote:

I'm tentatively planning on attending as well, and it would be great
to
connect in person.

-----Original Message-----
From: openchain-bounces@... <openchain-
bounces@...> On Behalf Of David Marr
Sent: Thursday, June 28, 2018 4:09 PM
To: Shane Coughlan <coughlan@...>;
openchain@...
Subject: Re: [OpenChain] Open Source Summit in Vancouver

I'll likely be there, and would be delighted to network with
OpenChain
colleagues if there's opportunity and interest.

Dave

-----Original Message-----
From: openchain-bounces@... [mailto:openchain-
bounces@...] On Behalf Of Shane Coughlan
Sent: Thursday, June 28, 2018 2:31 AM
To: openchain@...
Subject: [OpenChain] Open Source Summit in Vancouver

Dear all

Who will be attending this event? Interested in an informal
OpenChain
social get-together? It may be an opportunity to network and share notes.

Regards

Shane


--
Shane Coughlan
OpenChain Project Director
e: coughlan@...
p: +81 (0) 80 4035 8083
w: www.openchainproject.org

Professional profile: http://www.linkedin.com/in/shanecoughlan

Get my free book on open source compliance here:
https://www.linuxfoundation.org/news-media/research/practical-gpl-
compliance

_______________________________________________
OpenChain mailing list
OpenChain@...
https://lists.linuxfoundation.org/mailman/listinfo/openchain
_______________________________________________
OpenChain mailing list
OpenChain@...
https://lists.linuxfoundation.org/mailman/listinfo/openchain
_______________________________________________
OpenChain mailing list
OpenChain@...
https://lists.linuxfoundation.org/mailman/listinfo/openchain
_______________________________________________
OpenChain mailing list
OpenChain@...
https://lists.linuxfoundation.org/mailman/listinfo/openchain
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
_______________________________________________
OpenChain mailing list
OpenChain@...
https://lists.linuxfoundation.org/mailman/listinfo/openchain
_______________________________________________
OpenChain mailing list
OpenChain@...
https://lists.linuxfoundation.org/mailman/listinfo/openchain


Re: Introductions and first contribution

Shane Coughlan <coughlan@...>
 

Welcome Roberto!

First of all, it is terrific to have the opportunity to work with Software Heritage. The resource you are creating to provide a record and context for code is invaluable. I hope that we can communicate and collaborate on several fronts throughout this year.

Using Software Heritage as infrastructure to provide a standard mechanism for satisfying source code distribution obligations requirements is intriguing. Alexios, Stefano, would it be possible to contribute them under CC-0 to the OpenChain curriculum reference library? I believe it may fit into a stand-alone slide deck explaining one possible approach for source code distribution.

By the way, for those not familiar with it, you can learn more about Software Heritage here:
https://www.softwareheritage.org
Some great companies are supporting the initiative, including Microsoft, Intel, Google and our very own GitHub.

Regards

Shane

On Jul 10, 2018, at 22:02 , Roberto Di Cosmo <roberto@...> wrote:

Dear all,
I'm very grateful to Shane for suggesting to join the OpenChain mailing
list, and delighted to participate in this essential effort to create common
standards for all open source compliance work.

At Software Heritage, our mission is to collect, preserve and share the source
code of all software ever written (more at www.softwareheritage.org), building a
universal archive and knowledge base that has a variety of applications.

One of these applications is directly related to compliance, and I believe it
may be interesting for OpenChain: it builds on Software Heritage as a mutualised
infrastructure to provide a standard mechanism for satisfying source code
distribution obligations.

A full presentation of this particular application has been delivered at FOSDEM
this year by Alexios Zavras and Stefano Zacchiroli, who imagined and developed
it; slides and videos of the talk are available online here:

https://fosdem.org/2018/schedule/event/outsourcing_distribution_requirements/

Unfortunately, the CC-BY annotation did not made it into the online version of
the slides, but I'm sure Alexios and Stefano (on this list) will be delighted to
confirm you can reuse/redistribute this material.

Looking forward to fruitful collaborations!

Cheers

--
Roberto

------------------------------------------------------------------
Computer Science Professor
(on leave at INRIA from IRIF/University Paris Diderot)

Director
Software Heritage E-mail : roberto@...
INRIA Web : http://www.dicosmo.org
Bureau C123 Twitter : http://twitter.com/rdicosmo
2, Rue Simone Iff Tel : +33 1 80 49 44 42
CS 42112
75589 Paris Cedex 12
------------------------------------------------------------------
GPG fingerprint 2931 20CE 3A5A 5390 98EC 8BFC FCCA C3BE 39CB 12D3
_______________________________________________
OpenChain mailing list
OpenChain@...
https://lists.linuxfoundation.org/mailman/listinfo/openchain


Re: Incoming question for our project!

Jilayne Lovejoy <Jilayne.Lovejoy@...>
 

Hi Steve!

 

It’s been awhile since we worked on SPDX together! A bit of an addition to your comment below:

 

The SPDX License List is quite long, so while it is certainly a good starting point for coming up with a list of licenses that meet one’s own criteria.

 

I whole heartedly agree with and want to stress Steve’s other comments regarding what you consider to be a “white list license” is going to depend greatly on how the software is being used, your business needs, and risk profile. Basically – what does it mean to be “white listed”? This is not necessarily going to be the same for every company or every product within a company. Given the specificity, I’d great pre-made lists with a certain amount of suspicion and contend they can end up doing more harm than good in confusing what the list is to be used for, how it should be used, by whom, and the potential for conflation with different scenarios. If you have legal counsel in your organization who already understands this stuff – being able to see what someone else has done can save some time, but for this kind of thing, my view is that for the legal counsel who already understands this stuff, they don’t need to see someone else’s list, as they can probably just as quick come up with what is OK or not OK for certain use cases within their organization.

 

https://choosealicense.com/licenses/ was created to help developers creating code to choose a license for their project (on Github) – it provides a very high-level description of each licenses, which is NOT tied to a specific use case. That is fine if you are a developer, who does not have access to a lawyer, and just wants to get your code out there and licensed so it can be used by others. But I don’t think it has any bearing on the “white list” purposes that you are probably referring to here.

 

Cheers,

Jilayne

 

From: <openchain-bounces@...> on behalf of Steve Cropper <stcroppe@...>
Date: Tuesday, July 10, 2018 at 1:38 PM
To: Shane Coughlan <coughlan@...>
Cc: OpenChain <openchain@...>
Subject: Re: [OpenChain] Incoming question for our project!

 

Hi Shane

 

I would start with the SPDX license list

 

 

The use cases will depend upon what the company does and its own business models.

 

If it is happy fully disclosing software source and participating fully in the related communities supplying the software they use then the list could be pretty broad. For hosting services but not redistributing then most licenses will work. 

 

Things get dodgy if they are a manufacturer and or have/use proprietary software. Distribution clauses and contamination issues will come into play using GPL as you know.

 

Best bet is to sit down with the SPDX list and their legal team and develop a whitelist mapped to use case.

 

Hope that helps

Steve

 

 

Steve

+44 7982 525 965

 


On Jul 10, 2018, at 09:51, Shane Coughlan <coughlan@...> wrote:

Hello all

I recently received a query regarding where there was any reference material on generating a list of “approved” OSS licenses for use within a company based type of usage. Typical uses may be: internal/testing only, incorporated into products, incorporated into websites, etc.

Any useful links or contacts to suggest?

Regards

Shane


--
Shane Coughlan
General Manager, OpenChain
e: coughlan@...            
p: +81 (0) 80 4035 8083                
w: www.openchainproject.org

Professional profile: http://www.linkedin.com/in/shanecoughlan

Get my free book on open source compliance here:
https://www.linuxfoundation.org/news-media/research/practical-gpl-compliance  

_______________________________________________
OpenChain mailing list
OpenChain@...
https://lists.linuxfoundation.org/mailman/listinfo/openchain

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.


Re: Incoming question for our project!

Shuvo
 

Dear All/Shane,

Came across the following website contents which might be of help. Not sure about the veracity of the "choosealicense" site, but looks good. Added reference materials, from Google and Opensource.com (available in public) also put in.

On Tue, Jul 10, 2018 at 2:21 PM, Shane Coughlan <coughlan@...> wrote:
Hello all

I recently received a query regarding where there was any reference material on generating a list of “approved” OSS licenses for use within a company based type of usage. Typical uses may be: internal/testing only, incorporated into products, incorporated into websites, etc.

Any useful links or contacts to suggest?

Regards

Shane


--
Shane Coughlan
General Manager, OpenChain
e: coughlan@...           
p: +81 (0) 80 4035 8083               
w: www.openchainproject.org

Professional profile: http://www.linkedin.com/in/shanecoughlan

Get my free book on open source compliance here:
https://www.linuxfoundation.org/news-media/research/practical-gpl-compliance 

_______________________________________________
OpenChain mailing list
OpenChain@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/openchain



--
Shuvajit Mitra


Re: Incoming question for our project!

Steve Cropper
 

Hi Shane

I would start with the SPDX license list


The use cases will depend upon what the company does and its own business models.

If it is happy fully disclosing software source and participating fully in the related communities supplying the software they use then the list could be pretty broad. For hosting services but not redistributing then most licenses will work. 

Things get dodgy if they are a manufacturer and or have/use proprietary software. Distribution clauses and contamination issues will come into play using GPL as you know.

Best bet is to sit down with the SPDX list and their legal team and develop a whitelist mapped to use case.

Hope that helps
Steve



Steve
+44 7982 525 965


On Jul 10, 2018, at 09:51, Shane Coughlan <coughlan@...> wrote:

Hello all

I recently received a query regarding where there was any reference material on generating a list of “approved” OSS licenses for use within a company based type of usage. Typical uses may be: internal/testing only, incorporated into products, incorporated into websites, etc.

Any useful links or contacts to suggest?

Regards

Shane


--
Shane Coughlan
General Manager, OpenChain
e: coughlan@...            
p: +81 (0) 80 4035 8083                
w: www.openchainproject.org

Professional profile: http://www.linkedin.com/in/shanecoughlan

Get my free book on open source compliance here:
https://www.linuxfoundation.org/news-media/research/practical-gpl-compliance  

_______________________________________________
OpenChain mailing list
OpenChain@...
https://lists.linuxfoundation.org/mailman/listinfo/openchain


Re: Happy to be a part of OpenChain-my introduction

Shuvo
 

Thank you Matija!! You have been of considerable help in getting me connected here and putting me in right direction.

Best regards



On Tue, Jul 10, 2018 at 12:56 PM, Matija Šuklje <matija@...> wrote:
Dear Shuvo,

great to see you become more active in OpenChain. I’m sure your contribution
will be very much appreciated!


cheers,
Matija
--
gsm:    +386 41 849 552
www:    http://matija.suklje.name
xmpp:   matija.suklje@...
sip:    matija_suklje@...


_______________________________________________
OpenChain mailing list
OpenChain@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/openchain



--
Shuvajit Mitra


Re: Open Source Summit in Vancouver

Mark Gisi
 

Hi Shane,

Great to hear about the blockchain discussion. Will it be a formal talk?
It is a formal talk (http://sched.co/FANG). We will discuss launching a public ledger to track open source compliance artifacts for the Zephyr project. The ledger will include an "OpenChain boolean" flag for each compliance artifact registered with the ledger. This enables one to record whether any specific artifact (e.g., notice file, source archive, spdx doc, ...) was prepared using an OpenChain conforming process.

- Mark

-----Original Message-----
From: openchain-bounces@... [mailto:openchain-bounces@...] On Behalf Of Shane Coughlan
Sent: Monday, July 09, 2018 8:01 PM
To: openchain@...
Subject: Re: [OpenChain] Open Source Summit in Vancouver

Hi Mark!

Excellent that you will be there. This makes our current list:
Dave
David
Gary
Sami
Mark
Shane
Kate

Great to hear about the blockchain discussion. Will it be a formal talk?

Regards

Shane

On Jul 9, 2018, at 15:06 , Gisi, Mark <Mark.Gisi@...> wrote:

Hi Shane,

I will be attending the Vancouver summit.

I will also be discussing the "Supply chain trust multiplier" when OpenChain conformance is used in conjunction with a Blockchain ledger.

- Mark


-----Original Message-----
From: openchain-bounces@... [mailto:openchain-bounces@...] On Behalf Of Shane Coughlan
Sent: Monday, July 02, 2018 7:51 AM
To: Sami Atabani
Cc: openchain@...
Subject: Re: [OpenChain] Open Source Summit in Vancouver

This is going to be fun!

OK:
Dave
David
Gary
Sami
Shane
Kate (?)

Plenty of room for more! Just let me know.

Regards

Shane

On Jul 2, 2018, at 23:13 , Sami Atabani <Sami.Atabani@...> wrote:

Hi All,

I will be there too!

Thanks

Sami

-----Original Message-----
From: openchain-bounces@... <openchain-bounces@...> On Behalf Of Gary O'Neall
Sent: 29 June 2018 18:16
To: 'Shane Coughlan' <coughlan@...>; 'David Rudin' <David.Rudin@...>
Cc: openchain@...
Subject: Re: [OpenChain] Open Source Summit in Vancouver

I'll be there as well. Looking forward to catching up with everyone.

Gary

-----Original Message-----
From: openchain-bounces@... <openchain-
bounces@...> On Behalf Of Shane Coughlan
Sent: Friday, June 29, 2018 5:45 AM
To: David Rudin <David.Rudin@...>
Cc: openchain@...
Subject: Re: [OpenChain] Open Source Summit in Vancouver

Fantastic! Let’s make an (informal) event of it! How would gathering
at the Hyatt Regency Vancouver Mosaic Grille at 6pm on the 28th for
some light refreshments work? RSVP would be useful so I can make a rough booking.
I’m counting three so far (David, David and Shane).

Meanwhile, I plan to hold an OpenChain Workshop from 1pm to 5pm on the
28th for people new to the project and those wanting to get up to
speed on latest developments. Details to follow!

Regards

Shane

On Jun 29, 2018, at 09:32 , David Rudin (CELA)
<David.Rudin@...> wrote:

I'm tentatively planning on attending as well, and it would be great
to
connect in person.

-----Original Message-----
From: openchain-bounces@... <openchain-
bounces@...> On Behalf Of David Marr
Sent: Thursday, June 28, 2018 4:09 PM
To: Shane Coughlan <coughlan@...>;
openchain@...
Subject: Re: [OpenChain] Open Source Summit in Vancouver

I'll likely be there, and would be delighted to network with
OpenChain
colleagues if there's opportunity and interest.

Dave

-----Original Message-----
From: openchain-bounces@... [mailto:openchain-
bounces@...] On Behalf Of Shane Coughlan
Sent: Thursday, June 28, 2018 2:31 AM
To: openchain@...
Subject: [OpenChain] Open Source Summit in Vancouver

Dear all

Who will be attending this event? Interested in an informal
OpenChain
social get-together? It may be an opportunity to network and share notes.

Regards

Shane


--
Shane Coughlan
OpenChain Project Director
e: coughlan@...
p: +81 (0) 80 4035 8083
w: www.openchainproject.org

Professional profile: http://www.linkedin.com/in/shanecoughlan

Get my free book on open source compliance here:
https://www.linuxfoundation.org/news-media/research/practical-gpl-
compliance

_______________________________________________
OpenChain mailing list
OpenChain@...
https://lists.linuxfoundation.org/mailman/listinfo/openchain
_______________________________________________
OpenChain mailing list
OpenChain@...
https://lists.linuxfoundation.org/mailman/listinfo/openchain
_______________________________________________
OpenChain mailing list
OpenChain@...
https://lists.linuxfoundation.org/mailman/listinfo/openchain
_______________________________________________
OpenChain mailing list
OpenChain@...
https://lists.linuxfoundation.org/mailman/listinfo/openchain
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
_______________________________________________
OpenChain mailing list
OpenChain@...
https://lists.linuxfoundation.org/mailman/listinfo/openchain
_______________________________________________
OpenChain mailing list
OpenChain@...
https://lists.linuxfoundation.org/mailman/listinfo/openchain

3161 - 3180 of 4814