Date   

OpenChain Q1 Mini-Summit - March 10th 15:00 UTC (07:00 PST / 15:00 GMT / 16:00 CET / 20:30 IST / 23:00 CST / 00:00 KST / 00:00 JST)

 

Agenda

Three hours. Three important discussions.
First Hour: Our Specification Work Group will work on an optional security support document for OpenChain ISO 5230. This will take the form of an explanatory document illustrating OpenChain usage in the context of security.
Second Hour: Our Education Work Group will work on finalizing the OpenChain online course. The focus will be on merging all remaining comments with the current document. We will also be locking down the “Supplier Education Pack” containing basic supplier education, OpenChain introduction, and our reference training material.
Third Hour: We will review the current “state of the union” in open source automation based on the experience and knowledge of the OpenChain Reference Tooling Work Group. We aim to identity the “pain points” for interoperability between various open source tools for open source compliance.

Location

Zoom – No Registration Required. One click entry:
https://us02web.zoom.us/j/9990120120?pwd=NzVCaFE2L1RRRFZaSkk0dm8xdlplUT09
Meeting ID: 999 012 0120
Passcode: 123456
One tap mobile
⁨+16699006833,,9990120120#,,,,*123456#⁩ US (San Jose)
⁨+12532158782,,9990120120#,,,,*123456#⁩ US (Tacoma)
Dial by your location
⁨+1 669 900 6833⁩ US (San Jose)
⁨+1 312 626 6799⁩ US (Chicago)
⁨+1 646 876 9923⁩ US (New York)
Find your local number:
https://us02web.zoom.us/u/kW7exlfu


IMPORTANT - OpenChain 2021 - Overview and Execution

 

OpenChain ISO 5230 has been in market for around two months. In this time we have seen significant conformance announcements from companies like Hitachi, LG Electronics and Microsoft. We have also see a lot of activity in commercial service channels supporting adoption.

With the Western New Year and the Lunar New Year behind us, we now have a clear path ahead for 2021. I want to discuss the big picture here and explain how it will give context to all our individual actions.

First, OpenChain ISO 5230 is gaining speed in the supply chain. It is being used in negotiation and contract discussions. It is assisting in Merger and Acquisitions. It is being explored by Venture Capital. All of this activity underlines one fact: OpenChain ISO 5230 is the appropriate solution for managing open source license compliance.

Second, the adoption of OpenChain ISO 5230 is being well-supported by the project. Our global teams, our local teams, and our extensive reference materials, including webinars, make us a single destination for getting up-to-speed on effective, efficient open source license compliance.

Third, there is more we can do. OpenChain ISO 5230 is rapidly passing the layers of the supply chain intimately familiar with the open source community or even the Linux Foundation. New companies are hearing of the standard and entering our orbit, and this will accelerate in the coming months. Our existing material provides great support, but our key skill has always been to listen, and then to refine everything we do in response. This practice remains unchanged.

So let’s talk about what’s coming next.

We have the International Standard for open source license compliance.

We have the world’s largest support community for open source license compliance, peers assisting peers, and commercial providers standing at the ready.

We have the world’s largest reference library for open source license compliance matters.

Now we realize the potential. This is phase three of the OpenChain Project.

Phase one, make the standard.

Phase two, bring it to market and formalize it.

Phase three, make OpenChain ISO 5230 part of every transaction in the supply chain.

Phase three has three key parts:

1 - Provide the material that allows every supplier in the world to adopt OpenChain ISO 5230.

2 - Provide the community of peers (user company to user company) that supports this adoption.

3 - Engage with national and international organizations to embed OpenChain ISO 5230 in global policy.

All of these parts are already underway. Let’s talk about what’s happening and how you can be part of this.

First of all, you are already part of this. Your engagement with OpenChain laid the foundation to build what we have today, and our current execution regarding adoption materials, support and long-term policy flow from this. Thank you for taking us to this stage.

But we are looking forward. Let’s look at each point in turn.

= 1 =
Provide the material that allows every supplier in the world to adopt OpenChain ISO 5230.
==

Today we have self-certification, a massive reference library, and a regular pipeline of new contributions and translations. However, feedback indicates there are three next steps that will be super useful. All three are underway but all three will benefit greatly from your further engagement.

(1) A supplier education pack. This will be a selection of some of our core documents designed to allow any customer company to simply email it to any supplier company, and for that supplier to easily understand OpenChain and adoption options. This is nearly ready. We expect the final edit to be during the OpenChain Mini-Summit on March 10th and the pack to be released March 12th. It will contain:
(A) Our supplier education leaflet, explaining the basics of open source;
(B) A slide deck explaining OpenChain ISO 5230 and how to self-certify or seek outside help;
(C) Our reference training deck, the most frequently requested document once people begin their journey to conformance.
I will be emailing the list separately with a reminder regarding how to assist with editing this pack. Thank you in advance for your assistance.

(2) The release of a free online reference training course has been requested. We are executing to meet this request and are nearly ready for final collaboration with LF Training to launch on the edX online platform. The training course is based on the reference training slides we have previously used, and also contains new suggestions and ideas. This is nearly ready. We expect the final edit to be during the OpenChain Mini-Summit on March 10th. The final release date will be determined by LF Training but we expect it to be shortly afterwards. I will be emailing the list separately with a reminder regarding how to assist with editing this course. Your help with final review will be deeply appreciated.

(3) Finally, translation, translation, translation. We know that each time a translated reference document is released, it makes a huge difference not only to OpenChain ISO 5230, but to global open source license compliance education as a whole. We just had our latest reference training slides released in Italian. I would like to call on all our country teams and fantastic contributors to consider helping to translate these core documents as one of their community activities in the coming months:
(1) Our supplier education leaflet;
(2) Our reference training slides;
(3) Our project overview slides.
If we can have the latest version of each of these documents translated, it will make the majority of early supplier education a single email event for most customer companies. It has immense potential for impact. Let’s make it happen.

= 2 =
Provide the community of peers (user company to user company) that supports this adoption.
==

We have built the world’s largest community to support peers around open source license compliance. The key thing for 2021 is continue our regular meetings with three areas of focus:

(1) Share case studies among ourselves. Time and again, this has proven to be the most effective way to bring companies together around the best solutions. We all learn, we all improve. I have a suggestion for all of our many, many local work groups: let’s try to have two or more user company case studies each meeting. Let’s make it a habit for user companies to express their experience to user companies. If this becomes our regular fabric, it will always benefit us.

(2) Make sure there is space for new companies to come to the table. With social distancing it is challenging to make sure people feel confident to try something new, and by creating explicit space we can help a lot. After all, many companies are just learning about OpenChain ISO 5230, and this is the perfect time welcome them to the table. The Japan Work Group is leading the way with something that I think may benefit us all: a newbie session of 30 minutes to one hour at each meeting where the experienced companies focus on greeting and encouraging new companies. The precise format depends on culture, naturally, but creating this space across all our work teams sounds very useful.

(3) Make questions part of our everyday life. Many companies are quite experienced, and outside of a specific case study, people from this company might not usually have questions to ask. However, I would like to ask and encourage everyone involved in OpenChain to consider purposefully asking extra questions on our mailing lists, calls and at work groups. We have discovered that if we ask the questions that less experienced companies are shy to ask, we can help provide the answer they need, and build an atmosphere where they are confident to ask directly next time. This step, as simple as a single sentence, can make a world of difference.

= 3 =
Engage with national and international organizations to embed OpenChain ISO 5230 in global policy.
==

We are talking with standardization bodies like ISO, BSI (UK), DIN (Germany) and standards focused organizations like NTIA (USA) and CESI (China). However, we can and should do more in this space. I would love for your help to open discussions with policy makers and policy influencers in France, India, Italy, Japan, South Korea and Taiwan. 

Policy discussions will be the slowest moving but one of the most impactful aspects of our work throughout 2021. The discussions we start today will assist in regulation both tomorrow and in 2025. I request that our country work groups, and every individual with contacts in the relevant spaces, please consider if they can contribute some time resources to helping make this happen.

===

And there you have it! This was a long email because there has been a lot of discussion and feedback across our community during the December to February period. With all the breaks done, it’s time to come together and make our usual magic happen.

The next three weeks will be a great time to discuss this further. Alongside our usual global team calls on Second Monday and Fourth Monday, we have:

An OpenChain Mini-Summit on the 10th of March

The Automotive Q1 meeting on the 18th of March

And local work group meetings announced in Korea (11th), Japan (17th), Taiwan (19th) and the UK (25th).

All of these meetings are open to everyone and can be tracked and joined without cost or registration:
(This is where you can also add our global calendar so that all current and future meetings are easily visible to you).

Everyone, please accept my sincere thanks for how far you have taken us. I am looking forward to the next steps in our journey together.

Regards

Shane 

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan


OpenChain Global Work Teams - Second Monday Meeting - Mon, 2021-03-08 10:00pm-11:00pm #cal-reminder

main@lists.openchainproject.org Calendar <main@...>
 

Reminder: OpenChain Global Work Teams - Second Monday Meeting

When: Monday, 8 March 2021, 10:00pm to 11:00pm, (GMT-08:00) America/Los Angeles

Where:Zoom

View Event

Organizer: Shane Coughlan scoughlan@...

Description:

Join Zoom Meeting ( https://us02web.zoom.us/j/9990120120?pwd=NzVCaFE2L1RRRFZaSkk0dm8xdlplUT09 )
 
Meeting ID: 999 012 0120
Password: 123456


Re: OpenChain Global Work Teams - Fourth Monday Call - Mon, 2021-02-22 7:00am-8:00am, Please RSVP #cal-reminder

Marcel (PwC DE)
 

Hello all,
hello Shane,

In our last OpenChain Global Work Teams call we talked about the OpenChain guidance document.
As discussed we have included a slide to set the OpenChain in the context of Compliance Management Systems. Also we have made some suggestions and comments on other slides.

Please find the version on:


Happy to discuss and take this forward.

Kind regards,
Marcel

Marcel Scholze (DE)
PwC | Director | Open Source Software Services & IT-Sourcing
Phone: +49 69 95851746 | Mobile: +49 151 161 57 049
Email: marcel.scholze@...
PricewaterhouseCoopers GmbH Wirtschaftsprüfungsgesellschaft
Friedrich-Ebert-Anlage 35-37 | 60327 | Frankfurt a. M. | Germany

Find out about Open Source Software Management: https://www.pwc.de/opensource

Vorsitzender des Aufsichtsrates: WP StB Dr. Norbert Vogelpoth
Geschäftsführer: WP StB Dr. Ulrich Störk, WP StB Dr. Peter Bartels, Dr. Joachim Englert, WP StB Petra Justenhoven, WP Clemens Koch, StB Marius Möller, WP StB Uwe Rittmann, StB RA Klaus Schmidt, StB CPA Mark Smith
Sitz der Gesellschaft: Frankfurt am Main, Amtsgericht Frankfurt am Main HRB 107858
PricewaterhouseCoopers GmbH Wirtschaftsprüfungsgesellschaft ist Mitglied von PricewaterhouseCoopers International, einer Company limited by guarantee registriert in England und Wales
Datenschutz: Hinweise zur Datenverarbeitung bei PricewaterhouseCoopers GmbH WPG finden Sie unter Datenschutzhinweise PricewaterhouseCoopers GmbH WPG


On Mon, 22 Feb 2021 at 15:30, main@... Calendar <main@...> wrote:

Reminder: OpenChain Global Work Teams - Fourth Monday Call

When: Monday, 22 February 2021, 7:00am to 8:00am, (GMT-08:00) America/Los Angeles

Where:Zoom - https://us02web.zoom.us/j/9990120120?pwd=NzVCaFE2L1RRRFZaSkk0dm8xdlplUT09

An RSVP is requested. Click here to RSVP

Organizer: Shane Coughlan scoughlan@...

Description:

Join Zoom Meeting ( https://us02web.zoom.us/j/9990120120?pwd=NzVCaFE2L1RRRFZaSkk0dm8xdlplUT09 )
Meeting ID: 999 012 0120
Password: 123456


Diese Information ist ausschliesslich fuer den Adressaten bestimmt und kann vertrauliche oder gesetzlich geschuetzte Informationen enthalten. Wenn Sie nicht der bestimmungsgemaesse Adressat sind, unterrichten Sie bitte den Absender und vernichten Sie diese Mail. Anderen als dem bestimmungsgemaessen Adressaten ist es untersagt, diese E-Mail zu lesen, zu speichern, weiterzuleiten oder ihren Inhalt auf welche Weise auch immer zu verwenden. Wir verwenden aktuelle Virenschutzprogramme. Fuer Schaeden, die dem Empfaenger gleichwohl durch von uns zugesandte mit Viren befallene E-Mails entstehen, schliessen wir jede Haftung aus. 
* * * * *
The information contained in this email is intended only for its addressee and may contain confidential and/or privileged information. If the reader of this email is not the intended recipient, you are hereby notified that reading, saving, distribution or use of the content of this email in any way is prohibited. If you have received this email in error, please notify the sender and delete the email. We use updated antivirus protection software. We do not accept any responsibility for damages caused anyhow by viruses transmitted via email.


Re: OpenChain Reference Training For ISO 5230 Now In Italian

Carlo "Kappa" Piana
 

No problem

the text looked already almost perfect. On the other hand, I spotted bits that perhaps very few will notice, but for the sake of accuracy I will see how they can be amended without too much fuss.

Best,

Carlo

----- Original Message -----
From: "Shane Coughlan" <scoughlan@...>
To: "Alessandra De Luca," <Alessandra.DeLuca@...>
Cc: "OpenChain Main" <main@...>
Sent: Thursday, 4 March, 2021 14:32:37
Subject: Re: [openchain] OpenChain Reference Training For ISO 5230 Now In Italian
Wonderful! Thank you so much for this excellent work.

And Carlo, thank you also for your super fast review!

On Mar 4, 2021, at 22:13, De Luca, Alessandra <Alessandra.DeLuca@...>
wrote:

Hi Shane,
I'll integrate the suggested changes and send you a new ppt version as soon as
possible.

Alessandra De Luca | System Analyst | Open Source Service Line | NTT DATA
Italia
Via Spagna 50, 87036 - Rende (CS), Italia | Tel: +39 366 666 3421|
alessandra.deluca@... | Learn more at www.nttdata.com/it | Twitter |
LinkedIn | Facebook


-----Original Message-----
From: Shane Coughlan <scoughlan@...>
Sent: Thursday, March 4, 2021 1:41 PM
To: OpenChain Main <main@...>
Cc: De Luca, Alessandra <Alessandra.DeLuca@...>
Subject: Re: [openchain] OpenChain Reference Training For ISO 5230 Now In
Italian

Thanks Carlo!

Alessandra, do you want to address directly or do you want me to merge the
suggested changes?

On Mar 3, 2021, at 18:30, Carlo Piana <carlo@...> wrote:


On a quick review waiting for a call, I see that the quality is very high, I
might say excellent. There are some quirks here and there though.

There are some which are notable and recurring throughout the text:

"works" -> "opera" (not "lavoro") in copyright parlance "public
domain" -> "pubblico dominio" (not "dominio pubblico" as would
nauturally be) "un software" NEVER EVER EVER EVER. Software is non numerable
matter. "Software" (without /articolo indeterminativo/) or "Applicazione",
"Programma", "Pacchetto" depending on the actual context.

Plus some improvements that would not add much, but are somewhat easy calls.

Chees

Carlo



----- Original Message -----
From: "Carlo Piana" <carlo@...>
To: "main@..."
<main@...>
Sent: Wednesday, 3 March, 2021 10:16:57
Subject: Re: [openchain] OpenChain Reference Training For ISO 5230
Now In Italian
AH! PPTX, you want to kill me! ;-)

K

PS: we have a markdown workflow also for slides, based on Reveal.js,
but mostly works for pandoc+beamer. The advantage of this approach is
that reviews are diffed in git! Basically we use reveal-md plus a few
javascript edits that extend comments for presentation commands, so
if you print just the text, it remains uncluttered by things like "this slide
without transition".


----- Original Message -----
From: "Shane Coughlan" <scoughlan@...>
To: "main@..."
<main@...>
Sent: Wednesday, 3 March, 2021 10:07:47
Subject: Re: [openchain] OpenChain Reference Training For ISO 5230
Now In Italian
Yes please!

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan

On Mar 3, 2021, at 17:57, Carlo Piana <carlo@...> wrote:

Kudos! This is more useful than one would think.

Any cross check needed from another native speaker?

Cheers

Carlo


----- Original Message -----
From: "Shane Coughlan" <scoughlan@...>
To: "OpenChain Main" <main@...>
Sent: Wednesday, 3 March, 2021 09:49:59
Subject: [openchain] OpenChain Reference Training For ISO 5230 Now
In Italian
The OpenChain Reference Training Slides are now available in
Italian. A big thank you to Alessandra De Luca and the rest of the
team at NTT Data Italy for making this happen!
You can download the slides under CC-0 licensing (effectively public domain).
https://www.openchainproject.org/news/2021/03/03/openchain-referen
ce-training-for-iso-5230-now-in-italian









Disclaimer: This email and any attachments are sent in strictest confidence for
the sole use of the addressee and may contain legally privileged, confidential,
and proprietary data. If you are not the intended recipient, please advise the
sender by replying promptly to this email and then delete and destroy this
email and any attachments without any further use, copying or forwarding.



Re: OpenChain Reference Training For ISO 5230 Now In Italian

 

Wonderful! Thank you so much for this excellent work.

And Carlo, thank you also for your super fast review!

On Mar 4, 2021, at 22:13, De Luca, Alessandra <Alessandra.DeLuca@...> wrote:

Hi Shane,
I'll integrate the suggested changes and send you a new ppt version as soon as possible.

Alessandra De Luca | System Analyst | Open Source Service Line | NTT DATA Italia
Via Spagna 50, 87036 - Rende (CS), Italia | Tel: +39 366 666 3421|
alessandra.deluca@... | Learn more at www.nttdata.com/it | Twitter | LinkedIn | Facebook


-----Original Message-----
From: Shane Coughlan <scoughlan@...>
Sent: Thursday, March 4, 2021 1:41 PM
To: OpenChain Main <main@...>
Cc: De Luca, Alessandra <Alessandra.DeLuca@...>
Subject: Re: [openchain] OpenChain Reference Training For ISO 5230 Now In Italian

Thanks Carlo!

Alessandra, do you want to address directly or do you want me to merge the suggested changes?

On Mar 3, 2021, at 18:30, Carlo Piana <carlo@...> wrote:


On a quick review waiting for a call, I see that the quality is very high, I might say excellent. There are some quirks here and there though.

There are some which are notable and recurring throughout the text:

"works" -> "opera" (not "lavoro") in copyright parlance "public
domain" -> "pubblico dominio" (not "dominio pubblico" as would
nauturally be) "un software" NEVER EVER EVER EVER. Software is non numerable matter. "Software" (without /articolo indeterminativo/) or "Applicazione", "Programma", "Pacchetto" depending on the actual context.

Plus some improvements that would not add much, but are somewhat easy calls.

Chees

Carlo



----- Original Message -----
From: "Carlo Piana" <carlo@...>
To: "main@..."
<main@...>
Sent: Wednesday, 3 March, 2021 10:16:57
Subject: Re: [openchain] OpenChain Reference Training For ISO 5230
Now In Italian
AH! PPTX, you want to kill me! ;-)

K

PS: we have a markdown workflow also for slides, based on Reveal.js,
but mostly works for pandoc+beamer. The advantage of this approach is
that reviews are diffed in git! Basically we use reveal-md plus a few
javascript edits that extend comments for presentation commands, so
if you print just the text, it remains uncluttered by things like "this slide without transition".


----- Original Message -----
From: "Shane Coughlan" <scoughlan@...>
To: "main@..."
<main@...>
Sent: Wednesday, 3 March, 2021 10:07:47
Subject: Re: [openchain] OpenChain Reference Training For ISO 5230
Now In Italian
Yes please!

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan

On Mar 3, 2021, at 17:57, Carlo Piana <carlo@...> wrote:

Kudos! This is more useful than one would think.

Any cross check needed from another native speaker?

Cheers

Carlo


----- Original Message -----
From: "Shane Coughlan" <scoughlan@...>
To: "OpenChain Main" <main@...>
Sent: Wednesday, 3 March, 2021 09:49:59
Subject: [openchain] OpenChain Reference Training For ISO 5230 Now
In Italian
The OpenChain Reference Training Slides are now available in
Italian. A big thank you to Alessandra De Luca and the rest of the
team at NTT Data Italy for making this happen!
You can download the slides under CC-0 licensing (effectively public domain).
https://www.openchainproject.org/news/2021/03/03/openchain-referen
ce-training-for-iso-5230-now-in-italian









Disclaimer: This email and any attachments are sent in strictest confidence for the sole use of the addressee and may contain legally privileged, confidential, and proprietary data. If you are not the intended recipient, please advise the sender by replying promptly to this email and then delete and destroy this email and any attachments without any further use, copying or forwarding.


External Webinar: Selecting the Right Technology Solution as Part of Your Conformance to ISO 5230 OpenChain Standard, March 11th, 2021

 

We have a ton of events in March. Tomorrow we will have a few emails to this list highlighting key events to be hosted by the OpenChain Project. However, to get started I wanted to flag an external webinar.

WhiteSource will host a webinar at 11:00 BST on March 11th covering the use of Software Component Analysis in the context of OpenChain ISO 5230. Martin Callinan from Source Code Control will also provide perspective from his client engagement. I will be there too :)

From the WhiteSource site:
In this webinar, our experts will present how the OpenChain Specification evolved to become an ISO standard, and will discuss the importance of choosing the right SCA tool for organizations to adopt so they can focus on value-added activities that drive the success of their businesses.


Re: OpenChain Reference Training For ISO 5230 Now In Italian

De Luca, Alessandra <Alessandra.DeLuca@...>
 

Hi Shane,
I'll integrate the suggested changes and send you a new ppt version as soon as possible.

Alessandra De Luca | System Analyst | Open Source Service Line | NTT DATA Italia
Via Spagna 50, 87036 - Rende (CS), Italia | Tel: +39 366 666 3421|
alessandra.deluca@... |  Learn more at www.nttdata.com/it | Twitter | LinkedIn | Facebook

-----Original Message-----
From: Shane Coughlan <scoughlan@...>
Sent: Thursday, March 4, 2021 1:41 PM
To: OpenChain Main <main@...>
Cc: De Luca, Alessandra <Alessandra.DeLuca@...>
Subject: Re: [openchain] OpenChain Reference Training For ISO 5230 Now In Italian

Thanks Carlo!

Alessandra, do you want to address directly or do you want me to merge the suggested changes?

On Mar 3, 2021, at 18:30, Carlo Piana <carlo@...> wrote:


On a quick review waiting for a call, I see that the quality is very high, I might say excellent. There are some quirks here and there though.

There are some which are notable and recurring throughout the text:

"works" -> "opera" (not "lavoro") in copyright parlance "public
domain" -> "pubblico dominio" (not "dominio pubblico" as would
nauturally be) "un software" NEVER EVER EVER EVER. Software is non numerable matter. "Software" (without /articolo indeterminativo/) or "Applicazione", "Programma", "Pacchetto" depending on the actual context.

Plus some improvements that would not add much, but are somewhat easy calls.

Chees

Carlo



----- Original Message -----
From: "Carlo Piana" <carlo@...>
To: "main@..."
<main@...>
Sent: Wednesday, 3 March, 2021 10:16:57
Subject: Re: [openchain] OpenChain Reference Training For ISO 5230
Now In Italian
AH! PPTX, you want to kill me! ;-)

K

PS: we have a markdown workflow also for slides, based on Reveal.js,
but mostly works for pandoc+beamer. The advantage of this approach is
that reviews are diffed in git! Basically we use reveal-md plus a few
javascript edits that extend comments for presentation commands, so
if you print just the text, it remains uncluttered by things like "this slide without transition".


----- Original Message -----
From: "Shane Coughlan" <scoughlan@...>
To: "main@..."
<main@...>
Sent: Wednesday, 3 March, 2021 10:07:47
Subject: Re: [openchain] OpenChain Reference Training For ISO 5230
Now In Italian
Yes please!

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan

On Mar 3, 2021, at 17:57, Carlo Piana <carlo@...> wrote:

Kudos! This is more useful than one would think.

Any cross check needed from another native speaker?

Cheers

Carlo


----- Original Message -----
From: "Shane Coughlan" <scoughlan@...>
To: "OpenChain Main" <main@...>
Sent: Wednesday, 3 March, 2021 09:49:59
Subject: [openchain] OpenChain Reference Training For ISO 5230 Now
In Italian
The OpenChain Reference Training Slides are now available in
Italian. A big thank you to Alessandra De Luca and the rest of the
team at NTT Data Italy for making this happen!
You can download the slides under CC-0 licensing (effectively public domain).
https://www.openchainproject.org/news/2021/03/03/openchain-referen
ce-training-for-iso-5230-now-in-italian









Disclaimer: This email and any attachments are sent in strictest confidence for the sole use of the addressee and may contain legally privileged, confidential, and proprietary data. If you are not the intended recipient, please advise the sender by replying promptly to this email and then delete and destroy this email and any attachments without any further use, copying or forwarding.


Re: OpenChain Reference Training For ISO 5230 Now In Italian

 

Thanks Carlo!

Alessandra, do you want to address directly or do you want me to merge the suggested changes?

On Mar 3, 2021, at 18:30, Carlo Piana <carlo@...> wrote:


On a quick review waiting for a call, I see that the quality is very high, I might say excellent. There are some quirks here and there though.

There are some which are notable and recurring throughout the text:

"works" -> "opera" (not "lavoro") in copyright parlance
"public domain" -> "pubblico dominio" (not "dominio pubblico" as would nauturally be)
"un software" NEVER EVER EVER EVER. Software is non numerable matter. "Software" (without /articolo indeterminativo/) or "Applicazione", "Programma", "Pacchetto" depending on the actual context.

Plus some improvements that would not add much, but are somewhat easy calls.

Chees

Carlo



----- Original Message -----
From: "Carlo Piana" <carlo@...>
To: "main@..." <main@...>
Sent: Wednesday, 3 March, 2021 10:16:57
Subject: Re: [openchain] OpenChain Reference Training For ISO 5230 Now In Italian
AH! PPTX, you want to kill me! ;-)

K

PS: we have a markdown workflow also for slides, based on Reveal.js, but mostly
works for pandoc+beamer. The advantage of this approach is that reviews are
diffed in git! Basically we use reveal-md plus a few javascript edits that
extend comments for presentation commands, so if you print just the text, it
remains uncluttered by things like "this slide without transition".


----- Original Message -----
From: "Shane Coughlan" <scoughlan@...>
To: "main@..." <main@...>
Sent: Wednesday, 3 March, 2021 10:07:47
Subject: Re: [openchain] OpenChain Reference Training For ISO 5230 Now In
Italian
Yes please!

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan

On Mar 3, 2021, at 17:57, Carlo Piana <carlo@...> wrote:

Kudos! This is more useful than one would think.

Any cross check needed from another native speaker?

Cheers

Carlo


----- Original Message -----
From: "Shane Coughlan" <scoughlan@...>
To: "OpenChain Main" <main@...>
Sent: Wednesday, 3 March, 2021 09:49:59
Subject: [openchain] OpenChain Reference Training For ISO 5230 Now In Italian
The OpenChain Reference Training Slides are now available in Italian. A big
thank you to Alessandra De Luca and the rest of the team at NTT Data Italy for
making this happen!
You can download the slides under CC-0 licensing (effectively public domain).
https://www.openchainproject.org/news/2021/03/03/openchain-reference-training-for-iso-5230-now-in-italian










IMPORTANT: OpenChain Global Calendar Finalized - Please Subscribe

 

IMPORTANT: OpenChain Global Calendar Finalized - Please Subscribe

The OpenChain Global Calendar is one click to join from this page:
https://www.openchainproject.org/community
Click “+ Google Calendar” to add this calendar to your computer/phone/tablet.

It is *highly* recommended to do this. It will allow you to track all our events and to join any event at your discretion without registration or additional searching. The global calendar removes all the confusion of calendar invites.

You can also access this calendar through this link:
https://calendar.google.com/calendar/embed?src=c_08seb6095ofjtfr5fjb5tabgl4%40group.calendar.google.com&ctz=utc

And it is in iCal format here:
https://calendar.google.com/calendar/ical/c_08seb6095ofjtfr5fjb5tabgl4%40group.calendar.google.com/public/basic.ics

As you can see from the attached image, we have an incredibly busy schedule this month alone, providing support across all aspects of using ISO 5230 in all geographies. Times displayed in UTC for our global audience in this image.


Re: Certification Services

 

Hi Mary

Adding the relevant text from the specification below for everyone (minus rationale expansion). Full specification here:

Each process identified by OpenChain has verification materials that must be output. This allows the company and (their customers) to check to ensure a software package has been correctly passed through the process at any time during production or later.

This means a company can implement the processes and self-certify or get independent assessment or third-party certification, and thereafter there is a permanent sanity check (or as long as required by licensed and law).

A review, audit or remediation procedure can ask for the verification artifacts. Indeed, the second to final section of OpenChain addresses this specifically with the verification artifact for the verification artifacts:
“3.6.1 In order for a program to be deemed OpenChain conformant, the organization shall [have] A document affirming the program [...] satisfies all the requirements of this [specification].”

Thus any customer/supplier question flow could look like this:

Are you OpenChain Conformant?

Can you provide the verification artifact for section 3.6.1?

And maybe:

As part of our final review, can you provide the verification artifacts for sections X, Y and Z?

Each industry sector will decide what level of fidelity is necessary to proceed. We expect variance to be relatively wide by sector, but less so inside each sector.

(e.g. I would be surprised if a defense company didn’t say “give me all the artifacts” but I would be less surprised if a consumer electronics company focused on specific artifacts to satisfy their assessment, up to and including being satisfied if supplierX simply provided the 3.6.1 + 3.6.2 (confirmation of being current)).

== specification text == 

3.3.1 Bill of materials

A process shall exist for creating and managing a bill of materials that includes each open source component (and its identified licenses) from which the supplied software is comprised.

Verification material(s):

3.3.1.1 A documented procedure for identifying, tracking, reviewing, approving, and archiving information about the collection of open source components from which the supplied software is comprised.

3.3.1.2 Open source component records for the supplied software that demonstrates the documented procedure was properly followed.

3.4.1 Compliance artifacts

A process shall exist for creating the set of compliance artifacts for the supplied software.

 Verification material(s):

3.4.1.1 A documented procedure that describes the process under which the compliance artifacts are prepared and distributed with the supplied software as required by the identified licenses.

3.4.1.2 A documented procedure for archiving copies of the compliance artifacts of the supplied software - where the archive is planned to exist for a reasonable period of time1 since the last offer of the supplied software; or as required by the identified licenses (whichever is longer). Records exist that demonstrate the procedure has been properly followed.

On Mar 3, 2021, at 21:54, Mattran, Mary <mary.mattran@...> wrote:

Open Chain has built into it that people are aware of the policy and their role in the open source arena, and evidence needs to be provided that the process is followed (3.3.1.2, 3.4.1.2)  so they can't just build the thing, then get certified.  They need to show that it is being followed, too.   


Re: Certification Services

Mattran, Mary
 

Open Chain has built into it that people are aware of the policy and their role in the open source arena, and evidence needs to be provided that the process is followed (3.3.1.2, 3.4.1.2)  so they can't just build the thing, then get certified.  They need to show that it is being followed, too.   


Re: OpenChain Reference Training For ISO 5230 Now In Italian

Carlo "Kappa" Piana
 

On a quick review waiting for a call, I see that the quality is very high, I might say excellent. There are some quirks here and there though.

There are some which are notable and recurring throughout the text:

"works" -> "opera" (not "lavoro") in copyright parlance
"public domain" -> "pubblico dominio" (not "dominio pubblico" as would nauturally be)
"un software" NEVER EVER EVER EVER. Software is non numerable matter. "Software" (without /articolo indeterminativo/) or "Applicazione", "Programma", "Pacchetto" depending on the actual context.

Plus some improvements that would not add much, but are somewhat easy calls.

Chees

Carlo

----- Original Message -----
From: "Carlo Piana" <carlo@...>
To: "main@..." <main@...>
Sent: Wednesday, 3 March, 2021 10:16:57
Subject: Re: [openchain] OpenChain Reference Training For ISO 5230 Now In Italian
AH! PPTX, you want to kill me! ;-)

K

PS: we have a markdown workflow also for slides, based on Reveal.js, but mostly
works for pandoc+beamer. The advantage of this approach is that reviews are
diffed in git! Basically we use reveal-md plus a few javascript edits that
extend comments for presentation commands, so if you print just the text, it
remains uncluttered by things like "this slide without transition".


----- Original Message -----
From: "Shane Coughlan" <scoughlan@...>
To: "main@..." <main@...>
Sent: Wednesday, 3 March, 2021 10:07:47
Subject: Re: [openchain] OpenChain Reference Training For ISO 5230 Now In
Italian
Yes please!

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan

On Mar 3, 2021, at 17:57, Carlo Piana <carlo@...> wrote:

Kudos! This is more useful than one would think.

Any cross check needed from another native speaker?

Cheers

Carlo


----- Original Message -----
From: "Shane Coughlan" <scoughlan@...>
To: "OpenChain Main" <main@...>
Sent: Wednesday, 3 March, 2021 09:49:59
Subject: [openchain] OpenChain Reference Training For ISO 5230 Now In Italian
The OpenChain Reference Training Slides are now available in Italian. A big
thank you to Alessandra De Luca and the rest of the team at NTT Data Italy for
making this happen!
You can download the slides under CC-0 licensing (effectively public domain).
https://www.openchainproject.org/news/2021/03/03/openchain-reference-training-for-iso-5230-now-in-italian







Re: OpenChain Reference Training For ISO 5230 Now In Italian

Carlo "Kappa" Piana
 

AH! PPTX, you want to kill me! ;-)

K

PS: we have a markdown workflow also for slides, based on Reveal.js, but mostly works for pandoc+beamer. The advantage of this approach is that reviews are diffed in git! Basically we use reveal-md plus a few javascript edits that extend comments for presentation commands, so if you print just the text, it remains uncluttered by things like "this slide without transition".

----- Original Message -----
From: "Shane Coughlan" <scoughlan@...>
To: "main@..." <main@...>
Sent: Wednesday, 3 March, 2021 10:07:47
Subject: Re: [openchain] OpenChain Reference Training For ISO 5230 Now In Italian
Yes please!

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan

On Mar 3, 2021, at 17:57, Carlo Piana <carlo@...> wrote:

Kudos! This is more useful than one would think.

Any cross check needed from another native speaker?

Cheers

Carlo


----- Original Message -----
From: "Shane Coughlan" <scoughlan@...>
To: "OpenChain Main" <main@...>
Sent: Wednesday, 3 March, 2021 09:49:59
Subject: [openchain] OpenChain Reference Training For ISO 5230 Now In Italian
The OpenChain Reference Training Slides are now available in Italian. A big
thank you to Alessandra De Luca and the rest of the team at NTT Data Italy for
making this happen!
You can download the slides under CC-0 licensing (effectively public domain).
https://www.openchainproject.org/news/2021/03/03/openchain-reference-training-for-iso-5230-now-in-italian






Re: OpenChain Reference Training For ISO 5230 Now In Italian

 

Yes please!

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan

On Mar 3, 2021, at 17:57, Carlo Piana <carlo@...> wrote:

Kudos! This is more useful than one would think.

Any cross check needed from another native speaker?

Cheers

Carlo


----- Original Message -----
From: "Shane Coughlan" <scoughlan@...>
To: "OpenChain Main" <main@...>
Sent: Wednesday, 3 March, 2021 09:49:59
Subject: [openchain] OpenChain Reference Training For ISO 5230 Now In Italian
The OpenChain Reference Training Slides are now available in Italian. A big
thank you to Alessandra De Luca and the rest of the team at NTT Data Italy for
making this happen!
You can download the slides under CC-0 licensing (effectively public domain).
https://www.openchainproject.org/news/2021/03/03/openchain-reference-training-for-iso-5230-now-in-italian





Re: OpenChain Reference Training For ISO 5230 Now In Italian

Carlo "Kappa" Piana
 

Kudos! This is more useful than one would think.

Any cross check needed from another native speaker?

Cheers

Carlo

----- Original Message -----
From: "Shane Coughlan" <scoughlan@...>
To: "OpenChain Main" <main@...>
Sent: Wednesday, 3 March, 2021 09:49:59
Subject: [openchain] OpenChain Reference Training For ISO 5230 Now In Italian
The OpenChain Reference Training Slides are now available in Italian. A big
thank you to Alessandra De Luca and the rest of the team at NTT Data Italy for
making this happen!
You can download the slides under CC-0 licensing (effectively public domain).
https://www.openchainproject.org/news/2021/03/03/openchain-reference-training-for-iso-5230-now-in-italian


OpenChain Reference Training For ISO 5230 Now In Italian

 

The OpenChain Reference Training Slides are now available in Italian. A big thank you to Alessandra De Luca and the rest of the team at NTT Data Italy for making this happen!
You can download the slides under CC-0 licensing (effectively public domain).
https://www.openchainproject.org/news/2021/03/03/openchain-reference-training-for-iso-5230-now-in-italian


Invitation: OpenChain Bi-Weekly Webinar @ Monthly from 14:00 to 15:00 on the first Monday (JST) (main@lists.openchainproject.org)

 

You have been invited to the following event.

OpenChain Bi-Weekly Webinar

When
Monthly from 14:00 to 15:00 on the first Monday Japan Standard Time
Where
https://us02web.zoom.us/j/9990120120?pwd=NzVCaFE2L1RRRFZaSkk0dm8xdlplUT09 (map)
Calendar
main@...
Who
scoughlan@... - creator
main@...
This is part of the bi-weekly OpenChain Webinar series. Every two weeks we have international speakers covering a wide range of topics related to practical open source compliance challenges, solutions and considerations. You can learn more about this series here : https://www.openchainproject.org/webinars-interviews

Join Zoom Meeting
https://us02web.zoom.us/j/9990120120?pwd=NzVCaFE2L1RRRFZaSkk0dm8xdlplUT09

Meeting ID: 999 012 0120
Passcode: 123456
One tap mobile
⁨+16699006833,,9990120120#,,,,*123456#⁩ US (San Jose)
⁨+12532158782,,9990120120#,,,,*123456#⁩ US (Tacoma)

Dial by your location
        ⁨+1 669 900 6833⁩ US (San Jose)
        ⁨+1 253 215 8782⁩ US (Tacoma)
        ⁨+1 301 715 8592⁩ US (Washington DC)
        ⁨+1 312 626 6799⁩ US (Chicago)
        ⁨+1 346 248 7799⁩ US (Houston)
        ⁨+1 408 638 0968⁩ US (San Jose)
        ⁨+1 646 876 9923⁩ US (New York)
Meeting ID: 999 012 0120
Passcode: 123456
Find your local number:
https://us02web.zoom.us/u/kW7exlfu

Going (main@...)?   All events in this series:   Yes - Maybe - No    more options »

Invitation from Google Calendar

You are receiving this courtesy email at the account main@... because you are an attendee of this event.

To stop receiving future updates for this event, decline this event. Alternatively you can sign up for a Google account at https://calendar.google.com/calendar/ and control your notification settings for your entire calendar.

Forwarding this invitation could allow any recipient to send a response to the organizer and be added to the guest list, or invite others regardless of their own invitation status, or to modify your RSVP. Learn More.


Invitation: OpenChain Global Work Teams - Fourth Monday Call @ Monthly from 23:00 to 00:00 on the fourth Monday (JST) (main@lists.openchainproject.org)

 

You have been invited to the following event.

OpenChain Global Work Teams - Fourth Monday Call

When
Monthly from 23:00 to 00:00 on the fourth Monday Japan Standard Time
Where
Zoom - https://us02web.zoom.us/j/9990120120?pwd=NzVCaFE2L1RRRFZaSkk0dm8xdlplUT09 (map)
Calendar
main@...
Who
scoughlan@... - creator
main@...
Join Zoom Meeting
https://us02web.zoom.us/j/9990120120?pwd=NzVCaFE2L1RRRFZaSkk0dm8xdlplUT09

Meeting ID: 999 012 0120
Passcode: 123456
One tap mobile
⁨+16699006833,,9990120120#,,,,*123456#⁩ US (San Jose)
⁨+12532158782,,9990120120#,,,,*123456#⁩ US (Tacoma)

Dial by your location
        ⁨+1 669 900 6833⁩ US (San Jose)
        ⁨+1 253 215 8782⁩ US (Tacoma)
        ⁨+1 301 715 8592⁩ US (Washington DC)
        ⁨+1 312 626 6799⁩ US (Chicago)
        ⁨+1 346 248 7799⁩ US (Houston)
        ⁨+1 408 638 0968⁩ US (San Jose)
        ⁨+1 646 876 9923⁩ US (New York)
Meeting ID: 999 012 0120
Passcode: 123456
Find your local number:
https://us02web.zoom.us/u/kW7exlfu

Going (main@...)?   All events in this series:   Yes - Maybe - No    more options »

Invitation from Google Calendar

You are receiving this courtesy email at the account main@... because you are an attendee of this event.

To stop receiving future updates for this event, decline this event. Alternatively you can sign up for a Google account at https://calendar.google.com/calendar/ and control your notification settings for your entire calendar.

Forwarding this invitation could allow any recipient to send a response to the organizer and be added to the guest list, or invite others regardless of their own invitation status, or to modify your RSVP. Learn More.


Invitation: OpenChain Bi-Weekly Webinar @ Monthly from 23:00 to 00:00 on the third Monday (JST) (main@lists.openchainproject.org)

 

You have been invited to the following event.

OpenChain Bi-Weekly Webinar

When
Monthly from 23:00 to 00:00 on the third Monday Japan Standard Time
Where
https://us02web.zoom.us/j/9990120120?pwd=NzVCaFE2L1RRRFZaSkk0dm8xdlplUT09 (map)
Calendar
main@...
Who
scoughlan@... - creator
main@...
This is part of the bi-weekly OpenChain Webinar series. Every two weeks we have international speakers covering a wide range of topics related to practical open source compliance challenges, solutions and considerations. You can learn more about this series here : https://www.openchainproject.org/webinars-interviews

Join Zoom Meeting
https://us02web.zoom.us/j/9990120120?pwd=NzVCaFE2L1RRRFZaSkk0dm8xdlplUT09

Meeting ID: 999 012 0120
Passcode: 123456
One tap mobile
⁨+16699006833,,9990120120#,,,,*123456#⁩ US (San Jose)
⁨+12532158782,,9990120120#,,,,*123456#⁩ US (Tacoma)

Dial by your location
        ⁨+1 669 900 6833⁩ US (San Jose)
        ⁨+1 253 215 8782⁩ US (Tacoma)
        ⁨+1 301 715 8592⁩ US (Washington DC)
        ⁨+1 312 626 6799⁩ US (Chicago)
        ⁨+1 346 248 7799⁩ US (Houston)
        ⁨+1 408 638 0968⁩ US (San Jose)
        ⁨+1 646 876 9923⁩ US (New York)
Meeting ID: 999 012 0120
Passcode: 123456
Find your local number:
https://us02web.zoom.us/u/kW7exlfu

Going (main@...)?   All events in this series:   Yes - Maybe - No    more options »

Invitation from Google Calendar

You are receiving this courtesy email at the account main@... because you are an attendee of this event.

To stop receiving future updates for this event, decline this event. Alternatively you can sign up for a Google account at https://calendar.google.com/calendar/ and control your notification settings for your entire calendar.

Forwarding this invitation could allow any recipient to send a response to the organizer and be added to the guest list, or invite others regardless of their own invitation status, or to modify your RSVP. Learn More.

1181 - 1200 of 5036