Date   

Re: Invitation: OpenChain Quarterly Summit @ Mon Jun 14, 2021 10am - 1pm (EDT) (main@lists.openchainproject.org)

 

Greetings everyone! Let’s talk a little more about this summit!

I would like to propose that we make the forthcoming Quarterly Mini-Summit a little special, especially from the perspective of welcoming new participants to our community.

As usual we will have a three hour block. Here is my suggestion:

Hour #1: Short case studies (5 minutes max) from the community + open discussion of 10 minutes to help people catch up and welcome new community members.

Hour #2: Focus on drafting the security usage description document for OpenChain ISO 5230

Hour #3: Education work team: focus on building out new sections of the online education.

What do you think?

Regards

Shane

Jennifer McGinnis <jmcginnis@linuxfoundation.org> wrote:
You have been invited to the following event.
OpenChain Quarterly Summit
When
Mon Jun 14, 2021 10am – 1pm Eastern Time - New York


Discussion Point: Consolidation and Framing of Work Groups

 

Greetings all!

I would like to open a discussion about tidying up our work groups and introducing new ways for participants to engage.

First of all, I want to propose that our curriculum and education work groups merge, allowing one team oversight of our reference material. I propose it is initially co-chaired by Balakrisha and Alexios as activity for 2nd Half 2021 is discussed :)

I also propose that our conformance and specification work teams are combined, given that we have narrowed the work to “specification and guidance documents + self-certification questions.” I propose it is initially co-chaired by Mark and Miriam as activity for 2nd Half 2021 is discussed :)

I would also like us to open a discussion about how we select Chairs for our various work groups (global and local), so that we can make sure it is democratic. Perhaps we can consider one or two year elections, and test it with one work group, to see how things go? There is no need to change chairs, but we want to make sure people feel included in all aspects of project decision-making and governance.

Regards

Shane


Supplier Education Pack - Final Drafts of Chinese (trad+simpl), English, French, German, Japanese, Korean and Vietnamese ready

 


Invitation: OpenChain Quarterly Summit @ Mon Jun 14, 2021 10am - 1pm (EDT) (main@lists.openchainproject.org)

Jennifer McGinnis <jmcginnis@...>
 

You have been invited to the following event.

OpenChain Quarterly Summit

When
Mon Jun 14, 2021 10am – 1pm Eastern Time - New York
Where
https://us02web.zoom.us/j/9990120120?pwd=NzVCaFE2L1RRRFZaSkk0dm8xdlplUT09 (map)
Calendar
main@...
Who
jmcginnis@... - creator
main@...
Join Zoom Meeting
https://us02web.zoom.us/j/9990120120?pwd=NzVCaFE2L1RRRFZaSkk0dm8xdlplUT09

Meeting ID: 999 012 0120
Passcode: 123456
One tap mobile
⁨+16699006833,,9990120120#,,,,*123456#⁩ US (San Jose)
⁨+12532158782,,9990120120#,,,,*123456#⁩ US (Tacoma)

Dial by your location
        ⁨+1 669 900 6833⁩ US (San Jose)
        ⁨+1 253 215 8782⁩ US (Tacoma)
        ⁨+1 301 715 8592⁩ US (Washington DC)
        ⁨+1 312 626 6799⁩ US (Chicago)
        ⁨+1 346 248 7799⁩ US (Houston)
        ⁨+1 408 638 0968⁩ US (San Jose)
        ⁨+1 646 876 9923⁩ US (New York)
Meeting ID: 999 012 0120
Passcode: 123456
Find your local number:
https://us02web.zoom.us/u/kW7exlfu



Tentative Agenda:
Hour 1: Newbies Session
Hour 2: specification security guidance document
Hour 3: Work Session on Education Course

Going (main@...)?   Yes - Maybe - No    more options »

Invitation from Google Calendar

You are receiving this courtesy email at the account main@... because you are an attendee of this event.

To stop receiving future updates for this event, decline this event. Alternatively you can sign up for a Google account at https://calendar.google.com/calendar/ and control your notification settings for your entire calendar.

Forwarding this invitation could allow any recipient to send a response to the organizer and be added to the guest list, or invite others regardless of their own invitation status, or to modify your RSVP. Learn More.


OpenChain Supplier Education Leaflet - Korean Version - Ready For Review

 

Dear Korean Work Group!

The Korean version of the supplier education leaflet is now available for review. Can you give us your opinion?
https://github.com/OpenChain-Project/Reference-Material/tree/master/Suppliers/Leaflet/Official/2.1/ko

Regards

Shane


Webinar #23 available to view now online

Jennifer McGinnis <jmcginnis@...>
 

Hi OpenChain community!

Webinar #23 - OpenChain ISO 5230 in Venture Capital - is now available online for you to view:

https://www.openchainproject.org/news/2021/05/21/webinar-23-openchain-iso-5230-in-venture-capital


Thanks, and have a great weekend!


Jenni

--
Jenni McGinnis
Projects Coordinator | The Linux Foundation
Assisting with RISC-V International, OpenChain, TARS, & OpenFabrics Alliance


Supplier Education Pack dedicated landing page

 

Everyone, there is a dedicated landing page for the supplier education pack here:
https://www.openchainproject.org/supplier-education-pack

We will be building this out to make adoption super easy for suppliers. If you have ideas and suggestions, this is the thread to raise them!


OpenChain Supplier Pack Translations

 

Greetings all!

Exciting news: our translations of the key slides from the supplier education pack are ready for review. We have:
Chinese Simplified and Traditional!
German!
Japanese!
aaaaand...
Korean!

Oh wait. There is more.

French!
Vietnamese!

If you could help review it would be super appreciated:
https://github.com/OpenChain-Project/Reference-Material/tree/master/OpenChain-ISO-5230-Supplier-Education-Pack

We want to catch any mistakes before calling it final.

Regards

Shane


Re: Standard documents to share sbom report among supply chain

 

Hi Dinesh!

= Everyone else ==
I advise everyone to check out the full discussion here:
https://github.com/OpenChain-Project/Reference-Material/issues/6
== Back to Dinesh ==

We actually have a solution in the market that sounds like it suits your use-case of - basically - an Excel software bill of materials. It is called “SPDX Lite” and it is an optional component of SPDX 2.2. It was created by Japanese companies like Hitachi, Toshiba and Fujitsu for precisely the use case you mention.

You can read about it here:
https://spdx.github.io/spdx-spec/appendix-VIII-SPDX-Lite/

It is very short, compact and effective for human readability.

Regards

Shane

On May 20, 2021, at 15:24, DR <dineshr93@gmail.com> wrote:

Hi Shane & all,

I have a question.
Is there are standard documents required to share sbom contained OSS IP details for 2 Main cases.
Case 1: Docx or pdf OSS report to be shared along with our direct product or services
Case 2: Excel or other format to share oss details among Tier n's (Tier 1, Tier 2 ... etc & OEM) so that OEM can collate & use documents from Case 1. (or spdx)

I searched here not sure where to get them.. (Tracing a doc is little tough)


raised an ticket here https://github.com/OpenChain-Project/Reference-Material/issues/6

Please help if it's already there...

Thanks
Dinesh




Standard documents to share sbom report among supply chain

DR
 

Hi Shane & all,

I have a question.

Is there are standard documents required to share sbom contained OSS IP details for 2 Main cases.
Case 1: Docx or pdf OSS report to be shared along with our direct product or services
Case 2: Excel or other format to share oss details among Tier n's (Tier 1, Tier 2 ... etc & OEM) so that OEM can collate & use documents from Case 1. (or spdx)

I searched here not sure where to get them.. (Tracing a doc is little tough)



Please help if it's already there...

Thanks
Dinesh




Re: Shane away until 21st

Martin Callinan
 

Happy Birthday Shane

-----Original Message-----
From: main@lists.openchainproject.org <main@lists.openchainproject.org> On Behalf Of Shane Coughlan via lists.openchainproject.org
Sent: 19 May 2021 05:27
To: OpenChain Main <main@lists.openchainproject.org>
Subject: [openchain] Shane away until 21st

Greetings all!

I’m taking two days off for my birthday. I’ll be back 21st. Always available by phone if needed!

Shane

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan


Re: Shane away until 21st

reza.alavi@wipro.com
 

Happy Birthday Shane!

Have a great one!

Reza

On 19 May 2021, at 05:26, Shane Coughlan <scoughlan@linuxfoundation.org> wrote:

Greetings all!

I’m taking two days off for my birthday. I’ll be back 21st. Always available by phone if needed!

Shane

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan




Shane away until 21st

 

Greetings all!

I’m taking two days off for my birthday. I’ll be back 21st. Always available by phone if needed!

Shane

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan


Re: OpenChain Supplier Education Leaflet - German Draft underway

 

Thank you Marcel!

Stefan, are you ok to review and potentially integrate with the SLA?

On May 18, 2021, at 6:18, Marcel (PwC DE) via lists.openchainproject.org <marcel.scholze=pwc.com@lists.openchainproject.org> wrote:

Hello all,

Thank you, Stefan, for the German translation of the OpenChain Supplier Leaflet!
Please find attached our suggestions/corrections for the document.
Happy to discuss or get any further feedback to then complete the leaflet.

Kind regards,
Marcel


Marcel Scholze (DE)
PwC | Director | Open Source Software Services & IT-Sourcing
Phone: +49 69 95851746 | Mobile: +49 151 161 57 049
Email: marcel.scholze@pwc.com
PricewaterhouseCoopers GmbH Wirtschaftsprüfungsgesellschaft
Friedrich-Ebert-Anlage 35-37 | 60327 | Frankfurt a. M. | Germany

Find out about Open Source Software Management: https://www.pwc.de/opensource

Vorsitzender des Aufsichtsrates: WP StB Dr. Norbert Vogelpoth
Geschäftsführer: WP StB Dr. Ulrich Störk, WP StB Dr. Peter Bartels, Dr. Joachim Englert, WP StB Petra Justenhoven, WP Clemens Koch, StB Marius Möller, WP StB Uwe Rittmann, StB RA Klaus Schmidt, StB CPA Mark Smith
Sitz der Gesellschaft: Frankfurt am Main, Amtsgericht Frankfurt am Main HRB 107858
PricewaterhouseCoopers GmbH Wirtschaftsprüfungsgesellschaft ist Mitglied von PricewaterhouseCoopers International, einer Company limited by guarantee registriert in England und Wales
Datenschutz: Hinweise zur Datenverarbeitung bei PricewaterhouseCoopers GmbH WPG finden Sie unter Datenschutzhinweise PricewaterhouseCoopers GmbH WPG


On Fri, 7 Feb 2020 at 18:38, Shane Coughlan <scoughlan@linuxfoundation.org> wrote:
Stefan from Fiducia & GAD IT announced yesterday that work is well advanced on a German translation of our Supplier Education Leaflet. Originally created by a sub-group of the OpenChain Japan Work Group, the supplier education leaflet is available in Japanese, English, Simplified and Traditional Chinese, as well as in Vietnamese as a draft.

See Stefan’s full announcement and call for support below.

==

As discussed yesterday in Nuremberg during our kick-off meeting of the German OpenChain Working Group, I would like to reach out for support regarding finalisation of a translation of the Open Chain Supplier Leaflet into German.

You can see the current state-of-work at
https://github.com/OCSpecGermanTranslation/OpenChain-SuppierLeaflet-GermanTranslation/blob/master/supplier-leaflet/de/OpenChain-GeneralGuideline-E-0608_DE.pdf

The layout is not yet as complete as in the original - I would like to finalise the design after having sorted out the final German text. Thus, in a first round, quality checking of the text would be a good point to start :-)

My ‚request-for-contribution‘ to you, if you currently want to / can support:
Could you please compare the current German translation draft to the English version at
https://github.com/OCSpecGermanTranslation/OpenChain-SuppierLeaflet-GermanTranslation/blob/master/supplier-leaflet/supplier-leaflet-1.0-en.pdf
and provide corrections and suggestions for improvement? Please feel free to direct any comments to my address Stefan.thanheiser@gmx.de.

(Should any of you want to go deeper: I ported the document from the proprietary Adobe format I found at Github (sorry, if there should have been any other format there -maybe I did not dig deep enough into the directory structure) to a format of the open source tool Scribus - why not use OSS tools when writing about OSS? ;-).
The "scribus source file" for the PDF can be found at
https://github.com/OCSpecGermanTranslation/OpenChain-SuppierLeaflet-GermanTranslation/blob/master/supplier-leaflet/de/OpenChain-GeneralGuideline-E-0608_DE.sla
and can be edited using Scribus v1.5.5.)

Thank you in advance for your support and best regards,
Stefan



Diese Information ist ausschliesslich fuer den Adressaten bestimmt und kann vertrauliche oder gesetzlich geschuetzte Informationen enthalten. Wenn Sie nicht der bestimmungsgemaesse Adressat sind, unterrichten Sie bitte den Absender und vernichten Sie diese Mail. Anderen als dem bestimmungsgemaessen Adressaten ist es untersagt, diese E-Mail zu lesen, zu speichern, weiterzuleiten oder ihren Inhalt auf welche Weise auch immer zu verwenden. Wir verwenden aktuelle Virenschutzprogramme. Fuer Schaeden, die dem Empfaenger gleichwohl durch von uns zugesandte mit Viren befallene E-Mails entstehen, schliessen wir jede Haftung aus.
* * * * *
The information contained in this email is intended only for its addressee and may contain confidential and/or privileged information. If the reader of this email is not the intended recipient, you are hereby notified that reading, saving, distribution or use of the content of this email in any way is prohibited. If you have received this email in error, please notify the sender and delete the email. We use updated antivirus protection software. We do not accept any responsibility for damages caused anyhow by viruses transmitted via email.

<supplier-leaflet-de_PwC suggestions.docx>


Re: OpenChain Supplier Education Leaflet - German Draft underway

Marcel (PwC DE)
 

Hello all,

Thank you, Stefan, for the German translation of the OpenChain Supplier Leaflet!
Please find attached our suggestions/corrections for the document.
Happy to discuss or get any further feedback to then complete the leaflet.

Kind regards,
Marcel


Marcel Scholze (DE)
PwC | Director | Open Source Software Services & IT-Sourcing
Phone: +49 69 95851746 | Mobile: +49 151 161 57 049
Email: marcel.scholze@...
PricewaterhouseCoopers GmbH Wirtschaftsprüfungsgesellschaft
Friedrich-Ebert-Anlage 35-37 | 60327 | Frankfurt a. M. | Germany

Find out about Open Source Software Management: https://www.pwc.de/opensource

Vorsitzender des Aufsichtsrates: WP StB Dr. Norbert Vogelpoth
Geschäftsführer: WP StB Dr. Ulrich Störk, WP StB Dr. Peter Bartels, Dr. Joachim Englert, WP StB Petra Justenhoven, WP Clemens Koch, StB Marius Möller, WP StB Uwe Rittmann, StB RA Klaus Schmidt, StB CPA Mark Smith
Sitz der Gesellschaft: Frankfurt am Main, Amtsgericht Frankfurt am Main HRB 107858
PricewaterhouseCoopers GmbH Wirtschaftsprüfungsgesellschaft ist Mitglied von PricewaterhouseCoopers International, einer Company limited by guarantee registriert in England und Wales
Datenschutz: Hinweise zur Datenverarbeitung bei PricewaterhouseCoopers GmbH WPG finden Sie unter Datenschutzhinweise PricewaterhouseCoopers GmbH WPG


On Fri, 7 Feb 2020 at 18:38, Shane Coughlan <scoughlan@...> wrote:
Stefan from Fiducia & GAD IT announced yesterday that work is well advanced on a German translation of our Supplier Education Leaflet. Originally created by a sub-group of the OpenChain Japan Work Group, the supplier education leaflet is available in Japanese, English, Simplified and Traditional Chinese, as well as in Vietnamese as a draft.

See Stefan’s full announcement and call for support below.

==

As discussed yesterday in Nuremberg during our kick-off meeting of the German OpenChain Working Group, I would like to reach out for support regarding finalisation of a translation of the Open Chain Supplier Leaflet into German.

You can see the current state-of-work at
https://github.com/OCSpecGermanTranslation/OpenChain-SuppierLeaflet-GermanTranslation/blob/master/supplier-leaflet/de/OpenChain-GeneralGuideline-E-0608_DE.pdf

The layout is not yet as complete as in the original - I would like to finalise the design after having sorted out the final German text. Thus, in a first round, quality checking of the text would be a good point to start :-)

My ‚request-for-contribution‘ to you, if you currently want to / can support:
Could you please compare the current German translation draft to the English version at
https://github.com/OCSpecGermanTranslation/OpenChain-SuppierLeaflet-GermanTranslation/blob/master/supplier-leaflet/supplier-leaflet-1.0-en.pdf
and provide corrections and suggestions for improvement? Please feel free to direct any comments to my address Stefan.thanheiser@....

(Should any of you want to go deeper: I ported the document from the proprietary Adobe format I found at Github (sorry, if there should have been any other format there -maybe I did not dig deep enough into the directory structure) to a format of the open source tool Scribus - why not use OSS tools when writing about OSS? ;-).
The "scribus source file" for the PDF can be found at
https://github.com/OCSpecGermanTranslation/OpenChain-SuppierLeaflet-GermanTranslation/blob/master/supplier-leaflet/de/OpenChain-GeneralGuideline-E-0608_DE.sla
and can be edited using Scribus v1.5.5.)

Thank you in advance for your support and best regards,
Stefan



Diese Information ist ausschliesslich fuer den Adressaten bestimmt und kann vertrauliche oder gesetzlich geschuetzte Informationen enthalten. Wenn Sie nicht der bestimmungsgemaesse Adressat sind, unterrichten Sie bitte den Absender und vernichten Sie diese Mail. Anderen als dem bestimmungsgemaessen Adressaten ist es untersagt, diese E-Mail zu lesen, zu speichern, weiterzuleiten oder ihren Inhalt auf welche Weise auch immer zu verwenden. Wir verwenden aktuelle Virenschutzprogramme. Fuer Schaeden, die dem Empfaenger gleichwohl durch von uns zugesandte mit Viren befallene E-Mails entstehen, schliessen wir jede Haftung aus. 
* * * * *
The information contained in this email is intended only for its addressee and may contain confidential and/or privileged information. If the reader of this email is not the intended recipient, you are hereby notified that reading, saving, distribution or use of the content of this email in any way is prohibited. If you have received this email in error, please notify the sender and delete the email. We use updated antivirus protection software. We do not accept any responsibility for damages caused anyhow by viruses transmitted via email.


OpenChain Bi-Weekly Webinar at 14:00 UTC: OpenChain ISO 5230 in the field of Venture Capital

 

We will hold our regular OpenChain Bi-Weekly Webinar at 14:00 UTC today. Our speaker will be Martin Callinan from Source Code Control Limited on OpenChain ISO 5230 in the field of Venture Capital. This is an emerging space for us, but one that appears to offer similar promise to existing use of OpenChain in Mergers and Acquisitions.

Join at: https://us02web.zoom.us/j/9990120120?pwd=NzVCaFE2L1RRRFZaSkk0dm8xdlplUT09

We had hoped to also have Nicole Pappler from AlektoMetis on OpenChain ISO 5230 and Software Quality Management, but due to unavoidable matters she has deferred her talk to a future webinar. Watch this space!


OpenChain Japan WG: Newbies Session #2: 2021-05-21 (Friday)

 

OpenChain Japan WG: Newbies Session #2: 2021-05-21 (Friday): We will hold our second meeting for people new to OpenChain on the 21st of May. This informal social meeting will be held in Japanese. Feel free to enjoy drinks and snacks! https://www.openchainproject.org/featured/2021/05/17/japan-wg-newbies-2


OpenChain Q1 Survey - Results and Notes

 

Dear all

It is time to explore the results of our Q1 survey! Attached is the full document. Let’s check out the highlights:

(1) Engagement and satisfaction is rated as very good or (more frequently) excellent across the board. The vast majority of respondents believe that we are “Very Good” or “Excellent” in putting forward what we are doing and sharing our information – either the business value, conformance, reference materials, and our website. Most importantly, people see us as a community that is easy to engage with and easy to get help from.

(2) Our conformance response revealed something interesting. About half of our respondents are primarily interested in something other than a private health of their compliance program or being listed publicly as having an OpenChain conformant program.This is worth digging into more (and we will), but some preliminary notes are:
(i) Feedback indicates that a relatively small percentage are seeking public announcements regarding conformance at this juncture, regardless of internal compliance activities. Their focus is instead on internal (or inter-supply chain) improvements and conformance.
(ii) We additionally have a number of companies engaging with OpenChain ISO 5230 with applications outside of our core scope of conformance for the purpose of license compliance. These include entities engaging for activities related to security, mergers and acquisitions, and other business processes. We knew this from participants on our calls and so on, but it’s interesting how many of our community participants appear to fit into this demographic.

(3) About a third of respondents have used our online conformance web app, and those that have found it excellent in its ease of use, while about a third of respondents are not interested in getting more help conforming with OpenChain ISO 5230:2020 in the future. From other sources we have indications that this is due to two factors:
(i) People are using the specification directly for conformance or using our downloadable questionnaire.
(ii) People are getting assistance from third parties such as participants in our partner program.

(4) We asked broader questions in the survey than those related only to OpenChain. For example, we asked about tooling, software bill of materials and interoperability. The interoperability questions were framed around determining what is important to the community in the context of open source license compliance and interoperability around Software Bill of Materials and/or automation. Respondents overwhelmingly expressed interest in greater interoperability for all tools and automation. This means supporting ingest and export of SPDX. It means greater interoperability between open source tooling as well as between open source and proprietary tooling.

Now we know what people want, it is time to make it happen.

You can expect the project as a whole to lean into supporting to diverse use-cases for OpenChain ISO 5230. You can expect the tooling group to lean into the interoperability question.

And…you are the community. Let’s get started!

Regards

Shane


Re: Presentation: Making compliance scalablein a container world

 

Jumping in here: Scott has been thinking about these challenges for year, so it is a super great opportunity to look at what he has done and ask questions :)

On May 15, 2021, at 2:06, Jennifer McGinnis <jmcginnis@linuxfoundation.org> wrote:

Hi OpenChain,

I wanted to pass this presentation along as a sort of FYI.

Hope everyone has a great weekend!

Jenni

--
Jenni McGinnis
Projects Coordinator | The Linux Foundation
Assisting with RISC-V International, OpenChain, TARS, & OpenFabrics Alliance


<Peterson_source_containers_LLW_2021.pdf>


Presentation: Making compliance scalablein a container world

Jennifer McGinnis <jmcginnis@...>
 

Hi OpenChain,

I wanted to pass this presentation along as a sort of FYI.

Hope everyone has a great weekend!

Jenni

--
Jenni McGinnis
Projects Coordinator | The Linux Foundation
Assisting with RISC-V International, OpenChain, TARS, & OpenFabrics Alliance

121 - 140 of 4113