|
Re: FYI: FOSSology training at LinuxCon NA on August 25
Jeremiah Foster <jeremiah.foster@...>
On Fri, Aug 12, 2016 at 9:47 AM, Nuno Brito <nuno.brito@...> wrote:
Well, Java *is* the platform no? :-) Or rather the JVM, and it is definitely not independent, its owned by Oracle and even the open source versions suffer significant politics. Its also an enterprise language, not an embedded language, even Android (which is not Java) has a ton of apps that use C/C++, HTML, CSS, etc.
We've done some integration with other Java Eclispse-based tooling in Yocto and it is a poor fit for build from source systems that rely on C, bash and python, for one thing it increases build times significantly. This is a problem when you're doing continuous integration and building entire OS images triggered by changes to git repos. In fact when Yocto integrated SPDX 1.1 it was in python.
I'd say look at the sources that Yocto preserves in a directory of its build image. That might be easy to go over and do SPDX reports on. Embedding a Java tool in Yocto will be quite difficult, not least because you build a cross-compiler toolchain on qemu. You might look at the earlier SPDX implementation to see if there is low-hanging fruit: http://www.pelagicore.com/using-yocto-and-fossology-to-get-spdx-licence-output/ Please note that this is old and SPDX is up to 2.2 for its spec I believe. Regards, Jeremiah
Jeremiah C. Foster GENIVI COMMUNITY MANAGER Pelagicore AB Ekelundsgatan 4, 6tr, SE-411 18 Gothenburg, Sweden M: +1.860.772.9242 
|
|
|
|
Re: FYI: FOSSology training at LinuxCon NA on August 25
Nuno Brito <nuno.brito@...>
One of the reasons to write tooling in Java is to keep it platform independent. Speaking for the TripleCheck tooling, integration with Yocto should be possible. Would just ask for some guidance because I'm not a Yocto distributor nor user, but would be happy to enable this feature if there is interest. Best Nuno 12.08.2016, 15:34, "Jeremiah Foster" <jeremiah.foster@...>:
-- http://triplecheck.net
|
|
|
|
Re: FYI: FOSSology training at LinuxCon NA on August 25
Jeremiah Foster <jeremiah.foster@...>
On Fri, Aug 12, 2016 at 9:25 AM, Matija Šuklje <matija@...> wrote:
Die 10. 08. 16 et hora 15.42.55 Kate Stewart scripsit: This is the main issue -- LF has done a lot here, sponsoring OpenChain and giving resources to Fossology and more, but companies have not stepped up to provide a solid open source ecosystem around the tooling. OpenChain will do a great deal to help but there are currently the open source tooling is far away from the commercial tooling in quality and commercial tools can be expensive. In addition, the tooling that does exist is often not suitable for things like embedded GNU/Linux, with clients running on Windows (which is just not used at all in many shops) and tools written in Java that don't integrate into things like Yocto or baserock. I'm very thankful for the work of the LF and companies like ARM, Qualcomm, Wind River and of course others, but we need more tools that fit the embedded space and more training on use that is accessible to "engilawyers" as Google sometimes calls them.
+1 Cheers, Jeremiah
|
|
|
|
Re: FYI: FOSSology training at LinuxCon NA on August 25
Die 10. 08. 16 et hora 15.42.55 Kate Stewart scripsit:
We're piloting it in North America, so its free there. ;-)That makes sense then :) The FOSSology project doesn't have any funding associated withAh, didn’t realise that such an important piece of SW for business use is not properly funded – which is surprising TBH. I actually find the 100 US$ price tag fair, but was taken aback by the difference between the two events so close together. Piloting for gratis makes sense of course. :) cheers, Matija -- gsm: tel:+386.41.849.552 www: http://matija.suklje.name xmpp: matija.suklje@... sip: matija_suklje@...
|
|
|
|
Re: FYI: FOSSology training at LinuxCon NA on August 25
Kate Stewart
Hi Matija, On Wed, Aug 10, 2016 at 11:44 AM, Matija Šuklje <matija@...> wrote: Die 09. 08. 16 et hora 20.11.22 Jilayne Lovejoy scripsit: We're piloting it in North America, so its free there. ;-) The FOSSology project doesn't have any funding associated with it though, so we're looking to charge the fee to recover costs (room, refreshments for participants, team travel) associated with holding the training. If the cost is a blocking point on attending, please contact me off list. Thanks, Kate
|
|
|
|
Re: FYI: FOSSology training at LinuxCon NA on August 25
Die 09. 08. 16 et hora 20.11.22 Jilayne Lovejoy scripsit:
Perhaps LinuxCon Europe, by any chance… ?? :)+1 There’s this: https://linuxconcontainerconeurope2016.sched.org/event/7o9d/fossology-efficient-license-analysis-in-hd-michael-jaeger-siemens-ag And from what I saw on the registration page there will also be the following training, but unfortunately for a 100 US$ fee: FOSSology - Hands On Training Click here to add FOSSology - Hands On Training to your LinuxCon + ContainerCon Europe registration. FOSSology is an open source license compliance software system and toolkit. As a toolkit, you can run license, copyright and export control scans from the command line. As a system, a database and Web user interface provide you with a compliance workflow. License, copyright and export scanners are tools used in the workflow. Analyzing open source license compliance requires expert knowledge. As a consequence the use of the tool requires understanding of license analysis problems and how they are covered by FOSSology. This training will provide the following elements: - Challenges in real world examples at license analysis of open source components - Learning how to cope with license proliferation and custom license texts - Efficiently managing large open source components with heterogeneous licensing - Saving work with reusing license conclusions of open source packages when analyzing a newer version - Getting an overview about an example workflow for component analysis with FOSSology This course will be valuable to anyone concerned with and involved in Open Source Management, including operational and legal executives, software development managers, open source program managers, and developers. Date: Friday, October 07, 2016 9:00 AM - 5:00 PM (GMT) Location: Bishop, InterContinental Berlin Price: $100.00 cheers, Matija -- gsm: tel:+386.41.849.552 www: http://matija.suklje.name xmpp: matija.suklje@... sip: matija_suklje@...
|
|
|
|
Re: FYI: FOSSology training at LinuxCon NA on August 25
Jilayne Lovejoy <Jilayne.Lovejoy@...>
Perhaps LinuxCon Europe, by any chance… ?? :)
On 8/9/16, 2:05 PM, "openchain-bounces@... on behalf of Kate Stewart" <openchain-bounces@...
on behalf of kstewart@...> wrote:
Hi Jeremiah,
Its just planned as an in-person course right now, with the focus on hands-on.
Based on the feedback, we're thinking of having it other future LinuxCon events
for those who can't make it this time.
Kate
On Tue, Aug 9, 2016 at 2:48 PM, Jeremiah Foster
<jeremiah.foster@...> wrote:
Kate Stewart
Sr. Director of Strategic Programs, The Linux Foundation
Mobile: +1.512.657.3669
Email / Google Talk:
kstewart@...
|
|
|
|
Re: FYI: FOSSology training at LinuxCon NA on August 25
Kate Stewart
Hi Jeremiah, Its just planned as an in-person course right now, with the focus on hands-on. Based on the feedback, we're thinking of having it other future LinuxCon events for those who can't make it this time. Kate
On Tue, Aug 9, 2016 at 2:48 PM, Jeremiah Foster <jeremiah.foster@...> wrote:
--
Kate Stewart Sr. Director of Strategic Programs, The Linux Foundation Mobile: +1.512.657.3669 Email / Google Talk: kstewart@...
|
|
|
|
Re: FYI: FOSSology training at LinuxCon NA on August 25
Jeremiah Foster <jeremiah.foster@...>
Thanks Kate! Will the session be recorded or slides published for those who cannot make it? Regards, Jeremiah
On Aug 9, 2016 3:40 PM, "Kate Stewart" <kstewart@...> wrote:
|
|
|
|
FYI: FOSSology training at LinuxCon NA on August 25
Kate Stewart
Hi, Sorry if this is a bit off topic, but some of you have expressed interest in understanding how to use the latest version of FOSSology (which generates SPDX output) for doing license reviews, etc. and how to generate artifacts that will address OpenChain. There's been a late addition to the LinuxCon NA, to provide a free training day on FOSSology. The course will cover what FOSSology is, how to use it to do license clearing for projects, how to generate SPDX, BOM's, etc. and hands on advice for installing on your system. If you're interested in understanding how to install and use FOSSology, this is a great chance to learn from the expert for free. Information on signing up can be found https://lcccna2016. Please let me know if you have any questions. Thanks, Kate
|
|
|
|
Re: Follow-up on certification website - use case starting point
Jeremiah Foster <jeremiah.foster@...>
Hi Gary and everyone, Thanks for the use case documents -- I'll review. As for implementation, I'd like to propose that I be a test case or "persona" to test the implementation on. For example, one would go through the web site as if they were trying to certify a company for Open Chain compliance and test the material and procedure for any omissions or assumptions made. Doing this sort of real world testing can help improve the process I feel. I'm happy to also volunteer a few hours to do this. Regards, Jeremiah
On Wed, Aug 3, 2016 at 2:44 PM, <gary@...> wrote:
--
Jeremiah C. Foster GENIVI COMMUNITY MANAGER Pelagicore AB Ekelundsgatan 4, 6tr, SE-411 18 Gothenburg, Sweden M: +1.860.772.9242 
|
|
|
|
Follow-up on certification website - use case starting point
Gary O'Neall
Greetings all,
As a follow up to our last OpenChain call, I put together a starting point for use cases for a form based OpenChain certification process.
The use case documents are on Google Docs – anyone with this link can edit the document: https://docs.google.com/document/d/1LaUnKpD3I1Uda3TI_CJKyIvnz_ZI4hrh4EHLppFKkSM/edit?usp=sharing
If you could use suggestion mode so that we can track the changes. I did the use cases pretty quickly, so I’m sure I missed some use cases, steps and dependencies.
In terms of a plan for implementation, in the priority I am suggesting a very minimal implementation which does not require authentication and tracking of the users. I’m not sure this minimal set will be sufficient for the first release. It may be good to discuss in an upcoming call what we think the minimum website should be.
As I mentioned on the call, I am willing to volunteer a few hours a week to help with the implementation. Depending how many use cases we plan to implement, I would expect we will need some web development resources in addition to myself to complete this on schedule. If there are resources from the Linux Foundation or additional volunteers, please let me know and I’ll coordinate with them.
Thanks, Gary
------------------------------------------------- Gary O'Neall Principal Consultant Source Auditor Inc. Mobile: 408.805.0586 Email: gary@...
|
|
|
|
Re: OpenChain meeting 8/1
Miriam Ballhausen <Ballhausen@...>
Hi everyone,
please find attached the slides for the upcoming call on Mon, 8/1 at 9am PST/ 4pm GMT. You'll also find a revised version of the questionnaire. All the best, Miriam ______________________________________________________________
Dr. Miriam Ballhausen
Rechtsanwältin
JBB Rechtsanwälte
Jaschinski Biere Brexl Partnerschaft mbB
Christinenstraße 18/19 | 10119 Berlin
Tel. +49.30.443 765 0 | Fax +49.30.443 765 22
Sitz der Gesellschaft: Berlin | Registergericht AG Charlottenburg | PR 609 B
Von: openchain-bounces@... [openchain-bounces@...]" im Auftrag von "Williams, Kelly [kellyw@...]
Gesendet: Samstag, 30. Juli 2016 01:08 Bis: openchain@... Betreff: [OpenChain] OpenChain meeting 8/1 Hi Everyone,
Reminder the focus on the upcoming call on Mon, 8/1 at 9am PST will be on Certification.
Join the call: https://www.uberconference.com/katestewart Optional dial in number: 877-297-7470 Alternate number: 512-910-4433 No PIN needed
If you need to use a local phone number, please consult: https://www.uberconference.com/international for the specific country numbers.
1. Dial the local number based on your location. 2. Enter 512 910 4433, then #.
Regards, Kelly
|
|
|
|
OpenChain meeting 8/1
Kelly Williams
Hi Everyone,
Reminder the focus on the upcoming call on Mon, 8/1 at 9am PST will be on Certification.
Join the call: https://www.uberconference.com/katestewart Optional dial in number: 877-297-7470 Alternate number: 512-910-4433 No PIN needed
If you need to use a local phone number, please consult: https://www.uberconference.com/international for the specific country numbers.
1. Dial the local number based on your location. 2. Enter 512 910 4433, then #.
Regards, Kelly
|
|
|
|
Re: OpenChain agenda 7/11
Gary O'Neall
Hi Miriam,
As a follow-up to our last call, I’ve included some suggested questions where publicly available references could be added to the questionnaire. It turns out to be a relatively small number of additional questions.
I did not include a field for them to enter the information, since that would require a structural change to the document (there are currently only “yes” and “no” columns).
If we plan to implement the form on a website, we could implement text controls and drop down lists for the responses depending on the question. If we want to keep a document format, I have a couple ideas on how to add the text entry fields (e.g. move the questions to a separate table at the end of the document).
Let me know if you have any questions.
From: openchain-bounces@... [mailto:openchain-bounces@...] On Behalf Of Miriam Ballhausen
Sent: Monday, July 11, 2016 2:41 AM To: 'Williams, Kelly' Cc: openchain@... Subject: Re: [OpenChain] OpenChain agenda 7/11
Hi Everyone,
please find attached a revised version of the certification document. I am looking forward to discussing it with you during our upcoming call.
Regards, Miriam ______________________________________________________________ Dr. Miriam Ballhausen Rechtsanwältin
JBB Rechtsanwälte Jaschinski Biere Brexl Partnerschaft mbB Christinenstraße 18/19 | 10119 Berlin Tel. +49.30.443 765 0 | Fax +49.30.443 765 22 Sitz der Gesellschaft: Berlin | Registergericht AG Charlottenburg | PR 609 B
Von: openchain-bounces@... [mailto:openchain-bounces@....org] Im Auftrag von Williams, Kelly
Hi Everyone,
Reminder the focus on the upcoming call on Mon, 7/11 at 9am PST/ 4pm GMT will be on the Specification and Certification.
Specification public comments link: https://wiki.linuxfoundation.org/openchain/spec-2016-h1-public-comments
Join the call: https://www.uberconference.com/katestewart Optional dial in number: 877-297-7470 Alternate number: 512-910-4433 No PIN needed
If you need to use a local phone number, please consult: https://www.uberconference.com/international for the specific country numbers.
1. Dial the local number based on your location. 2. Enter 512 910 4433, then #.
Regards, Kelly
|
|
|
|
Re: spec review
Mark Gisi
Hi Jilayne,
Sorry for the delayed response. Thanks for all the helpful feedback you provided.
We discussed the point that the definition for Supplied Software might be viewed as extending to an organizations’ s contributions - which was considered to be a good thing. That is, one contribution’s represent a form of Supplied Software. That is one’s software delivered under an open source license very much is a distribution to a third party (everyone). That one would expect that it is a good practice for the distributor of their own contributions to be compliant. The discussion concluded with the action to see if we can make it more clear in the next version -> that contributions are in fact also Supplied Software and the same discipline should be applied.
All in all, your comment encourage the broadening of the Supplied Software definition.
- Mark
From: Jilayne Lovejoy [mailto:Jilayne.Lovejoy@...]
Sent: Monday, July 18, 2016 6:49 PM To: openchain@... Cc: Gisi, Mark Subject: spec review
Hi All,
Apologies I could not make the call this morning, but I have reviewed Mark’s summaries of discussion/responses on the public comments page and looks like most items were sensibly resolved. I have no further comments, with the exception of #19 which was marked as TBD
I still think that the current definition of Supplied Software needs to be tweaked so as not to catch in it software that a company provides as its own OSS project. Perhaps a simple changes as follows would work:
currently: "Supplied Software – software that an organization delivers to third parties (e.g., other organizations or individuals).”
Change to: "Supplied Software – software that an organization delivers to third parties (e.g., other organizations or individuals), with the exception of software provided publicly as open source software under an open source license.”
Thanks, Jilayne
Principal Open Source Counsel ARM | www.arm.com jilayne.lovejoy@... | +1-720-412-9472 Skype: lovejoylids | Twitter: @jilaynelovejoy Location (usually): Boulder, Colorado
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
|
|
|
|
Re: Curriculum next steps
Shane Martin Coughlan <shane@...>
Dear OpenChain Curriculum volunteers
toggle quoted messageShow quoted text
Thank you to everyone who attended our discussion on the 18th July to review the slides. == Outcomes == (1) Each chapter is substantially complete. We currently have around 194 slides that need to be refined into about 100 slides for circa 3 hour delivery. (2) We will “be brave” in condensing material to make it as simple as possible, so everyone should feel free to jump in and condense and/or simplify language. (3) Where content is deleted from slides we will move it into slide notes to ensure presenters can have context. This is because we cannot assume a level of knowledge for the reader/presenter. We need to facilitate everything from low to high. (4) We need to add “check your understanding” to most chapters (see below for reference material from Chapter 7). This will ensure each module can work as a stand-alone mini-segment. For the same reason it would be ideal if each chapter could start with a high-level summary. (5) The status of each chapter is based on reports from assigned Chapter authors (see below for current status). However, everyone is invited to open and edit the slides to help ensure we have a completed deliverable for the next call. The slides can be found here: Each chapter should end up being somewhere between 8 and 10 slides including the “Check Your Understanding” slide. Please feel free to edit the content of any chapter and hide any slide you think is unnecessary. We can also add blank placeholder slides for individual company processes, to both show that we expect companies to customise, and to help underline that our curriculum material alone is not enough for a solid process. == Check your understanding == The slides are currently split into 12 “chapters” and we will add a one slide “check your understanding” mini-test to end each chapter. Here is an example of the type of thing we are looking for in the “check your understanding” slides taken from Chapter 7, End-to-End Compliance Management:  The current status of each chapter is below. If there is a question mark next to your name it means I do not know the status of your review:  You can update your status on our Wiki page:
On Jul 19, 2016, at 8:31 AM, Shane Martin Coughlan <shane@...> wrote:
|
|
|
|
spec review
Jilayne Lovejoy <Jilayne.Lovejoy@...>
Hi All,
Apologies I could not make the call this morning, but I have reviewed Mark’s summaries of discussion/responses on the public comments page and looks like most items were sensibly resolved. I have no further comments, with the exception of #19 which was
marked as TBD
I still think that the current definition of Supplied Software needs to be tweaked so as not to catch in it software that a company provides as its own OSS project. Perhaps a simple changes as follows would work:
currently: "Supplied Software – software that an organization delivers to third parties (e.g., other organizations or individuals).”
Change to: "Supplied Software – software that an organization delivers to third parties (e.g., other organizations or individuals), with the exception of software provided publicly as open source software under an open source license.”
Thanks,
Jilayne
Principal Open Source Counsel
ARM | www.arm.com
jilayne.lovejoy@... |
+1-720-412-9472
Skype: lovejoylids | Twitter: @jilaynelovejoy
Location (usually): Boulder, Colorado
|
|
|
|
Re: Curriculum next steps
Shane Martin Coughlan <shane@...>
Thank you very much for your work, Arnold. Much appreciated to have these improvements to the chapter to help take us another step closer to the October release.
toggle quoted messageShow quoted text
Regards Shane
On Jul 18, 2016, at 6:13 AM, Niessen, Arnold <arnold.niessen@...> wrote:
|
|
|
|
Re: Curriculum next steps
Niessen, Arnold
Dear Shane, all,
Thanks for all the valuable preparation in setting this up.
I am afraid I can’t join the (for me nightly) call tomorrow.
As I think I can’t edit the review status page, I’ll provide some comment on my changes in section 10, -I slightly condensed the section -I propose to rename “Lessons Learned” to “Lessons Learned from Disputes”. -and added some miscellaneous remarks
Formatting isn’t consistent, but getting it consistent is likely an overall exercise anyway.
Kind regards / Met vriendelijke groeten, Arnold Niessen IP Counsel Nederlands Octrooigemachtigde / European Patent Attorney Philips Intellectual Property & Standards
High Tech Campus 5.5.0.41, 5656 AE, Eindhoven, The Netherlands Mail Address: P.O. Box 220, 5600 AE Eindhoven, The Netherlands GSM/SMS: +31 6 1177 3134 (Mobex 93837) E-mail: arnold.niessen@... Assistant: Sandra Hermans, +31 6 5282 4722 (mobex 95034) Intranet: pww.ips.philips.com Internet: www.ip.philips.com Free on Wednesdays
From: openchain-bounces@... [mailto:openchain-bounces@...]
On Behalf Of Shane Martin Coughlan
Sent: donderdag 23 juni 2016 8:44 To: openchain@... Subject: Re: [OpenChain] Curriculum next steps
Dear OpenChain Curriculum volunteers
As discussed on our recent meeting we have around 175 slides that need to be refined into about 100 slides for circa 3 hour delivery. The slides are currently split into 12 “chapters” and we will add a one slide “check your understanding” mini-test to end each chapter. We will assign one “chapter” to each explicit OpenChain Curriculum volunteer for this editing process. Coincidentally we have twelve volunteers: Dave Marr
I have taken the liberty of randomly assigning chapters to every volunteer for review:
Each chapter should end up being somewhere between 8 and 10 slides including the “Check Your Understanding” slide. Please feel free to edit the content of your assigned chapter and hide any slide you think is unnecessary. We can also add blank placeholder slides for individual company processes, to both show that we expect companies to customise, and to help underline that our curriculum material alone is not enough for a solid process.
Thanks to Kate we have a page on the wiki to track our progress:
Here is the direct link to our slides:
If anyone has any objections to the above process and assignments please let me know. Otherwise, let’s proceed and aim to circle back before our next call on the third Monday on July. Prior to that I hope that our editing will be substantially complete and we can discuss a simple mapping of Curriculum slide chapters to the Specification.
Regards
Shane
|
|
|
