Date   

Re: Meaning of Open Source license in 2.1.1

Mark Gisi
 

Jan’s description is consistent with my interpretation. If there is general confusion over the meaning of “Open Source compliance inquiry” – I would recommend someone file an issue here:

    https://github.com/OpenChain-Project/Specification/issues

 

We can consider using alternative wording or adding a question/answer in the spec FAQ.

 

- Mark

 

Mark Gisi
Director, Open Source Program Office

Empowering Customers to Prosper using Open Source

(510) 749-2016

Wind River

 

From: main@... <main@...> On Behalf Of Jan Thielscher
Sent: Wednesday, February 2, 2022 2:52 AM
To: main@...
Subject: Re: [openchain] Meaning of Open Source license in 2.1.1

 

[Please note: This e-mail is from an EXTERNAL e-mail address]

Hi Gergely,

 

my understanding is that it addresses the handling of the inbound questions concerning the open source parts of the Supplied Software.

 

Assume you are using some GPLv2 licensed code and offer to hand over the sources attached with that license. You will need an interface with the external world, to receive and reliable process the request.

 

The same applies to questions - and here you do good to make sure the process is well known across the organisation -  by potential notifications of infringements through the Supplied Software. Assume someone wants to contact you, because he thinks, the Supplied Software is non-compliant with his view, how the components should be treated/handled/documented… Having a sound procedure in place allowing to record, understand and securely process this inquiry will help to protect the company from potential damage.

 

I hope this answers your question? 

 

Mit freundlichem Gruß / kind regards
Jan Thielscher
 
T: +49 69 153 22 77 55
F: +49 69 153 22 77 51



Am 02.02.2022 um 11:42 schrieb Gergely Csatari via lists.openchainproject.org <gergely.csatari=nokia.com@...>:

 

Hi, 

 

I’m trying to interpret the requirements of 2.1.1 and I have problems finding out the meaning of “Open Source compliance inquiry”. It is not defined in the document. Can someone please clarify its meaning?

 

Thanks, 

Gergely

 


Re: Meaning of Open Source license in 2.1.1

Jan Thielscher
 

Hi Gergely,

my understanding is that it addresses the handling of the inbound questions concerning the open source parts of the Supplied Software.

Assume you are using some GPLv2 licensed code and offer to hand over the sources attached with that license. You will need an interface with the external world, to receive and reliable process the request.

The same applies to questions - and here you do good to make sure the process is well known across the organisation -  by potential notifications of infringements through the Supplied Software. Assume someone wants to contact you, because he thinks, the Supplied Software is non-compliant with his view, how the components should be treated/handled/documented… Having a sound procedure in place allowing to record, understand and securely process this inquiry will help to protect the company from potential damage.

I hope this answers your question? 

Mit freundlichem Gruß / kind regards
Jan Thielscher
 
T: +49 69 153 22 77 55
F: +49 69 153 22 77 51

Am 02.02.2022 um 11:42 schrieb Gergely Csatari via lists.openchainproject.org <gergely.csatari=nokia.com@...>:

Hi, 
 
I’m trying to interpret the requirements of 2.1.1 and I have problems finding out the meaning of “Open Source compliance inquiry”. It is not defined in the document. Can someone please clarify its meaning?
 
Thanks, 
Gergely


Meaning of Open Source license in 2.1.1

Gergely Csatari
 

Hi,

 

I’m trying to interpret the requirements of 2.1.1 and I have problems finding out the meaning of “Open Source compliance inquiry”. It is not defined in the document. Can someone please clarify its meaning?

 

Thanks,

Gergely


Frequent Misunderstandings of OSS licenses V7.1

ouchi yoshiko
 

Hello.
The other day, JAPAN WG FAQ-SG published "Common misunderstandings related to OSS license V7", and we received a request to add a link to each QA slide from the index.
Therefore, we have published a new version with links as V7.1.

We hope you find it useful.
https://github.com/OpenChain-Project/OpenChain-JWG/tree/master/Education_Material/FAQ

Regards,
Yoshiko Ouchi


OpenChain Security Assurance Reference Specification - DRAFT 2.0

 

As discussed on our last call, some changes reflecting our conceptual approach (up for discussion):
https://github.com/OpenChain-Project/SecurityAssuranceGuide/blob/main/Guide/2.0/OpenChainSecurityAssuranceGuide.2.0-DRAFT.docx

From the introduction:

The OpenChain Project is working towards a supply chain where open source is delivered with trusted and consistent compliance information. We maintain OpenChain ISO/IEC 5230:2020, the International Standard for open source license compliance. Adjacent to this the project maintains a large international community, extensive reference materials, and working groups addressing various domain issues. We support discussions around security, export control, M&A and other topics.

OpenChain ISO/IEC 5230:2020 is a process management specification that identifies inbound, internal and outbound inflection points where a process, policy or training should exist. The identification and tracking of software used and deployed is an inherent part of getting this right, and this also allows our standard to also be useful for security or export control.

We noticed that OpenChain ISO/IEC 5230:2020 was being used quite often in deployment discussions and we wanted to support our broader community around these use-cases. The reference specification you are now reading is focused on the security domain. It is intended to identify and describe the key requirements of a quality Security Assurance Program in the context of using Open Source Software. This early iteration of the document focuses on a narrow subset of primary concern: checking Open Source Software against publicly known security vulnerabilities like CVEs, GitHub/GitLab vulnerability reports, and so on.

This document focused on the “what” and “why” aspects of a quality Security Assurance Program rather than delving into to “how” and “when.” This is a conscious decision to ensure flexibility for companies of any size and in any market to use this reference specification. This approach, along with the types of processes identified, is built on more than half a decade of practical global feedback around the creation and management of such programs. The end result is that a company can frame a program that precisely fits their supply chain requirements, scoped to a single product or a complete legal entity, and take this solution to market quickly and effectively.

The scope of this reference specification may expand over time based on community feedback.

This introduction describes the reference specification’s purpose. Section 2 defines key terms used throughout this document. Section 3 defines the requirements that a Program must satisfy to achieve a core level of Security Assurance. Each requirement consists of one or more verification materials (i.e., records) that must be produced to satisfy the requirement. Verification materials are not required to be made public, though an organization may choose to provide them to others, potentially under a Non-Disclosure Agreement (NDA).

This reference specification is licensed under Creative Commons Attribution License 4.0 (CC-BY-4.0). Because it takes the form of a Reference Specification, and is therefore intended to fit into the mental model applied to specification creation, it is not designed to be modified outside of the formal editing track. You can take part in editing this document via the OpenChain Project bi-weekly calls. You can learn about joining these calls and our other activities here:

https://www.openchainproject.org/community


Happy New Year!

 

As we enter the year of the Tiger I want to wish everyone fortune and happiness. 
新年好, 恭喜发财 and 새해 복 많이 받으세요!


Our biweekly meeting takes place in around one hour

 

Reminder:
Our biweekly meeting takes place in around one hour.

Agenda:
Forthcoming summits
Security + the specification
What you (as users) want to see from the partner ecosystem

Dial in:
https://zoom.us/j/4377592799

On Jan 31, 2022, at 17:30, Shane Coughlan <scoughlan@...> wrote:

Our regular bi-weekly meeting takes place today. We will be talking about:
Forthcoming summits
Security + the specification
What you (as users) want to see from the partner ecosystem

Dial in:
https://zoom.us/j/4377592799

Check your time
14:00 UTC 2022-01-31 (today) - 06:00 PST / 14:00 BST / 15:00 CET / 19:00 IST / 22:00 CST / 23:00 KST+JST


OpenChain Bi-Weekly Meeting - 14:00 UTC 2022-01-31 (today) - 06:00 PST / 14:00 BST / 15:00 CET / 19:00 IST / 22:00 CST / 23:00 KST+JST

 

Our regular bi-weekly meeting takes place today. We will be talking about:
Forthcoming summits
Security + the specification
What you (as users) want to see from the partner ecosystem

Dial in:
https://zoom.us/j/4377592799

Check your time
14:00 UTC 2022-01-31 (today) - 06:00 PST / 14:00 BST / 15:00 CET / 19:00 IST / 22:00 CST / 23:00 KST+JST


Re: “A Bug in Early Creative Commons Licenses Has Enabled a New Breed of Superpredator”

McCoy Smith
 

The “immediate termination on breach” clause of GPLv2 was, in part, being used in the McHardy litigations (just settled for good) in Germany. Some more detailed analysis here: https://jolts.world/index.php/jolts/article/view/128/246 It’s also why the cooperation commitment for GPLv2 was done: https://opensource.com/article/18/11/gpl-cooperation-commitment

 

There’s another debate to be had about the notice requirements of various licenses (which is the peg on which this particular CC litigant hangs their hat), and how compliance for that is done, and to what extent that’s all that valuable. I tend to think at some point License Zero type licenses (not the current ones, but different flavors of future ones, which could include copyleft) will look more attractive

 

From: main@... <main@...> On Behalf Of Steve Kilbane
Sent: Friday, January 28, 2022 1:56 AM
To: main@...
Subject: Re: [openchain] “A Bug in Early Creative Commons Licenses Has Enabled a New Breed of Superpredator”

 

If I'm understanding this correctly, the key aspect here is that a breach leads to termination of rights without opportunity of remedy. Isn't that relatively common in open source licenses, not just the Creative Commons ones?

 

I acknowledge that, as Cory describes, it's easy to create large quantities of media (e.g. stock photos) that is directly owned by a copyleft troll, as bait. But doesn't the problem also apply to open source software? While it's harder to software packages that will be so easily picked up by sufficient users to make the effort worthwhile, I can think of a couple of attacks here:

 

The attacker could fork a popular package under a permissive license, make minor changes, and re-release with a subtle renaming under a compatible license w/o remedy period.

 

More perniciously, the attacker could contribute changes to the original package which made use of media under the CC licenses or other licenses with a similar problem.

 

steve

 

From: main@... <main@...> On Behalf Of Shane Coughlan
Sent: 25 January 2022 06:41
To: OpenChain Main <main@...>
Subject: [openchain] “A Bug in Early Creative Commons Licenses Has Enabled a New Breed of Superpredator”

 

[External]

 

Very little open source *code* is under Creative Commons licenses. However, a lot of open source *documentation* is under Creative Commons licenses. Therefore, we should keep an eye on this matter.

Copyleft trolls, robosigning, and Pixsy”


Re: “A Bug in Early Creative Commons Licenses Has Enabled a New Breed of Superpredator”

Steve Kilbane
 

If I'm understanding this correctly, the key aspect here is that a breach leads to termination of rights without opportunity of remedy. Isn't that relatively common in open source licenses, not just the Creative Commons ones?

 

I acknowledge that, as Cory describes, it's easy to create large quantities of media (e.g. stock photos) that is directly owned by a copyleft troll, as bait. But doesn't the problem also apply to open source software? While it's harder to software packages that will be so easily picked up by sufficient users to make the effort worthwhile, I can think of a couple of attacks here:

 

The attacker could fork a popular package under a permissive license, make minor changes, and re-release with a subtle renaming under a compatible license w/o remedy period.

 

More perniciously, the attacker could contribute changes to the original package which made use of media under the CC licenses or other licenses with a similar problem.

 

steve

 

From: main@... <main@...> On Behalf Of Shane Coughlan
Sent: 25 January 2022 06:41
To: OpenChain Main <main@...>
Subject: [openchain] “A Bug in Early Creative Commons Licenses Has Enabled a New Breed of Superpredator”

 

[External]

 

Very little open source *code* is under Creative Commons licenses. However, a lot of open source *documentation* is under Creative Commons licenses. Therefore, we should keep an eye on this matter.

Copyleft trolls, robosigning, and Pixsy”


External: The EU Open Source Policy Summit

 

An OFE production on the 4th of February:
https://summit.openforumeurope.org/

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan


Diversion: our virtual Christmas party

 

For those who missed it, we were hanging out on a virtual island (thank you Korea Community) and sharing stories about trains.


Re: [germany-wg] [openchain] FAQ: Common Misunderstandings about OSS Licensing (English and Japanese

 

This is incredible! Thank you all and I am really looking forward to next steps here. Naturally we will want to share the results far and wide.

On Jan 26, 2022, at 21:31, Astrid Spura <office@...> wrote:

Thank you very much for offering help! Reviewing translation would be great. I will get in touch in time.

Best regards,
Astrid


Am 25.01.22 um 19:53 schrieb Jan Thielscher:
😊 ... so count me in as well...
Von: main@... <main@...> im Auftrag von Stefanie Pors via lists.openchainproject.org <stefanie.pors=intel.com@...>
Datum: Dienstag, 25. Januar 2022 um 18:51
An: germany-wg@... <germany-wg@...>, main@... <main@...>
Betreff: Re: [germany-wg] [openchain] FAQ: Common Misunderstandings about OSS Licensing (English and Japanese
Hi Stefan, Astrid,
Happy to provide a pair of German reviewing eyes as well. (Stefan, the "ping" on the *old* group worked 😉)
Greetings
Steffi
Stefanie Pors
GAT EMEA – Intel Legal Department
-----Original Message-----
From: germany-wg@... <germany-wg@...> On Behalf Of Stefan Thanheiser
Sent: Dienstag, 25. Januar 2022 18:38
To: main@...; germany-wg@...
Subject: Re: [germany-wg] [openchain] FAQ: Common Misunderstandings about OSS Licensing (English and Japanese
Hi Astrid,
please count me in for the translation into German (if you need more helping hands/brains).
I also could offer https://github.com/OCSpecGermanTranslation as collaboration space.
Are there more volunteers (maybe from the 'old' specification translation group 😉 )?
Regards,
Stefan
Stefan Thanheiser
Atruvia AG
---
Servicefeld Qualität IT-Sicherheit Einkauf, Tribe Einkauf, Chapter Software Asset & Lizenzmanagement
---
Telefon +49 721 4004-1860
Mobil +49 170 3304133
E-Mail stefan.thanheiser@...
Atruvia AG | www.atruvia.de<http://www.atruvia.de>
AG Frankfurt a. M. HRB 102381 | Sitz der Gesellschaft: Frankfurt a. M. | USt-IdNr. DE 143582320
Vorstand: Martin Beyer (Vorstandssprecher), Ulrich Coenen (Vorstandssprecher), Daniela Bücker, Birgit Frohnhoff, Jörg Staff, Ralf Teufel Vorsitzender des Aufsichtsrats: Jürgen Brinkmann
-----Ursprüngliche Nachricht-----
Von: main@... <main@...> Im Auftrag von Astrid Spura
Gesendet: Dienstag, 25. Januar 2022 16:38
An: main@...
Cc: OpenChain Japan <japan-wg@...>
Betreff: Re: [openchain] FAQ: Common Misunderstandings about OSS Licensing (English and Japanese
Dear Shane,
dear all,
The OpenChain Japan work group has released a new revision of its FAQ regarding frequent misunderstandings around open source licenses. This FAQ is available in English and Japanese, and assistance in translating it into other languages is very welcome.
We would be happy to help with translation into German language. If there is already work in progress, please get in touch, so that we can share the workload.
It is important to note that this document is based on real world experiences distilled into very practical knowledge. We are fortunate to have had many companies contribute to it, and it holds great potential to assist the supply chain.
Yes, well done. We appreciate the work. The issues mentioned are comparable with our experiences.
You can get over on GitHub

https://github.com/OpenChain-Project/OpenChain-JWG/tree/master/Educati
on_Material/FAQ
Thanks. We will let you know as soon as the German version will be ready.
Best regards,
Astrid
--
Astrid Spura, Compliance & Communication Astrid.Spura@...
Open Source Automation Development Lab (OSADL) eG Im Neuenheimer Feld 583, D-69120 Heidelberg, Germany
Phone: +49(6221)98504-0, Fax: +49(6221)98504-80 office@... http://www.osadl.org
https://youtu.be/z0MiLwP_n40
Location of the company: Heidelberg, Germany Cooperative register #700048 at the district court of Mannheim Chairman of the Supervisory Board: Axel Berghoff
Directors: Andreas Orzelski, Rainer Thieringer Tax number 32080/02883, VAT Id-No DE249975743
Intel Germany GmbH & Co. KG
Registered Address: Lilienthalstraße 15 D-85579 Neubiberg Germany Tel +49 89 89 89 97-0 www.intel.com<http://www.intel.com>
Registered Office: Neubiberg Commercial Register: Amtsgericht München HRA 94167
Limited Partner (Kommanditist): Lantiq Intermediate Holdco S.à r.l
General Partner (Komplementär): Intel Germany Holding GmbH Registered Office: Neubiberg
Commercial Register: Amtsgericht München HRB 180523
Managing Directors (Geschäftsführung): Christin Eisenschmid, Sharon Heck, Tiffany Doon Silva
--
Astrid Spura, Compliance & Kommunikation
Astrid.Spura@...

Open Source Automation Development Lab (OSADL) eG
Im Neuenheimer Feld 583, 69120 Heidelberg
Telefon: 06221 98504-0, Telefax: 06221 98504-80
office@...
http://www.osadl.org
https://youtu.be/18RgBp9X6ss

Sitz des Unternehmens: Heidelberg
Genossenschaftsregister Nr. 700048 beim Amtsgericht Mannheim
Aufsichtsratsvorsitzender: Axel Berghoff
Vorstände: Andreas Orzelski, Rainer Thieringer
Steuer-Nr. 32080/02883, USt-Id DE249975743





Re: [germany-wg] [openchain] FAQ: Common Misunderstandings about OSS Licensing (English and Japanese

Astrid Spura <office@...>
 

Thank you very much for offering help! Reviewing translation would be great. I will get in touch in time.

Best regards,
Astrid


Am 25.01.22 um 19:53 schrieb Jan Thielscher:

😊 ... so count me in as well...
Von: main@... <main@...> im Auftrag von Stefanie Pors via lists.openchainproject.org <stefanie.pors=intel.com@...>
Datum: Dienstag, 25. Januar 2022 um 18:51
An: germany-wg@... <germany-wg@...>, main@... <main@...>
Betreff: Re: [germany-wg] [openchain] FAQ: Common Misunderstandings about OSS Licensing (English and Japanese
Hi Stefan, Astrid,
Happy to provide a pair of German reviewing eyes as well. (Stefan, the "ping" on the *old* group worked 😉)
Greetings
Steffi
Stefanie Pors
GAT EMEA – Intel Legal Department
-----Original Message-----
From: germany-wg@... <germany-wg@...> On Behalf Of Stefan Thanheiser
Sent: Dienstag, 25. Januar 2022 18:38
To: main@...; germany-wg@...
Subject: Re: [germany-wg] [openchain] FAQ: Common Misunderstandings about OSS Licensing (English and Japanese
Hi Astrid,
please count me in for the translation into German (if you need more helping hands/brains).
I also could offer https://github.com/OCSpecGermanTranslation as collaboration space.
Are there more volunteers (maybe from the 'old' specification translation group 😉 )?
Regards,
Stefan
Stefan Thanheiser
Atruvia AG
---
Servicefeld Qualität IT-Sicherheit Einkauf, Tribe Einkauf, Chapter Software Asset & Lizenzmanagement
---
Telefon +49 721 4004-1860
Mobil +49 170 3304133
E-Mail stefan.thanheiser@...
Atruvia AG | www.atruvia.de<http://www.atruvia.de>
AG Frankfurt a. M. HRB 102381 | Sitz der Gesellschaft: Frankfurt a. M. | USt-IdNr. DE 143582320
Vorstand: Martin Beyer (Vorstandssprecher), Ulrich Coenen (Vorstandssprecher), Daniela Bücker, Birgit Frohnhoff, Jörg Staff, Ralf Teufel Vorsitzender des Aufsichtsrats: Jürgen Brinkmann
-----Ursprüngliche Nachricht-----
Von: main@... <main@...> Im Auftrag von Astrid Spura
Gesendet: Dienstag, 25. Januar 2022 16:38
An: main@...
Cc: OpenChain Japan <japan-wg@...>
Betreff: Re: [openchain] FAQ: Common Misunderstandings about OSS Licensing (English and Japanese
Dear Shane,
dear all,

The OpenChain Japan work group has released a new revision of its FAQ regarding frequent misunderstandings around open source licenses. This FAQ is available in English and Japanese, and assistance in translating it into other languages is very welcome.
We would be happy to help with translation into German language. If there is already work in progress, please get in touch, so that we can share the workload.

It is important to note that this document is based on real world experiences distilled into very practical knowledge. We are fortunate to have had many companies contribute to it, and it holds great potential to assist the supply chain.
Yes, well done. We appreciate the work. The issues mentioned are comparable with our experiences.

You can get over on GitHub

https://github.com/OpenChain-Project/OpenChain-JWG/tree/master/Educati
on_Material/FAQ
Thanks. We will let you know as soon as the German version will be ready.
Best regards,
Astrid
--
Astrid Spura, Compliance & Communication Astrid.Spura@...
Open Source Automation Development Lab (OSADL) eG Im Neuenheimer Feld 583, D-69120 Heidelberg, Germany
Phone: +49(6221)98504-0, Fax: +49(6221)98504-80 office@... http://www.osadl.org
https://youtu.be/z0MiLwP_n40
Location of the company: Heidelberg, Germany Cooperative register #700048 at the district court of Mannheim Chairman of the Supervisory Board: Axel Berghoff
Directors: Andreas Orzelski, Rainer Thieringer Tax number 32080/02883, VAT Id-No DE249975743
Intel Germany GmbH & Co. KG
Registered Address: Lilienthalstraße 15 D-85579 Neubiberg Germany Tel +49 89 89 89 97-0 www.intel.com<http://www.intel.com>
Registered Office: Neubiberg Commercial Register: Amtsgericht München HRA 94167
Limited Partner (Kommanditist): Lantiq Intermediate Holdco S.à r.l
General Partner (Komplementär): Intel Germany Holding GmbH Registered Office: Neubiberg
Commercial Register: Amtsgericht München HRB 180523
Managing Directors (Geschäftsführung): Christin Eisenschmid, Sharon Heck, Tiffany Doon Silva
--
Astrid Spura, Compliance & Kommunikation
Astrid.Spura@...

Open Source Automation Development Lab (OSADL) eG
Im Neuenheimer Feld 583, 69120 Heidelberg
Telefon: 06221 98504-0, Telefax: 06221 98504-80
office@...
http://www.osadl.org
https://youtu.be/18RgBp9X6ss

Sitz des Unternehmens: Heidelberg
Genossenschaftsregister Nr. 700048 beim Amtsgericht Mannheim
Aufsichtsratsvorsitzender: Axel Berghoff
Vorstände: Andreas Orzelski, Rainer Thieringer
Steuer-Nr. 32080/02883, USt-Id DE249975743


Re: [germany-wg] [openchain] FAQ: Common Misunderstandings about OSS Licensing (English and Japanese

Jan Thielscher
 

😊 ... so count me in as well...

 

Von: main@... <main@...> im Auftrag von Stefanie Pors via lists.openchainproject.org <stefanie.pors=intel.com@...>
Datum: Dienstag, 25. Januar 2022 um 18:51
An: germany-wg@... <germany-wg@...>, main@... <main@...>
Betreff: Re: [germany-wg] [openchain] FAQ: Common Misunderstandings about OSS Licensing (English and Japanese

Hi Stefan, Astrid,

Happy to provide a pair of German reviewing eyes as well.  (Stefan, the "ping" on the *old* group worked 😉)

Greetings
Steffi

Stefanie Pors

GAT EMEA – Intel Legal Department

-----Original Message-----
From: germany-wg@... <germany-wg@...> On Behalf Of Stefan Thanheiser
Sent: Dienstag, 25. Januar 2022 18:38
To: main@...; germany-wg@...
Subject: Re: [germany-wg] [openchain] FAQ: Common Misunderstandings about OSS Licensing (English and Japanese

Hi Astrid,

please count me in for the translation into German (if you need more helping hands/brains).
I also could offer https://github.com/OCSpecGermanTranslation as collaboration space.

Are there more volunteers (maybe from the 'old' specification translation group 😉 )?

Regards,
Stefan

Stefan Thanheiser

Atruvia AG
---
Servicefeld Qualität IT-Sicherheit Einkauf, Tribe Einkauf, Chapter Software Asset & Lizenzmanagement
---
Telefon +49 721 4004-1860
Mobil +49 170 3304133
E-Mail stefan.thanheiser@...




Atruvia AG | www.atruvia.de
AG Frankfurt a. M. HRB 102381 | Sitz der Gesellschaft: Frankfurt a. M. | USt-IdNr. DE 143582320
Vorstand: Martin Beyer (Vorstandssprecher), Ulrich Coenen (Vorstandssprecher), Daniela Bücker, Birgit Frohnhoff, Jörg Staff, Ralf Teufel Vorsitzender des Aufsichtsrats: Jürgen Brinkmann


-----Ursprüngliche Nachricht-----
Von: main@... <main@...> Im Auftrag von Astrid Spura
Gesendet: Dienstag, 25. Januar 2022 16:38
An: main@...
Cc: OpenChain Japan <japan-wg@...>
Betreff: Re: [openchain] FAQ: Common Misunderstandings about OSS Licensing (English and Japanese

Dear Shane,
dear all,

> The OpenChain Japan work group has released a new revision of its FAQ regarding frequent misunderstandings around open source licenses. This FAQ is available in English and Japanese, and assistance in translating it into other languages is very welcome.
We would be happy to help with translation into German language. If there is already work in progress, please get in touch, so that we can share the workload.

> It is important to note that this document is based on real world experiences distilled into very practical knowledge. We are fortunate to have had many companies contribute to it, and it holds great potential to assist the supply chain.
Yes, well done. We appreciate the work. The issues mentioned are comparable with our experiences.

> You can get over on GitHub
>
> https://github.com/OpenChain-Project/OpenChain-JWG/tree/master/Educati
> on_Material/FAQ
Thanks. We will let you know as soon as the German version will be ready.

Best regards,
Astrid

--
Astrid Spura, Compliance & Communication Astrid.Spura@...

Open Source Automation Development Lab (OSADL) eG Im Neuenheimer Feld 583, D-69120 Heidelberg, Germany
Phone: +49(6221)98504-0, Fax: +49(6221)98504-80 office@... http://www.osadl.org
https://youtu.be/z0MiLwP_n40

Location of the company: Heidelberg, Germany Cooperative register #700048 at the district court of Mannheim Chairman of the Supervisory Board: Axel Berghoff
Directors: Andreas Orzelski, Rainer Thieringer Tax number 32080/02883, VAT Id-No DE249975743










Intel Germany GmbH & Co. KG
Registered Address: Lilienthalstraße 15   D-85579 Neubiberg   Germany   Tel +49 89 89 89 97-0   www.intel.com
Registered Office: Neubiberg   Commercial Register: Amtsgericht München HRA 94167
Limited Partner (Kommanditist): Lantiq Intermediate Holdco S.à r.l
General Partner (Komplementär): Intel Germany Holding GmbH   Registered Office: Neubiberg
Commercial Register: Amtsgericht München HRB 180523
Managing Directors (Geschäftsführung): Christin Eisenschmid, Sharon Heck, Tiffany Doon Silva





Re: [germany-wg] [openchain] FAQ: Common Misunderstandings about OSS Licensing (English and Japanese

Stefanie Pors
 

Hi Stefan, Astrid,

Happy to provide a pair of German reviewing eyes as well. (Stefan, the "ping" on the *old* group worked 😉)

Greetings
Steffi

Stefanie Pors

GAT EMEA – Intel Legal Department

-----Original Message-----
From: germany-wg@... <germany-wg@...> On Behalf Of Stefan Thanheiser
Sent: Dienstag, 25. Januar 2022 18:38
To: main@...; germany-wg@...
Subject: Re: [germany-wg] [openchain] FAQ: Common Misunderstandings about OSS Licensing (English and Japanese

Hi Astrid,

please count me in for the translation into German (if you need more helping hands/brains).
I also could offer https://github.com/OCSpecGermanTranslation as collaboration space.

Are there more volunteers (maybe from the 'old' specification translation group 😉 )?

Regards,
Stefan

Stefan Thanheiser

Atruvia AG
---
Servicefeld Qualität IT-Sicherheit Einkauf, Tribe Einkauf, Chapter Software Asset & Lizenzmanagement
---
Telefon +49 721 4004-1860
Mobil +49 170 3304133
E-Mail stefan.thanheiser@...




Atruvia AG | www.atruvia.de
AG Frankfurt a. M. HRB 102381 | Sitz der Gesellschaft: Frankfurt a. M. | USt-IdNr. DE 143582320
Vorstand: Martin Beyer (Vorstandssprecher), Ulrich Coenen (Vorstandssprecher), Daniela Bücker, Birgit Frohnhoff, Jörg Staff, Ralf Teufel Vorsitzender des Aufsichtsrats: Jürgen Brinkmann


-----Ursprüngliche Nachricht-----
Von: main@... <main@...> Im Auftrag von Astrid Spura
Gesendet: Dienstag, 25. Januar 2022 16:38
An: main@...
Cc: OpenChain Japan <japan-wg@...>
Betreff: Re: [openchain] FAQ: Common Misunderstandings about OSS Licensing (English and Japanese

Dear Shane,
dear all,

The OpenChain Japan work group has released a new revision of its FAQ regarding frequent misunderstandings around open source licenses. This FAQ is available in English and Japanese, and assistance in translating it into other languages is very welcome.
We would be happy to help with translation into German language. If there is already work in progress, please get in touch, so that we can share the workload.

It is important to note that this document is based on real world experiences distilled into very practical knowledge. We are fortunate to have had many companies contribute to it, and it holds great potential to assist the supply chain.
Yes, well done. We appreciate the work. The issues mentioned are comparable with our experiences.

You can get over on GitHub

https://github.com/OpenChain-Project/OpenChain-JWG/tree/master/Educati
on_Material/FAQ
Thanks. We will let you know as soon as the German version will be ready.

Best regards,
Astrid

--
Astrid Spura, Compliance & Communication Astrid.Spura@...

Open Source Automation Development Lab (OSADL) eG Im Neuenheimer Feld 583, D-69120 Heidelberg, Germany
Phone: +49(6221)98504-0, Fax: +49(6221)98504-80 office@... http://www.osadl.org
https://youtu.be/z0MiLwP_n40

Location of the company: Heidelberg, Germany Cooperative register #700048 at the district court of Mannheim Chairman of the Supervisory Board: Axel Berghoff
Directors: Andreas Orzelski, Rainer Thieringer Tax number 32080/02883, VAT Id-No DE249975743










Intel Germany GmbH & Co. KG
Registered Address: Lilienthalstraße 15 D-85579 Neubiberg Germany Tel +49 89 89 89 97-0 www.intel.com
Registered Office: Neubiberg Commercial Register: Amtsgericht München HRA 94167
Limited Partner (Kommanditist): Lantiq Intermediate Holdco S.à r.l
General Partner (Komplementär): Intel Germany Holding GmbH Registered Office: Neubiberg
Commercial Register: Amtsgericht München HRB 180523
Managing Directors (Geschäftsführung): Christin Eisenschmid, Sharon Heck, Tiffany Doon Silva


Re: FAQ: Common Misunderstandings about OSS Licensing (English and Japanese

Stefan Thanheiser
 

Hi Astrid,

please count me in for the translation into German (if you need more helping hands/brains).
I also could offer https://github.com/OCSpecGermanTranslation as collaboration space.

Are there more volunteers (maybe from the 'old' specification translation group 😉 )?

Regards,
Stefan

Stefan Thanheiser

Atruvia AG
---
Servicefeld Qualität IT-Sicherheit Einkauf,
Tribe Einkauf,
Chapter Software Asset & Lizenzmanagement
---
Telefon +49 721 4004-1860
Mobil +49 170 3304133
E-Mail stefan.thanheiser@...




Atruvia AG | www.atruvia.de
AG Frankfurt a. M. HRB 102381 | Sitz der Gesellschaft: Frankfurt a. M. | USt-IdNr. DE 143582320
Vorstand: Martin Beyer (Vorstandssprecher), Ulrich Coenen (Vorstandssprecher),
Daniela Bücker, Birgit Frohnhoff, Jörg Staff, Ralf Teufel
Vorsitzender des Aufsichtsrats: Jürgen Brinkmann


-----Ursprüngliche Nachricht-----
Von: main@... <main@...> Im Auftrag von Astrid Spura
Gesendet: Dienstag, 25. Januar 2022 16:38
An: main@...
Cc: OpenChain Japan <japan-wg@...>
Betreff: Re: [openchain] FAQ: Common Misunderstandings about OSS Licensing (English and Japanese

Dear Shane,
dear all,

The OpenChain Japan work group has released a new revision of its FAQ regarding frequent misunderstandings around open source licenses. This FAQ is available in English and Japanese, and assistance in translating it into other languages is very welcome.
We would be happy to help with translation into German language. If there is already work in progress, please get in touch, so that we can share the workload.

It is important to note that this document is based on real world experiences distilled into very practical knowledge. We are fortunate to have had many companies contribute to it, and it holds great potential to assist the supply chain.
Yes, well done. We appreciate the work. The issues mentioned are comparable with our experiences.

You can get over on GitHub

https://github.com/OpenChain-Project/OpenChain-JWG/tree/master/Educati
on_Material/FAQ
Thanks. We will let you know as soon as the German version will be ready.

Best regards,
Astrid

--
Astrid Spura, Compliance & Communication Astrid.Spura@...

Open Source Automation Development Lab (OSADL) eG Im Neuenheimer Feld 583, D-69120 Heidelberg, Germany
Phone: +49(6221)98504-0, Fax: +49(6221)98504-80 office@... http://www.osadl.org
https://youtu.be/z0MiLwP_n40

Location of the company: Heidelberg, Germany Cooperative register #700048 at the district court of Mannheim Chairman of the Supervisory Board: Axel Berghoff
Directors: Andreas Orzelski, Rainer Thieringer Tax number 32080/02883, VAT Id-No DE249975743


Re: FAQ: Common Misunderstandings about OSS Licensing (English and Japanese

Astrid Spura <office@...>
 

Dear Shane,
dear all,

The OpenChain Japan work group has released a new revision of its FAQ regarding frequent misunderstandings around open source licenses. This FAQ is available in English and Japanese, and assistance in translating it into other languages is very welcome.
We would be happy to help with translation into German language. If there is already work in progress, please get in touch, so that we can share the workload.

It is important to note that this document is based on real world experiences distilled into very practical knowledge. We are fortunate to have had many companies contribute to it, and it holds great potential to assist the supply chain.
Yes, well done. We appreciate the work. The issues mentioned are comparable with our experiences.

You can get over on GitHub
https://github.com/OpenChain-Project/OpenChain-JWG/tree/master/Education_Material/FAQ
Thanks. We will let you know as soon as the German version will be ready.

Best regards,
Astrid

--
Astrid Spura, Compliance & Communication
Astrid.Spura@...

Open Source Automation Development Lab (OSADL) eG
Im Neuenheimer Feld 583, D-69120 Heidelberg, Germany
Phone: +49(6221)98504-0, Fax: +49(6221)98504-80
office@...
http://www.osadl.org
https://youtu.be/z0MiLwP_n40

Location of the company: Heidelberg, Germany
Cooperative register #700048 at the district court of Mannheim
Chairman of the Supervisory Board: Axel Berghoff
Directors: Andreas Orzelski, Rainer Thieringer
Tax number 32080/02883, VAT Id-No DE249975743


Re: McHardy’s Trolling Is Over

JerryTan
 

It is a good news.

 

 

发件人: "main@..." <main@...> 代表 Shane Coughlan <scoughlan@...>
答复: "main@..." <main@...>
日期: 2022125 星期二 下午1:14
收件人: OpenChain Main <main@...>
主题: [openchain] McHardy’s Trolling Is Over

 

We previewed this at the end of last year with a talk by Armijn Hemel on a decade of McHardy and the likelihood this individual was less of a threat going into 2022. Now it is official that he has been dealt with in a court of law. He can no longer use Netfilter in speculative, trolling law suits. Learn more:

https://lore.kernel.org/netdev/Ye6jCQm7z0Yr3bqA@salvia/T/

Shane Coughlan

OpenChain General Manager

+818040358083

Book a meeting:

https://meetings.hubspot.com/scoughlan


“A Bug in Early Creative Commons Licenses Has Enabled a New Breed of Superpredator”

 

Very little open source *code* is under Creative Commons licenses. However, a lot of open source *documentation* is under Creative Commons licenses. Therefore, we should keep an eye on this matter.
Copyleft trolls, robosigning, and Pixsy”
https://doctorow.medium.com/a-bug-in-early-creative-commons-licenses-has-enabled-a-new-breed-of-superpredator-5f6360713299

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan

401 - 420 of 4821