Re: OpenChain Reference Tooling Work Group - Third Wednesday Meeting - Jan 18, 2023 14:00 to 15:00, UTC
Hi Helio,
A dynamic response! And elected chairs sound good – I see Shane’s already kicked that off. My apologies, but I don’t want to put myself forward as a chair in this case – at time of writing, Analog Devices is working almost entirely with proprietary tooling. Augmenting this this open source tooling is part of my responsibility but it hasn’t happened yet (anyone got any hours in the day that they’re not using, please feel free to send them over to me instead…); I wouldn’t feel right chairing a group where I don’t have day-to-day experience of at least some of the open source tools under discussion.
steve
From:
Helio Chissini de Castro <heliocastro@...>
Hi all
Yesterday me and some people arrived on time at 15:00 CET, and 5 minutes later, most of us dropped, as we had no agenda whatsoever or meeting plan. And this is becoming recurrent. And maybe again calendars shifted and somehow we got the wrong time.
To avoid this whole process day, i want to propose some changes:
1. Have an chair and a co-chair officially appointed preferably in big different timezones. This reduces the chance of we've been without moderation.
2. Have a pre-agenda for the meeting at least 2 days before, use the OpenChain or Open-Source-Compliance github Wiki to write the agenda. Must be collaborative. Anyone can add topics. Is encouraged to even extend the agenda topic to come to the meeting more informed, like a threaded pre-discussion
IF no agenda is formally set, the meeting will be formally adjourned on that week, but the channel will be open to anyone who wants to join and discuss if times allow. This is specifically for people that needs to arrange their time, so they know that formal meetings will not happen.
3. IF we have a need to discuss something technical or general | hanging out", we can set the meeting as a Fringe meeting, but we need to have a central topic to us as a starting point. This differs from point 3 as there's no directioned talk, we freely jump on the topic. But again, the above rule should be maintained, the Fringe meeting needs to be announced.
@Fendt, Oliver If you are still around the group and OSSELOT is not taking all your time nowadays, maybe a proposal to unify Open-Source-Complicance content under OpenChain github as we already are under the "brand" ? ( i know, it will be some license hunting for owners )
@Shane Coughlan Can you have some insights on that. ?
@Stephen Kilbane you could be the main chair. How about that ?
Best regards and have a nice weekend Helio
On Thu, Jan 19, 2023 at 10:53 PM Carlo Piana <carlo@...> wrote:
|
||||||||||||
|
||||||||||||
OpenChain Education Work Group 2023-01-19 – Recording
The recording of the latest Education Work Group meeting is here:
https://www.openchainproject.org/news/2023/01/19/education-work-group-2023-01-19-recording Kudos to Nathan for running. Everyone, this is an excellent way to track and contribute to how we present OpenChain specifications and their supporting material to the world. Remember: you can join our education work group to contribute via email here: https://lists.openchainproject.org/g/education
|
||||||||||||
|
||||||||||||
OpenChain Automation Work Group Election (was: Re: [openchain] OpenChain Reference Tooling Work Group - Third Wednesday Meeting - Jan 18, 2023 14:00 to 15:00, UTC)
Understood! Let’s fix this.
toggle quoted messageShow quoted text
Oliver has been very busy in recent times and Jan has stepped forward to help run the group. However, we did not have a formal Chair and Vice Chair or Co-Chair election. This means we are relying on an informal process to run the meetings. I suggest we have the election now to help the Automation Work Group have consistency moving forward. Let’s run the election over the next one and a half weeks.
Once we have our new setup, the Co-Chairs can decide the schedule and agenda for February onward. If there is a delay in confirming the chairs or setting the schedule, the February 1st call will be rescheduled.
On Jan 20, 2023, at 16:34, Helio Chissini de Castro <heliocastro@...> wrote:
|
||||||||||||
|
||||||||||||
Re: OpenChain Reference Tooling Work Group - Third Wednesday Meeting - Jan 18, 2023 14:00 to 15:00, UTC
Correct, on 18th Sorry for the confusion
On Fri, Jan 20, 2023 at 8:28 AM Shane Coughlan <scoughlan@...> wrote: Just to clarify: do you mean you entered the room on January 18th at 14:00 UTC (15:00 CET)? The tooling work group was scheduled for this time.
|
||||||||||||
|
||||||||||||
Re: OpenChain Reference Tooling Work Group - Third Wednesday Meeting - Jan 18, 2023 14:00 to 15:00, UTC
Just to clarify: do you mean you entered the room on January 18th at 14:00 UTC (15:00 CET)? The tooling work group was scheduled for this time.
toggle quoted messageShow quoted text
Checking because your mail arrived on January 20th. Shane
On Jan 20, 2023, at 16:22, Helio Chissini de Castro <heliocastro@...> wrote:
|
||||||||||||
|
||||||||||||
Re: OpenChain Reference Tooling Work Group - Third Wednesday Meeting - Jan 18, 2023 14:00 to 15:00, UTC
Hi all Yesterday me and some people arrived on time at 15:00 CET, and 5 minutes later, most of us dropped, as we had no agenda whatsoever or meeting plan. And this is becoming recurrent. And maybe again calendars shifted and somehow we got the wrong time. To avoid this whole process day, i want to propose some changes: 1. Have an chair and a co-chair officially appointed preferably in big different timezones. This reduces the chance of we've been without moderation. 2. Have a pre-agenda for the meeting at least 2 days before, use the OpenChain or Open-Source-Compliance github Wiki to write the agenda. Must be collaborative. Anyone can add topics. Is encouraged to even extend the agenda topic to come to the meeting more informed, like a threaded pre-discussion IF no agenda is formally set, the meeting will be formally adjourned on that week, but the channel will be open to anyone who wants to join and discuss if times allow. This is specifically for people that needs to arrange their time, so they know that formal meetings will not happen. 3. IF we have a need to discuss something technical or general | hanging out", we can set the meeting as a Fringe meeting, but we need to have a central topic to us as a starting point. This differs from point 3 as there's no directioned talk, we freely jump on the topic. But again, the above rule should be maintained, the Fringe meeting needs to be announced. @Fendt, Oliver If you are still around the group and OSSELOT is not taking all your time nowadays, maybe a proposal to unify Open-Source-Complicance content under OpenChain github as we already are under the "brand" ? ( i know, it will be some license hunting for owners ) @Shane Coughlan Can you have some insights on that. ? @Stephen Kilbane you could be the main chair. How about that ? Best regards and have a nice weekend Helio
On Thu, Jan 19, 2023 at 10:53 PM Carlo Piana <carlo@...> wrote:
|
||||||||||||
|
||||||||||||
Re: OpenChain Reference Tooling Work Group - Third Wednesday Meeting - Jan 18, 2023 14:00 to 15:00, UTC
Carlo Piana <carlo@...>
Hi I and Alberto have ourselves set up a BBB machine -- and in case we can offer to host the next meeting. On the one hand I have attended many meetings on the FSFE's instance without a hiccup. On the other hand, it would appear that certain firewall conditions would prevent from correctly establishing a good audio connection and despite all certain clients could not join with a PC -- a phone would join. Apparently there is a setup and we took advice from Paolo Vecchi, reinstalled the machine and it should now work thanks to the use of a turn server. So, for a smallish group as this, I can offer to host to see if the same problem occurs, and guide FSFE to a resolution if no problems are encountered. Cheers Carlo
Da: "Steve Kilbane" <stephen.kilbane@...>
|
||||||||||||
|
||||||||||||
Re: Invitation: OpenChain Education Work Group Meeting @ Fri Jan 20, 2023 02:00 - 03:00 (JST) (main@lists.openchainproject.org)
Hi Nathan!
toggle quoted messageShow quoted text
I won’t be there in person (02:00 my time), but I wanted to flag that the website had substantial updates recently, so it might be worth a look. Everyone, dial in here: Shane Shane Coughlan OpenChain General Manager +818040358083 Book a meeting: https://meetings.hubspot.com/scoughlan
On Jan 19, 2023, at 17:24, Shane Coughlan <scoughlan@...> wrote:
|
||||||||||||
|
||||||||||||
Re: Invitation: OpenChain Education Work Group Meeting @ Fri Jan 20, 2023 02:00 - 03:00 (JST) (main@lists.openchainproject.org)
Nathan Kumagai
Hi all -
Just a reminder that the Education Work Group has a working session coming up. We're working on
updating the key documents that help promote our projects, among other things our FAQ. We also value your feedback on what has been useful to you, and what content you hope to see.
All are welcome!
Nathan
From: main@... <main@...> on behalf of OpenChain Global Calendar <c_08seb6095ofjtfr5fjb5tabgl4@...>
Sent: Sunday, January 15, 2023 10:49 PM To: OpenChain Education <education@...>; OpenChain Main <main@...> Subject: [openchain] Invitation: OpenChain Education Work Group Meeting @ Fri Jan 20, 2023 02:00 - 03:00 (JST) (main@...) When: Thursday, January 19, 2023 9:00 AM-10:00 AM. Where: https://zoom.us/j/4377592799
|
||||||||||||
|
||||||||||||
Re: OpenChain Reference Tooling Work Group - Third Wednesday Meeting - Jan 18, 2023 14:00 to 15:00, UTC
If the work group is ok, we can always use the main OpenChain room on Zoom. No setup or passcode necessary, just enter the link and it automatically records the event: Jan, Oliver, what do you think?
On Jan 19, 2023, at 4:24, Steve Kilbane <stephen.kilbane@...> wrote:
|
||||||||||||
|
||||||||||||
Re: OpenChain Reference Tooling Work Group - Third Wednesday Meeting - Jan 18, 2023 14:00 to 15:00, UTC
FWIW, I’ve always struggled with BBB. Previously, the audio has always sounded like it’s underwater, and (I think) people weren’t able to make out what I was saying – but the recordings showed that it was just me.
More recently, I’ve found that it struggles with my headset, but it works better if I use the machine’s built-in speakers and mic. But again, I’ve assumed that was just me.
From:
main@... <main@...> on behalf of Christopher Wood <cvw01@...>
Hello It seems like the Bluebutton app doesn’t work too well. I couldn’t get it to establish audio connection and it seemed that others had the same issue. Regards Chris
|
||||||||||||
|
||||||||||||
Re: OpenChain Reference Tooling Work Group - Third Wednesday Meeting - Jan 18, 2023 14:00 to 15:00, UTC
Christopher Wood
Hello It seems like the Bluebutton app doesn’t work too well. I couldn’t get it to establish audio connection and it seemed that others had the same issue. Regards Chris
On Jan 18, 2023, at 4:51 AM, Shane Coughlan <scoughlan@...> wrote:
|
||||||||||||
|
||||||||||||
OpenChain Reference Tooling Work Group - Third Wednesday Meeting - Jan 18, 2023 14:00 to 15:00, UTC
A reminder that the automotive work group has its regular meeting later today ☺️ OpenChain Reference Tooling Work Group - Third Wednesday Meeting Scheduled: Jan 18, 2023 14:00 to 15:00, UTC Location: https://conf.fsfe.org/b/compliance-tooling
|
||||||||||||
|
||||||||||||
FossID / OpenChain Event in Japan - 2023-02-02
Oskar and Jon will be visiting Japan with other people from the newly independent FOSSID to help provide a market overview. The meeting takes place on the 2nd of February between 10:00 and 14:00 in Shinagawa. Of course I will be there with an OpenChain talk.
This will be a market strategy event, focused on getting knowledge from abroad because our travel is limited. It is also suitable for business managers and decision-makers or legal people. Learn more and register (in Japanese): https://www.openchainproject.org/news/2023/01/17/special-event-fossid-2023-02-02
|
||||||||||||
|
||||||||||||
External: OSPO Meetup Finland – Helsinki – 2023-01-26 17:00 CET
Our community colleagues in Finland are holding an OSPO-related event in late January that will cover OpenChain. Learn more and register here:
https://www.meetup.com/helsinki-ospo-local-meetup-supported-by-todo-group/events/290913818/ https://www.openchainproject.org/news/2023/01/17/external-ospo-meetup-finland-helsinki-2023-01-26-1700-cet
|
||||||||||||
|
||||||||||||
OpenChain Monthly North America / Asia Meeting 2023-01-17 – Recording
Our regular monthly call for North America / Asia saw some discussion around two key topics for the next generations of our specifications for license compliance and for security. One related to whether we need to be more prescriptive regarding the content of contribution policies, and another related to whether our existing approach to defining open source worked in both standards. The outcomes are covered in our recording and the slides from the meeting are also available.
https://www.openchainproject.org/news/2023/01/17/openchain-monthly-north-america-asia-meeting-2023-01-17
|
||||||||||||
|
||||||||||||
OpenChain Automation Case Study #7 – VulnerableCode technical deep dive into VulnTotal - 2023-02-07 at 09:00 CET (08:00 UTC)
Philippe Ombredanne from nexB will lead a technical deep dive into VulnTotal on the 7th of February at 09:00 CET (08:00 UTC). Join us in our usual room here:
• https://zoom.us/j/4377592799 This deep dive is about as aspect of the AboutCode Project, with VulnerableCode providing tools to collect, aggregate and refine software vulnerability information from more than 20 sources and tools to quickly create new “importers”. VulnTotal is something that came out of Google Summer of Code 2022. Learn more: https://www.openchainproject.org/news/2023/01/16/openchain-automation-case-study-7-2023-02-07
|
||||||||||||
|
||||||||||||
Invitation: OpenChain Automation Case Study #7 - VulnerableCode techn... @ Tue Feb 7, 2023 17:00 - 18:00 (JST) (main@lists.openchainproject.org)
|
||||||||||||
|
||||||||||||
Licensing Spec: Should we revisit contribution - pointers to elsewhere or more than generic policy request?
Issue under discussion here:
https://github.com/OpenChain-Project/License-Compliance-Specification/issues/62 == Here is what we currently have: == 3.5.1 - Contributions If an organization considers contributions to open source projects, then a written policy shall exist that governs contributions to open source projects; the policy shall be internally communicated; and a process shall exist that implements the policy Verification material(s): If an organization permits contributions to open source projects, then the following shall exist: 3.5.1.1 - A documented open source contribution policy; 3.5.1.2 - A documented procedure that governs open source contributions; and 3.5.1.3 - A documented procedure that makes all program participants aware of the existence of the open source contribution policy (e.g., via training, internal wiki, or other practical communication method). == Discussion == On the January 2023 North America / Europe call we discussed whether more details were needed. For example, should we say what the policy should contain? It was agreed that with our official focus of "the what and why" (avoid the how and when), it is appropriate to remain high level. == January 2023 North America / Asia call participants outcome == Discussion on call had this outcome: the current text fits the "what" approach and we should avoid going to "how," so we will not change this text in the next iteration of the specification. Issue is being closed. Can reopen if people feel strongly.
|
||||||||||||
|
||||||||||||
Security Spec: Revisit Definitions 2.7 - Open Source
Further discussion was contained here:
OpenChain-Project/License-Compliance-Specification#63 Consolidating to this issue (and closing License Compliance Spec Issue 63) because it seems we will conclude with: • Our current approach appears workable for the market situation • The one change should be to harmonize between Licensing and Security to this language: "software subject to one or more licenses that meet the Open Source Definition published by the Open Source Initiative (see opensource.org/osd) or the Free Software Definition published by the Free Software Foundation (see gnu.org/philosophy/free-sw.html) or similar license” This would involve adding "or similar license" to the Security Assurance Spec. Full discussion here: https://github.com/OpenChain-Project/Security-Assurance-Specification/issues/20
|
||||||||||||
|