|
OpenChain Japan Work Group Meeting #25 (Virtual #12) on 2022-10-31
The OpenChain Japan Work Group will host its next meeting on the 31st of October between 15:30 and 16:30 JST. This meeting will be held mostly in Japanese. All are welcome.
Check out all the details here: This is a good one to attend if you are interested in supplier education and OSPO topics. 
|
||||||||||||
|
|
||||||||||||
|
IMPORTANT REMINDER: Telco Work Group meeting today - Telco SBOM Spec in Drafting
Dear all
The OpenChain Telco Work Group has a meeting today at 17:00 CEST (15:00 UTC). This meeting will be of special interest to anyone working on matters related to SBOMs, as the work group is currently drafting a telco spec related to this topic: https://github.com/OpenChain-Project/telco/blob/main/OpenChain%20Telco%20SBOM%20Specification.md Absent other pressing agenda items, the call today will focus on collecting feedback for this specification via issues submitted live on the call (by the chair) or offline (by you directly). Join us: https://zoom.us/j/4377592799 Regards Shane — Shane Coughlan General Manager, OpenChain e: scoughlan@... p: +81 (0) 80 4035 8083 w: www.linuxfoundation.org Schedule a call: https://meetings.hubspot.com/scoughlan
|
||||||||||||
|
|
||||||||||||
|
Re: OpenChain GitHub training repo
Awesome, thanks Steve.
toggle quoted messageShow quoted text
Shane Coughlan OpenChain General Manager +818040358083 Book a meeting: https://meetings.hubspot.com/scoughlan
On Oct 6, 2022, at 11:14, Steve Kilbane <stephen.kilbane@...> wrote:
|
||||||||||||
|
|
||||||||||||
|
Re: OpenChain GitHub training repo
Oh, fabulous! I’ll give it a read-through, and then follow said instructions for creating a PR to add mention of this to the CONTRIBUTING.md file. 😊
Thanks,
steve
From:
main@... <main@...> on behalf of Sean McIlroy (LF, PM) <smcilroy@...>
Hello all,
Please note we have a GitHub training repo to help OpenChain members collaborate through GitHub.
The first rollout outlines the 5 simple steps on how to create a PR This week a second page will be published to guide you through the steps on how to submit an Issue.
If you have any feedback or you'd like me to create some training guidelines to help with Working Group engagement/collaboration, please let me know. --
|
||||||||||||
|
|
||||||||||||
|
Invitation: OpenChain Telco Work Group Monthly Meeting - Morning @ Monthly from 09:00 to 10:00 on the first Thursday (CEST) (main@lists.openchainproject.org)
|
||||||||||||
|
|
||||||||||||
|
Invitation: OpenChain Telco Work Group Monthly Meeting - Afternoon @ Monthly from 17:00 to 18:00 on the first Thursday (CEST) (main@lists.openchainproject.org)
|
||||||||||||
|
|
||||||||||||
|
OpenChain GitHub training repo
Sean McIlroy (LF, PM)
Hello all, Please note we have a GitHub training repo to help OpenChain members collaborate through GitHub. The first rollout outlines the 5 simple steps on how to create a PR This week a second page will be published to guide you through the steps on how to submit an Issue. If you have any feedback or you'd like me to create some training guidelines to help with Working Group engagement/collaboration, please let me know. --
|
||||||||||||
|
|
||||||||||||
|
OpenChain Call to Action: Markdown Series Ends with Substantial Progress
The OpenChain Call to Action series dedicated to break-outs focusing on migrating our reference library to markdown has come to an end. We have seen substantial progress on our goal of ensuring long-term maintainability of the resource library, and in converting key resources into markdown to get us started.
Firstly, you will find updated instructions about our repository here: https://github.com/OpenChain-Project/Reference-Material/blob/master/README.md Secondly, you will find contribution guidelines here: https://github.com/OpenChain-Project/Reference-Material/blob/master/CONTRIBUTING.md And finally you will find a rolling priority list of resources to be converted here: https://github.com/OpenChain-Project/Reference-Material/blob/master/markdown-conversion-queue.md The first major outcome of our activity has been completed with the release of the ISO/IEC 5230 self-certification questionnaire in markdown format here: https://github.com/OpenChain-Project/Reference-Material/blob/master/Self-Certification/Questionnaire/ISO5230-2020/en/OpenChain%20Self-Certification%20Questionnaire%202021-11-26.md This allowed us to quickly explore a new structure and build a self-certification checklist here: https://github.com/OpenChain-Project/Reference-Material/blob/master/Self-Certification/Checklist/ISO5230-2020/en/OpenChain%20Self-Certification%20Checklist%202022-10-05.md Your help in reviewing this material, in converting new material and in suggesting improvements to our processes is always welcome. We are now turning this activity over to the Education Work Group, and you will find that here: https://lists.openchainproject.org/g/education Huge thanks to everyone involved, especially Balakrishna, Carlo and Steve for a tremendous lift. Kudos also to Lufuno for actively participating as one of her first contribution cycles around the project.
|
||||||||||||
|
|
||||||||||||
|
OpenChain Self-Certification Questionnaire and Checklist
Dear All
As part of our newly evolved situation with two specifications in market (one ISO/IEC standard for license compliance and one de facto but soon to be ISO/IEC standard for security compliance), our self-certification efforts are ripe for revamp and expansion. We took the first step in that direction today by creating a version of the Self-Certification Questionnaire for ISO/IEC 5230 in MarkDown based on the material from the existing Self-Certification Web App located on the OpenChain Website. Huge credit to Steve @ Analogue Devices for this work. Steve’s initial contribution gives us a super clean and easy way to review and improve the questions for self-certification related to ISO/IEC 5230: https://github.com/OpenChain-Project/Reference-Material/blob/master/Self-Certification/Questionnaire/ISO5230-2020/en/OpenChain%20Self-Certification%20Questionnaire%202021-11-26.md It also provides us with a clean way to fork and create a sister self-certification questionnaire for our Security Assurance Specification, the sister standard to ISO/IEC 5230. Oh way, but there is more! On the markdown call today we decided that the best structure moving forward is checklist rather than a questionnaire. This is initially identical to the self-certification questionnaire in terms of structure and general wording, but everything is phrased as a statement rather than a question. You can find there here: https://github.com/OpenChain-Project/Reference-Material/blob/master/Self-Certification/Checklist/ISO5230-2020/en/OpenChain%20Self-Certification%20Checklist%202022-10-05.md And now we have a call to action. Please help review the checklist and see what you think of the wording for each statement. Is it clear enough? Can you improve it? If you find bugs or opportunities for improvement, please open an issue or a pull request to help make self-certification to ISO/IEC 5230 easier than ever. What we do will feed back into the primary website resources, and it will form the basis of new self-certification material for our Security Assurance Reference Specification. Regards Shane
|
||||||||||||
|
|
||||||||||||
|
Invitation: OpenChain Call to Action: MarkDown in the Reference Library @ Every 2 weeks from 10:30 to 11:30 on Wednesday from Wed Oct 5 to Wed Oct 5 (CEST) (main@lists.openchainproject.org)
|
||||||||||||
|
|
||||||||||||
|
OpenChain website FAQ - Moved to Markdown and ready for editing
One of the outcomes of our monthly community call today…
https://github.com/OpenChain-Project/Reference-Material/blob/master/FAQ/1.0/en/faq.md Nathan, it’s not in as bad shape as I thought it might be, so it seems we can quickly get it back to a directly useful resource. I am going to do a serious edit sweep tomorrow.
|
||||||||||||
|
|
||||||||||||
|
The OpenChain Security Assurance Specification 1.1 Now Available
After a review cycle with ISO/IEC WG/SC27 the OpenChain Security Assurance Specification 1.1 is now available.
The OpenChain Security Assurance Specification 1.1 is being prepared by the Joint Development Foundation for submission to ISO/IEC JTC-1 via the PAS Transposition Process. We expect the specification to graduate as an ISO/IEC International Standard in mid-2023. Meanwhile, it is ready for market adoption as a de facto industry standard. Learn more: https://www.openchainproject.org/news/2022/10/04/the-openchain-security-assurance-specification-1-1-now-available Check out the specification in multiple formats on GitHub: https://github.com/OpenChain-Project/Security-Assurance-Specification/tree/main/Security-Assurance-Specification/1.1/en
|
||||||||||||
|
|
||||||||||||
|
OpenChain Security Assurance Spec – WG-SC27 Comment Review Calls – Recordings
We recently held two calls to review feedback from ISO/IEC WG/SC27 on our recently completed OpenChain Security Assurance Specification. These calls provided feedback ahead of our formal submission into the JTC-1 PAS Transposition Process. At the link and after the video you will find the full guidance provided to our community during this review process. The end result can be found in the OpenChain Security Assurance Specification 1.1, which has now been handed over to Joint Development Foundation (JDF) for entry into the JTC-1 PAS Transposition Process during October. https://www.openchainproject.org/news/2022/10/04/security-assurance-sc27-review-calls
|
||||||||||||
|
|
||||||||||||
|
Small Company Playbook Now Available
Huge thanks to Balakrishna, Martin, Jari and others for helping make this happen!
== The OpenChain Project is delighted to announce the launch of our latest playbook. Focused on small companies, and created by the Education Work Group over the summer, this playbook helps you to contextualize the tasks involved with OpenChain ISO/IEC 5230 adoption. It is short, simple and directly relevant to things like: • Getting management support • Creating realistic policy and processes • Operating an open source program office (OSPO) with low resources • Ensuring you have the key requirements of a quality license compliance program While targeted towards small companies, the concepts used in this document are useful for medium and large companies as well. This of this as a “minimum viable product” when it comes to considering compliance programs and open source program offices. As with all our reference material, this playbook is available free of charge and under CC-0 licensing (effectively public domain). It is currently published as a PDF, Word Document and in Open Document Format. More formats will be coming in the future. Get the playbook here: https://www.openchainproject.org/featured/2022/10/04/small-company-playbook-v1
|
||||||||||||
|
|
||||||||||||
|
REMINDER: OpenChain Monthly Community Call - 09:00 PST (16:00 UTC) on 1st Tuesday (Tomorrow)
Dear all
Tomorrow we have our Monthly Community Call. We will be: Looking at the new security specification and covering its ISO/IEC submission Working on Our Path to Conformance Reviewing our FAQ And more… Full Agenda 1. Introductions 2. Specification (process standards) news 3. SBOM news 4. OSPO news 5. Automation news 6. Community feedback and comments - issues for standards and core supporting material 7. Community feedback and comments - issues for reference and supporting material 8. Community feedback and comments - issues to support other projects 9. Any other business 10. Close of meeting This meeting is held in the OpenChain Project Zoom room: https://zoom.us/j/4377592799 Check your timezone: PDT United States Pacific UTC-07:00 UTC Coordinated Universal Time UTC CET Central European Time UTC+01:00 IST India Standard Time UTC+05:30 CST China Standard Time UTC+08:00 KST Korea Standard Time UTC+09:00 JST Japan Standard Time UTC+09:00 Compare timezones: https://www.worldtimebuddy.com Shane Coughlan OpenChain General Manager +818040358083 Book a meeting: https://meetings.hubspot.com/scoughlan
|
||||||||||||
|
|
||||||||||||
|
Updating our Path to Conformance - Next regular monthly call - 2022-10-04 @ 16:00 UTC
Our regular monthly community call takes place tomorrow (October 4th) at 16:00 UTC.
One item I would like to cover is a live edit of our Path to Conformance page: https://www.openchainproject.org/get-started/conformance/path The website has been getting a huge refresh with the new Security Assurance Spec release, and the Path to Conformance has some specific feedback from community members about improvements possible. Regards Shane
|
||||||||||||
|
|
||||||||||||
|
Education Work Team - Time to refresh our FAQ
Hey everyone!
It is time to refresh our FAQ. We definitely need to add some stuff for the Security Assurance Specification. The OpenChain regular monthly call is tomorrow at 18:00 UTC. Shall we do our editing then? https://www.openchainproject.org/resources/faq Regards Shane
|
||||||||||||
|
|
||||||||||||
|
OpenChain Reference Tooling Work Group - Regular First and Third Wednesday Meetings Announced
Dear all
In coordination with Jan, we are returning to our regular schedule for the OpenChain Reference Tooling Work Group meetings. About: The OpenChain Reference Tooling Work Group holds meetings on a bi-weekly schedule. These are designed to allow anyone with an interest in open source tooling for open source compliance to learn more, share ideas, and contribute knowledge. All levels of experience are welcome. First Wednesday: 08:00 UTC Third Wednesday: 16:00 UTC At the scheduled time click to join the voice, video or screen sharing session: https://conf.fsfe.org/b/compliance-tooling Access Code: 199143 Calendar invites were sent to these lists as well :) Regards Shane
|
||||||||||||
|
|
||||||||||||
|
Invitation: OpenChain Reference Tooling Work Group - Third Wednesday ... @ Monthly from 16:00 to 17:00 on the third Wednesday (CEST) (main@lists.openchainproject.org)
|
||||||||||||
|
|
||||||||||||
|
Invitation: OpenChain Reference Tooling Work Group - First Monday Mee... @ Monthly from 10:00 to 11:00 on the first Wednesday (CEST) (main@lists.openchainproject.org)
|
||||||||||||
|
|