Date   

OpenChain Japan Work Group Meeting #25 (Virtual #12) on 2022-10-31

 

The OpenChain Japan Work Group will host its next meeting on the 31st of October between 15:30 and 16:30 JST. This meeting will be held mostly in Japanese. All are welcome.

Check out all the details here:

This is a good one to attend if you are interested in supplier education and OSPO topics.


IMPORTANT REMINDER: Telco Work Group meeting today - Telco SBOM Spec in Drafting

 

Dear all

The OpenChain Telco Work Group has a meeting today at 17:00 CEST (15:00 UTC).

This meeting will be of special interest to anyone working on matters related to SBOMs, as the work group is currently drafting a telco spec related to this topic:
https://github.com/OpenChain-Project/telco/blob/main/OpenChain%20Telco%20SBOM%20Specification.md

Absent other pressing agenda items, the call today will focus on collecting feedback for this specification via issues submitted live on the call (by the chair) or offline (by you directly).

Join us:
https://zoom.us/j/4377592799

Regards

Shane


Shane Coughlan
General Manager, OpenChain
e: scoughlan@...
p: +81 (0) 80 4035 8083
w: www.linuxfoundation.org

Schedule a call:
https://meetings.hubspot.com/scoughlan


Re: OpenChain GitHub training repo

 

Awesome, thanks Steve.

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan

On Oct 6, 2022, at 11:14, Steve Kilbane <stephen.kilbane@...> wrote:



Oh, fabulous! I’ll give it a read-through, and then follow said instructions for creating a PR to add mention of this to the CONTRIBUTING.md file. 😊

 

Thanks,

 

steve

 

From: main@... <main@...> on behalf of Sean McIlroy (LF, PM) <smcilroy@...>
Date: Wednesday, 5 October 2022 at 23:00
To: main@... <main@...>
Subject: [openchain] OpenChain GitHub training repo

[External]

 

Hello all,

 

Please note we have a GitHub training repo to help OpenChain members collaborate through GitHub.

 

The first rollout outlines the 5 simple steps on how to create a PR

This week a second page will be published to guide you through the steps on how to submit an Issue.

 

If you have any feedback or you'd like me to create some training guidelines to help with Working Group engagement/collaboration, please let me know.

--

Regards

 

Sean Mcilroy

Program Manager - Linux Foundation

Timezone: GMT 

 


Re: OpenChain GitHub training repo

Steve Kilbane
 

Oh, fabulous! I’ll give it a read-through, and then follow said instructions for creating a PR to add mention of this to the CONTRIBUTING.md file. 😊

 

Thanks,

 

steve

 

From: main@... <main@...> on behalf of Sean McIlroy (LF, PM) <smcilroy@...>
Date: Wednesday, 5 October 2022 at 23:00
To: main@... <main@...>
Subject: [openchain] OpenChain GitHub training repo

[External]

 

Hello all,

 

Please note we have a GitHub training repo to help OpenChain members collaborate through GitHub.

 

The first rollout outlines the 5 simple steps on how to create a PR

This week a second page will be published to guide you through the steps on how to submit an Issue.

 

If you have any feedback or you'd like me to create some training guidelines to help with Working Group engagement/collaboration, please let me know.

--

Regards

 

Sean Mcilroy

Program Manager - Linux Foundation

Timezone: GMT 

 


Invitation: OpenChain Telco Work Group Monthly Meeting - Morning @ Monthly from 09:00 to 10:00 on the first Thursday (CEST) (main@lists.openchainproject.org)

 

OpenChain Telco Work Group Monthly Meeting - Morning
Join us at 07:00 UTC right here:https://zoom.us/j/4377592799Check your timezone:PDT United States Pacific UTC-07:00UTC Coordinated Universal Time UTCCET Central European Time UTC+01:00IST India Standa
 
Join us at 07:00 UTC right here:
https://zoom.us/j/4377592799

Check your timezone:
PDT United States Pacific UTC-07:00
UTC Coordinated Universal Time UTC
CET Central European Time UTC+01:00
IST India Standard Time UTC+05:30
CST China Standard Time UTC+08:00
KST Korea Standard Time UTC+09:00
JST Japan Standard Time UTC+09:00

Compare timezones:
https://www.worldtimebuddy.com

Join via one tap mobile:
+86 10 8783 3177,,4377592799# Mainland China
+33 1 8699 5831,,4377592799# France
+49 69 7104 9922,,4377592799# Germany
+81 524 564 439,,4377592799# Japan
+82 2 3143 9612,,4377592799# Korea
+91 80 71 279 440,,4377592799# India
+886 (2) 7741 7473,,4377592799# Taiwan
+44 330 088 5830,,4377592799# UK
+13017158592,,4377592799# USA

Find your local country number:
https://zoom.us/u/awFnORNiA
Meeting ID: 437 759 2799

When

Monthly from 09:00 to 10:00 on the first Thursday (Central European Time - Paris)
RSVP for main@... for all events in this series

Invitation from Google Calendar

You are receiving this email because you are an attendee on the event. To stop receiving future updates for this event, decline this event.

Forwarding this invitation could allow any recipient to send a response to the organizer, be added to the guest list, invite others regardless of their own invitation status, or modify your RSVP. Learn more


Invitation: OpenChain Telco Work Group Monthly Meeting - Afternoon @ Monthly from 17:00 to 18:00 on the first Thursday (CEST) (main@lists.openchainproject.org)

 

OpenChain Telco Work Group Monthly Meeting - Afternoon
Join us at 15:00 UTC right here:https://zoom.us/j/4377592799Check your timezone:PDT United States Pacific UTC-07:00UTC Coordinated Universal Time UTCCET Central European Time UTC+01:00IST India Standa
 
Join us at 15:00 UTC right here:
https://zoom.us/j/4377592799

Check your timezone:
PDT United States Pacific UTC-07:00
UTC Coordinated Universal Time UTC
CET Central European Time UTC+01:00
IST India Standard Time UTC+05:30
CST China Standard Time UTC+08:00
KST Korea Standard Time UTC+09:00
JST Japan Standard Time UTC+09:00

Compare timezones:
https://www.worldtimebuddy.com

Join via one tap mobile:
+86 10 8783 3177,,4377592799# Mainland China
+33 1 8699 5831,,4377592799# France
+49 69 7104 9922,,4377592799# Germany
+81 524 564 439,,4377592799# Japan
+82 2 3143 9612,,4377592799# Korea
+91 80 71 279 440,,4377592799# India
+886 (2) 7741 7473,,4377592799# Taiwan
+44 330 088 5830,,4377592799# UK
+13017158592,,4377592799# USA

Find your local country number:
https://zoom.us/u/awFnORNiA
Meeting ID: 437 759 2799

When

Monthly from 17:00 to 18:00 on the first Thursday (Central European Time - Paris)
RSVP for main@... for all events in this series

Invitation from Google Calendar

You are receiving this email because you are an attendee on the event. To stop receiving future updates for this event, decline this event.

Forwarding this invitation could allow any recipient to send a response to the organizer, be added to the guest list, invite others regardless of their own invitation status, or modify your RSVP. Learn more


OpenChain GitHub training repo

Sean McIlroy (LF, PM)
 

Hello all,

Please note we have a GitHub training repo to help OpenChain members collaborate through GitHub.

The first rollout outlines the 5 simple steps on how to create a PR
This week a second page will be published to guide you through the steps on how to submit an Issue.

If you have any feedback or you'd like me to create some training guidelines to help with Working Group engagement/collaboration, please let me know.
--
Regards

Sean Mcilroy
Program Manager - Linux Foundation
Timezone: GMT 


OpenChain Call to Action: Markdown Series Ends with Substantial Progress

 

The OpenChain Call to Action series dedicated to break-outs focusing on migrating our reference library to markdown has come to an end. We have seen substantial progress on our goal of ensuring long-term maintainability of the resource library, and in converting key resources into markdown to get us started.

Firstly, you will find updated instructions about our repository here:
https://github.com/OpenChain-Project/Reference-Material/blob/master/README.md

Secondly, you will find contribution guidelines here:
https://github.com/OpenChain-Project/Reference-Material/blob/master/CONTRIBUTING.md

And finally you will find a rolling priority list of resources to be converted here:
https://github.com/OpenChain-Project/Reference-Material/blob/master/markdown-conversion-queue.md

The first major outcome of our activity has been completed with the release of the ISO/IEC 5230 self-certification questionnaire in markdown format here:
https://github.com/OpenChain-Project/Reference-Material/blob/master/Self-Certification/Questionnaire/ISO5230-2020/en/OpenChain%20Self-Certification%20Questionnaire%202021-11-26.md

This allowed us to quickly explore a new structure and build a self-certification checklist here:
https://github.com/OpenChain-Project/Reference-Material/blob/master/Self-Certification/Checklist/ISO5230-2020/en/OpenChain%20Self-Certification%20Checklist%202022-10-05.md

Your help in reviewing this material, in converting new material and in suggesting improvements to our processes is always welcome. We are now turning this activity over to the Education Work Group, and you will find that here:
https://lists.openchainproject.org/g/education

Huge thanks to everyone involved, especially Balakrishna, Carlo and Steve for a tremendous lift. Kudos also to Lufuno for actively participating as one of her first contribution cycles around the project.


OpenChain Self-Certification Questionnaire and Checklist

 

Dear All

As part of our newly evolved situation with two specifications in market (one ISO/IEC standard for license compliance and one de facto but soon to be ISO/IEC standard for security compliance), our self-certification efforts are ripe for revamp and expansion.

We took the first step in that direction today by creating a version of the Self-Certification Questionnaire for ISO/IEC 5230 in MarkDown based on the material from the existing Self-Certification Web App located on the OpenChain Website. Huge credit to Steve @ Analogue Devices for this work.

Steve’s initial contribution gives us a super clean and easy way to review and improve the questions for self-certification related to ISO/IEC 5230:
https://github.com/OpenChain-Project/Reference-Material/blob/master/Self-Certification/Questionnaire/ISO5230-2020/en/OpenChain%20Self-Certification%20Questionnaire%202021-11-26.md

It also provides us with a clean way to fork and create a sister self-certification questionnaire for our Security Assurance Specification, the sister standard to ISO/IEC 5230.

Oh way, but there is more!

On the markdown call today we decided that the best structure moving forward is checklist rather than a questionnaire. This is initially identical to the self-certification questionnaire in terms of structure and general wording, but everything is phrased as a statement rather than a question. You can find there here:
https://github.com/OpenChain-Project/Reference-Material/blob/master/Self-Certification/Checklist/ISO5230-2020/en/OpenChain%20Self-Certification%20Checklist%202022-10-05.md

And now we have a call to action. Please help review the checklist and see what you think of the wording for each statement. Is it clear enough? Can you improve it? If you find bugs or opportunities for improvement, please open an issue or a pull request to help make self-certification to ISO/IEC 5230 easier than ever.

What we do will feed back into the primary website resources, and it will form the basis of new self-certification material for our Security Assurance Reference Specification.

Regards

Shane


Invitation: OpenChain Call to Action: MarkDown in the Reference Library @ Every 2 weeks from 10:30 to 11:30 on Wednesday from Wed Oct 5 to Wed Oct 5 (CEST) (main@lists.openchainproject.org)

 

OpenChain Call to Action: MarkDown in the Reference Library
Join from a PC, Mac, iPad, iPhone or Android device: Please click this URL to join. https://zoom.us/s/96800264122 Description: Hello Team, In this meeting, we would like collaborate with all the
 
Join from a PC, Mac, iPad, iPhone or Android device:
Please click this URL to join. https://zoom.us/s/96800264122
Description: Hello Team,
In this meeting, we would like collaborate with all the volunteers to work on an action item we picked during our previous education mini summit.
We decided to convert the OpenChain Project reference library content on GitHub into markdown, so that the documents could be used more efficiently by multiple other platforms programatically.
Looking forward to your participation and support.

Or One tap mobile:
+13092053325,,96800264122# US
+13126266799,,96800264122# US (Chicago)

Or join by phone:
Dial(for higher quality, dial a number based on your current location):
US: +1 309 205 3325 or +1 312 626 6799 or +1 346 248 7799 or +1 386 347 5053 or +1 564 217 2000 or +1 646 558 8656 or +1 646 931 3860 or +1 669 444 9171 or +1 669 900 6833 or +1 719 359 4580 or +1 253 215 8782 or +1 301 715 8592 or 855 880 1246 (Toll Free) or 877 369 0926 (Toll Free)
Canada: +1 778 907 2071 or +1 780 666 0144 or +1 204 272 7920 or +1 438 809 7799 or +1 587 328 1099 or +1 647 374 4685 or +1 647 558 0588 or 855 703 8985 (Toll Free)
Webinar ID: 968 0026 4122
International numbers available: https://zoom.us/u/actIVBlqB5

When

Every 2 weeks from 10:30 to 11:30 on Wednesday from Wednesday Oct 5 to Wednesday Oct 5 (Central European Time - Paris)

Location

https://zoom.us/s/96800264122
View map
RSVP for main@... for all events in this series

Invitation from Google Calendar

You are receiving this email because you are an attendee on the event. To stop receiving future updates for this event, decline this event.

Forwarding this invitation could allow any recipient to send a response to the organizer, be added to the guest list, invite others regardless of their own invitation status, or modify your RSVP. Learn more


OpenChain website FAQ - Moved to Markdown and ready for editing

 

One of the outcomes of our monthly community call today…

https://github.com/OpenChain-Project/Reference-Material/blob/master/FAQ/1.0/en/faq.md

Nathan, it’s not in as bad shape as I thought it might be, so it seems we can quickly get it back to a directly useful resource. I am going to do a serious edit sweep tomorrow.


The OpenChain Security Assurance Specification 1.1 Now Available

 

After a review cycle with ISO/IEC WG/SC27 the OpenChain Security Assurance Specification 1.1 is now available.

The OpenChain Security Assurance Specification 1.1 is being prepared by the Joint Development Foundation for submission to ISO/IEC JTC-1 via the PAS Transposition Process. We expect the specification to graduate as an ISO/IEC International Standard in mid-2023. Meanwhile, it is ready for market adoption as a de facto industry standard.

Learn more:
https://www.openchainproject.org/news/2022/10/04/the-openchain-security-assurance-specification-1-1-now-available

Check out the specification in multiple formats on GitHub:
https://github.com/OpenChain-Project/Security-Assurance-Specification/tree/main/Security-Assurance-Specification/1.1/en


OpenChain Security Assurance Spec – WG-SC27 Comment Review Calls – Recordings

 

We recently held two calls to review feedback from ISO/IEC WG/SC27 on our recently completed OpenChain Security Assurance Specification. These calls provided feedback ahead of our formal submission into the JTC-1 PAS Transposition Process. At the link and after the video you will find the full guidance provided to our community during this review process. The end result can be found in the OpenChain Security Assurance Specification 1.1, which has now been handed over to Joint Development Foundation (JDF) for entry into the JTC-1 PAS Transposition Process during October.
https://www.openchainproject.org/news/2022/10/04/security-assurance-sc27-review-calls


Small Company Playbook Now Available

 

Huge thanks to Balakrishna, Martin, Jari and others for helping make this happen!

==

The OpenChain Project is delighted to announce the launch of our latest playbook. Focused on small companies, and created by the Education Work Group over the summer, this playbook helps you to contextualize the tasks involved with OpenChain ISO/IEC 5230 adoption. It is short, simple and directly relevant to things like:

• Getting management support
• Creating realistic policy and processes
• Operating an open source program office (OSPO) with low resources
• Ensuring you have the key requirements of a quality license compliance program

While targeted towards small companies, the concepts used in this document are useful for medium and large companies as well. This of this as a “minimum viable product” when it comes to considering compliance programs and open source program offices.

As with all our reference material, this playbook is available free of charge and under CC-0 licensing (effectively public domain). It is currently published as a PDF, Word Document and in Open Document Format. More formats will be coming in the future.

Get the playbook here:
https://www.openchainproject.org/featured/2022/10/04/small-company-playbook-v1


REMINDER: OpenChain Monthly Community Call - 09:00 PST (16:00 UTC) on 1st Tuesday (Tomorrow)

 

Dear all

Tomorrow we have our Monthly Community Call.

We will be:

Looking at the new security specification and covering its ISO/IEC submission

Working on Our Path to Conformance

Reviewing our FAQ

And more…

Full Agenda
1. Introductions
2. Specification (process standards) news
3. SBOM news
4. OSPO news
5. Automation news
6. Community feedback and comments - issues for standards and core supporting material
7. Community feedback and comments - issues for reference and supporting material
8. Community feedback and comments - issues to support other projects
9. Any other business
10. Close of meeting

This meeting is held in the OpenChain Project Zoom room:
https://zoom.us/j/4377592799

Check your timezone:
PDT United States Pacific UTC-07:00
UTC Coordinated Universal Time UTC
CET Central European Time UTC+01:00
IST India Standard Time UTC+05:30
CST China Standard Time UTC+08:00
KST Korea Standard Time UTC+09:00
JST Japan Standard Time UTC+09:00

Compare timezones:
https://www.worldtimebuddy.com

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan


Updating our Path to Conformance - Next regular monthly call - 2022-10-04 @ 16:00 UTC

 

Our regular monthly community call takes place tomorrow (October 4th) at 16:00 UTC.

One item I would like to cover is a live edit of our Path to Conformance page:
https://www.openchainproject.org/get-started/conformance/path

The website has been getting a huge refresh with the new Security Assurance Spec release, and the Path to Conformance has some specific feedback from community members about improvements possible.

Regards

Shane


Education Work Team - Time to refresh our FAQ

 

Hey everyone!

It is time to refresh our FAQ. We definitely need to add some stuff for the Security Assurance Specification.

The OpenChain regular monthly call is tomorrow at 18:00 UTC. Shall we do our editing then?
https://www.openchainproject.org/resources/faq

Regards

Shane


OpenChain Reference Tooling Work Group - Regular First and Third Wednesday Meetings Announced

 

Dear all

In coordination with Jan, we are returning to our regular schedule for the OpenChain Reference Tooling Work Group meetings.

About:
The OpenChain Reference Tooling Work Group holds meetings on a bi-weekly schedule. These are designed to allow anyone with an interest in open source tooling for open source compliance to learn more, share ideas, and contribute knowledge. All levels of experience are welcome.

First Wednesday: 08:00 UTC
Third Wednesday: 16:00 UTC

At the scheduled time click to join the voice, video or screen sharing session:
https://conf.fsfe.org/b/compliance-tooling
Access Code: 199143

Calendar invites were sent to these lists as well :)

Regards

Shane


Invitation: OpenChain Reference Tooling Work Group - Third Wednesday ... @ Monthly from 16:00 to 17:00 on the third Wednesday (CEST) (main@lists.openchainproject.org)

 

OpenChain Reference Tooling Work Group - Third Wednesday Meeting
The OpenChain Reference Tooling Work Group holds meetings on a bi-weekly schedule. These are designed to allow anyone with an interest in open source tooling for open source compliance to learn more,
 
The OpenChain Reference Tooling Work Group holds meetings on a bi-weekly schedule. These are designed to allow anyone with an interest in open source tooling for open source compliance to learn more, share ideas, and contribute knowledge. All levels of experience are welcome.

At the scheduled time click to join the voice, video or screen sharing session:  
https://conf.fsfe.org/b/compliance-tooling
Access Code: 199143

When

Monthly from 16:00 to 17:00 on the third Wednesday (Central European Time - Paris)

Location

https://conf.fsfe.org/b/compliance-tooling
View map
RSVP for main@... for all events in this series

Invitation from Google Calendar

You are receiving this email because you are an attendee on the event. To stop receiving future updates for this event, decline this event.

Forwarding this invitation could allow any recipient to send a response to the organizer, be added to the guest list, invite others regardless of their own invitation status, or modify your RSVP. Learn more


Invitation: OpenChain Reference Tooling Work Group - First Monday Mee... @ Monthly from 10:00 to 11:00 on the first Wednesday (CEST) (main@lists.openchainproject.org)

 

OpenChain Reference Tooling Work Group - First Monday Meeting
The OpenChain Reference Tooling Work Group holds meetings on a bi-weekly schedule. These are designed to allow anyone with an interest in open source tooling for open source compliance to learn more,
 
The OpenChain Reference Tooling Work Group holds meetings on a bi-weekly schedule. These are designed to allow anyone with an interest in open source tooling for open source compliance to learn more, share ideas, and contribute knowledge. All levels of experience are welcome.

At the scheduled time click to join the voice, video or screen sharing session:  
https://conf.fsfe.org/b/compliance-tooling
Access Code: 199143

When

Monthly from 10:00 to 11:00 on the first Wednesday (Central European Time - Paris)

Location

https://conf.fsfe.org/b/compliance-tooling
View map
RSVP for main@... for all events in this series

Invitation from Google Calendar

You are receiving this email because you are an attendee on the event. To stop receiving future updates for this event, decline this event.

Forwarding this invitation could allow any recipient to send a response to the organizer, be added to the guest list, invite others regardless of their own invitation status, or modify your RSVP. Learn more