Tomorrow there is a special meeting (on our regular schedule) of the tooling work group. Please dial in at 09:00 CET on Wednesday the 1st of March. This will be a strategy meeting about what we can and will do for the rest of the year. Jan will host alongside Philippe and Oliver (time permitting).
Jan: Maybe it would be an idea to focus a bit on the actual use of tools and the "how" on getting to use them properly. For example, meanwhile many tools are capable of producing an SBOM. But are they comparable? Will I get the same results from different tools? What actually is required to identify a package correctly? Purl? Repo-URL? How could we verify, what we are consuming? Who, If not the automation group, would be able to provide sound answers to such questions?
It suggests the development of three things starting with our third Wednesday meeting in March: • Slides or other material to set context for automation (OpenChain has some slides to help understand individual tooling options, but they are outdated. We have the landscape, but we need to integrate it with tooling options) • Case studies to dig deeper into each tool • Metrics to help people choose between tools once they understand their requirements and the options on the market
Shane’s note: None of this makes sense in isolation. It needs to be tied together with one simple, big item: why do we need tooling in the first place? The answer is “to understand what we are dealing with at scale.” This suggests that tooling is inextricably linked with SBOMs, and that whatever we do when talking about the above should be linked into SBOM strategy (White House, NISA, CISA, etc), implementation (SPDX, Cyclone_DX) and the challenges in that domain (practical implementation in tooling). That may be our filter to shape all of the above.
The OpenChain Community Calendar has been revamped to make it much easier to find and attend our events. The new calendar view is in list format and is now present on both our landing page and our participation page.
The next OpenChain Germany Work Group meeting will be held online on Thursday 30 March 2023, from 09:00 to 11:00 CET. The meeting will be held under Chatham House conditions to ensure frank discussion. Big thanks to PwC for arranging and hosting us once again.
The preliminary agenda of the next online meeting is as follows:
Global compliance market briefing (OpenChain)
German market insights (PwC/all)
Case study 1 – security market briefing
Case study 2 – state of tooling in open-source automation
Report on the SBOM situation
Join us for the opportunity to share knowledge, take part in frank discussion and network with German players in the Open Source world. To register for this event, please click “Registration” in the menu above
Registration is open until 29 March 2023. We’ll send you an email with further information as soon as you’ve registered for the event, followed by your login details at a later date.
The 17th meeting of the OpenChain Korea Work Group takes place on March 28, 2023 at Line Plus between 14:00 and 16:00 KST. Everyone is invited (as usual).
Details
Schedule: 2023-03-28 (Tue) 2pm – 4pm
Venue: Line Plus (Seohyeon 1-dong, Bundang-gu, Seongnam-si, Gyeonggi-do)
The next OpenChain UK Work Group meeting will be kindly hosted by the BBC at their Salford studios in Media City on the 28th of March. Thank you to David Buckhurst and Tom Sadler at the BBC for arranging this. For those staying overnight, there is a tentative plan to gather for a meal in the evening.
The OpenChain Export Control Work Group will hold its third meeting on the 7th of March at 08:00 UTC. The focus will be on reviewing the new volunteer project being set up at https://github.com/crypto-law-survey to help explore the continuation of Bert’s work on http://www.cryptolaw.org/ as a general community resource.
OpenChain Japan – OSPO Local Meetups in collaboration with TODO Group will take place between 15:00 and 16:00 on 2023-03-10 and 2023-03-24. Join via Zoom to learn more about activities in this area.
参加申込:不要 参加条件:独禁法、LF行動規範、および、チャタムハウスルールに従うこと ( No application for participation required, Participation required to follow an Antitrust Law, LF Code of Conduct, and Chatham House rules. )
議題 (Agenda):
OSPO ローカル ミートアップは、日本のオープン ソース プログラム オフィスの状況について話し合い、組織内でのオープン ソース戦略の採用を促進します。 TODO GroupとOpenChain Japan WPによるサポート。
OSPO Local Meetup to discuss the status of Open Source Program offices in Japan, and foster the adoption of an open source strategy within organizations. Supported by TODO Group and OpenChain Japan Working Group.
The next OpenChain Webinar will feature a FOSDEM recap by Philippe Ombredanne of NexB for everyone who did not attend the event in Belgium at the start of 2023. The webinar will take place between 10:00 and 11:00 UTC (11:00 CET - 12:00 CET) on the 6th of March 2023.
This call is open to every individual and company regardless of their membership of Linux Foundation or the OpenChain Project.
Check your timezone: PDT United States Pacific UTC-07:00 UTC Coordinated Universal Time UTC CET Central European Time UTC+01:00 IST India Standard Time UTC+05:30 CST China Standard Time UTC+08:00 KST Korea Standard Time UTC+09:00 JST Japan Standard Time UTC+09:00
Join via one tap mobile: +86 10 8783 3177,,4377592799# Mainland China +33 1 8699 5831,,4377592799# France +49 69 7104 9922,,4377592799# Germany +81 524 564 439,,4377592799# Japan +82 2 3143 9612,,4377592799# Korea +91 80 71 279 440,,4377592799# India +886 (2) 7741 7473,,4377592799# Taiwan +44 330 088 5830,,4377592799# UK +13017158592,,4377592799# USA
The first face-to-face OpenChain Japan Work Group meeting in three years was hosted by Hitachi Solutions and featured our usual exceptional schedule of case studies and discussion. Big thank you to Ayumi and team for providing a great place to bring the community together. You can check out all the main sections of the meeting in our recording (English and Japanese): https://www.openchainproject.org/news/2023/02/27/japan-wg-26
The next OpenChain Webinar will feature a FOSDEM recap by Philippe Ombredanne of NexB for everyone who did not attend the event in Belgium at the start of 2023.
This webinar will be held in the OpenC
The next OpenChain Webinar will feature a FOSDEM recap by Philippe Ombredanne of NexB for everyone who did not attend the event in Belgium at the start of 2023.
You are receiving this email because you are an attendee on the event. To stop receiving future updates for this event, decline this event.
Forwarding this invitation could allow any recipient to send a response to the organizer, be added to the guest list, invite others regardless of their own invitation status, or modify your RSVP. Learn more
The OpenChain Project was invited by Max at Alibaba to present at the OpenAnolis Standardization SIG Meeting on the 25th of February event held between 15:00 ~ 18:00 CST. The focus was on explaining the current OpenChain specifications for open source license compliance and security assurance, and how the OpenChain community supports organizations of all sizes engaging with the open source supply chain.
Overview
The Anolis OS Standardization SIG and Anolis OS ecological partners jointly develop the Anolis OS standard. The Anolis OS standard is used to ensure the compatibility and consistency of Anolis OS in the upstream and downstream of the industry chain.
The OpenChain Reference Library has been significantly updated to improve navigation. This is an administrative item that was pending for a while. Its completion should make it possible (and easy!) for anyone to access our library and find material. It should also make it a lot easier for our Education Work Group to assess and improve or expand existing material.
This new structure is designed to overcome discoverability issues with the previous repository and to make it easier for continual improvement both of individual documents and for the navigation of the repository as a whole. This means that your feedback, suggestions and help are most welcome. You can leave feedback and ideas for improvement as GitHub issues or via our Education Work Group mailing list.
Mary from Microsoft flagged that there are some issues with the LFC 193 and LFC 194 courses (typos, logic in the quiz, a potential clarification needed to ensure we are not giving legal advice at one point).
Let’s put emphasis on addressing these concerns ASAP, both for the English course, and to help our translators.
From Flavia at LF Training:
In terms of content updates, they should be made directly in the source documents hosted on the T&C drive, using Suggest mode, so we can easily identify these changes and add them to the elearning courses:
ISO/IEC 5230 (known as OpenChain) is an international standard on the key requirements for a high-quality open source license compliance program. The standard was published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) in late 2020. The standard is based on the Linux Foundation OpenChain Specification 2.1. It focuses on software supply chains, easier procurement and license compliance. Organizations that meet the requirements of the standard can self-certify to ISO/IEC 17021, from an accredited certification body or after successfully completing an audit.
We would love your help in reviewing and improving this new resource to help spread understanding of our standard for open source license compliance, and expanding our presence over time to include the OpenChain Security Assurance Specification. You can do so through the normal Wikipedia editing process. Here is an example for the English page.
Huge thanks to Marc-Etienne Vargenau at Nokia for leading this process. He put a lot of effort into making this happen, and is due great credit for helping to improve the supply chain through easily available educational material.
On Feb 20, 2023, at 19:39, Marc-Etienne Vargenau (Nokia) <marc-etienne.vargenau@...> wrote:
Hi, I have the pleasure to inform you that the OpenChain article has been published in the English Wikipedia. https://en.wikipedia.org/wiki/User_talk:Vargenau#Your_submission_at_Articles_for_creation:_ISO/IEC_5230_has_been_accepted The article: https://en.wikipedia.org/wiki/ISO/IEC_5230 French version: https://fr.wikipedia.org/wiki/OpenChain German version: https://de.wikipedia.org/wiki/ISO/IEC_5230 Feel free to improve the article or translate to other languages. Best regards, Marc-Etienne From: Shane Coughlan <scoughlan@...> Sent: Tuesday, December 13, 2022 1:52 AM To: OpenChain Main <main@...> Cc: OpenChain Education <education@...>; Marc-Etienne Vargenau (Nokia) <marc-etienne.vargenau@...> Subject: Re: [openchain] OpenChain article in Wikipedia Everyone, to help with the creation process I am flagging the text Marc-Etienne has prepared below. The link for editing on Wikipedia is: https://en.wikipedia.org/wiki/Draft:ISO/IEC_5230 == The proposed text for our Wikipedia article for ISO/IEC 5230 == ISO/IEC 5230 is an international standard on the key requirements for a high-quality open source license compliance program. The standard was published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) in late 2020. The standard is based on the Linux Foundation OpenChain Specification 2.1. It focuses on software supply chains, easier procurement and license compliance. Organizations that meet the requirements of the standard can self-certify to ISO/IEC 17021, from an accredited certification body or after successfully completing an audit. Contents • 1How the standard works • 2Certification • 3Dissemination • 4External links • 5Source • 6References
How the standard works[edit] Most organizations and software products rely on numerous open source components made by third parties, such as frameworks, libraries and containers, coming from diverse and often unaffiliated sources. This is akin to a supply chain in a brick-and-mortar environment and making sure the supply chain is as reliable as possible is considered important from an operational, legal and security standpoint. Upon this premise, a number of players have decided to establish the ground rules for an organization to deal with open source software at whichever level of the supply chain they operate. A working group under the umbrella of the Linux Foundation, the OpenChain project. Later, when reaching the 2.0 version, the norms were presented for approval as an ISO/IEC standard. According to the standard, in order to use open source components effectively, organization must be aware of and comply with all the components involved, the associated open source licenses, and obligations such as copyleft. ISO/IEC 5230 aims to establish a non-prescriptive common understanding of what needs to be addressed within a quality open source compliance program. This makes ISO/IEC 5230 applicable across many industries and organizations and provides benefits to procurement and software supply chains, as open source software tends to be very cumbersome in legal contracts and procurement. The main topics covered by ISO/IEC 5230 and OpenChain-2.1 are: · Existence of an open source policy · Competencies of program participants (e.g., legal training for specific tasks). · Awareness of open source risks among all program participants · A clearly defined scope, e.g. only specified areas and product lines · Understand and collect licensing obligations for relevant use cases. · Access for external open source requests (e.g. to the OSS authors). · Compliance offices equipped with sufficient resources · Generate a Bill of Material · License compliance process (e.g., documents meeting obligations) · Archiving and provision of compliance artifacts · A guideline for community engagement and contributions ISO/IEC 5230 does not define how exactly most of the tasks are to be performed, such as whether snippet scanning, revalidation of declared open source licenses is required, and what the compliance artifacts should look like. However, it should be noted that SPDX is now an ISO standard (ISO/IEC 5962) and is mentioned in ISO/IEC 5230 as an example of compliance artifacts. Certification[edit] A high-quality open source compliance program can be certified as compliant with ISO/IEC 5230 by a number of accredited registrars worldwide. In some countries, the bodies that verify the conformity of management systems to certain standards are referred to as "certification bodies", while in others they are usually referred to as "registration bodies", "assessment and registration bodies", "certification/registration bodies" and sometimes "registrars". ISO/IEC 5230 certification, like other ISO management system certifications, typically involves a three-step external audit process defined in ISO/IEC 17021: · Stage 1 is a preliminary, informal review of the open source compliance program, verifying, for example, the existence and completeness of key documents such as the organization's open source policy, clearing process, and staffing. This phase serves to familiarize the auditors with the organization and vice versa. · Stage 2 is a more detailed and formal compliance audit, where the open source compliance program is independently audited against the requirements set out in ISO/IEC 5230. Auditors look for evidence to confirm that the management system has been properly designed and implemented and is actually in operation. Certification audits are usually performed by ISO/IEC 5230 lead auditors. Passing this phase results in the open source quality program being certified as compliant with ISO/IEC 5230. Continuous means that follow-up reviews or audits are conducted to confirm that the organization continues to be compliant with the standard. Maintenance of certification requires periodic re-audits to confirm that the quality open source compliance program continues to function as specified and intended. These should occur at least annually, but are often conducted more frequently (in consultation with management), especially while the Quality Open Source Compliance Program is still under development. Additionally, ISO/IEC 5230 is functionally identical to OpenChain 2.1, which enables free self-certification via the project's web app. Dissemination[edit] On October 19, 2020, the Eclipse Foundation announced that it is the first open source foundation to be certified to ISO/IEC 5230[1]. Several companies, including SAP, Toshiba, Samsung Electronics and LG Electronics have publicly announced their conformance to OpenChain. External links[edit] · ISO/IEC 5230:2020-12 Information technology - OpenChain specification · OpenChain official website · OpenChain official translations · OpenChain Self Certification · Shane Coughlan: A Recap of the OpenChain Project. · OpenChain project on GitHub Source[edit] Fist version of this article was translated from the article on German Wikipedia. References[edit] 1. ^ Möbus, Maika (2021-10-20). "Open Source: Eclipse Foundation erreicht OpenChain-Konformität". Heise online. Retrieved 2022-11-24.
On Nov 24, 2022, at 18:17, Vargenau, Marc-Etienne (Nokia - FR/Paris-Saclay) <marc-etienne.vargenau@...> wrote:
Hi, I have created the article, but it has been moved to the Draft area: https://en.wikipedia.org/wiki/Draft:ISO/IEC_5230 We need to do some improvement (adding references) before it is published. I will do my best to have it approved. Best regards, Marc-Etienne From: Shane Coughlan <scoughlan@...> Sent: Thursday, November 24, 2022 6:38 AM To: main@... Cc: Marc-Etienne Vargenau (Nokia) <marc-etienne.vargenau@...>; OpenChain Education <education@...> Subject: Re: [openchain] OpenChain article in Wikipedia Hi Stefan I think it would be super useful, especially because the OpenChain Project is now producing two standards. Um… team everyone. How about we edit via this email thread? Shane Shane Coughlan OpenChain General Manager +818040358083 Book a meeting: https://meetings.hubspot.com/scoughlan
On Nov 22, 2022, at 19:21, Stefan Thanheiser <stefan.thanheiser@...> wrote: Hi all, it seems as the German Wikipedia has a different treatment of the terms of “OpenChain” and “ISO/IEC 5230”. <image001.png> The German Wikipedia will forward you to the “ISO/IEC 5230” page when searching for “OpenChain”… …in the English, French, Spanish and Italiian Wikipedia, it’s just the other way round. So there actually is information on the Wikipedia pages – but under different headlines. Would it be an idea to create two separate articles for “OpenChain” and “ISO/IEC 5230”? At least it might be good to have a uniform treatment of the search terms in the different language versions… Regards, Stefan Stefan Thanheiser Atruvia AG --- Servicefeld Qualität IT-Sicherheit Einkauf, Tribe Einkauf, Chapter Software Asset & Lizenzmanagement --- Telefon +49 721 4004-1860 Mobil +49 170 3304133 E-Mail stefan.thanheiser@...
Atruvia AG | www.atruvia.de AG Frankfurt a. M. HRB 102381 | Sitz der Gesellschaft: Frankfurt a. M. | USt-IdNr. DE 143582320 Vorstand: Martin Beyer (Vorstandssprecher), Ulrich Coenen (Vorstandssprecher), Daniela Bücker, Birgit Frohnhoff, Jörg Staff, Ralf Teufel Vorsitzender des Aufsichtsrats: Jürgen Brinkmann Von: main@... <main@...> Im Auftrag von Vargenau, Marc-Etienne (Nokia - FR/Paris-Saclay) Gesendet: Dienstag, 22. November 2022 16:16 An: main@... Cc: Marc-Etienne Vargenau (Nokia) <marc-etienne.vargenau@...> Betreff: [openchain] OpenChain article in Wikipedia Hi, There is an article about OpenChain in the German Wikipedia: https://de.wikipedia.org/wiki/ISO/IEC_5230 but in no other language. I consider it would be good to have an article at least in English. What do you think? Best regards, Marc-Etienne -- Marc-Etienne Vargenau marc-etienne.vargenau@... Nokia, Route de Villejust, 91620 NOZAY, FRANCE Mobile: +33 6 24 49 78 68 Senior Specialist Open Source Planned absence: none
Because Oliver is away on business, we cancelled the third Wednesday meeting this month, and will resume the normal schedule (first and third Wednesday) next month.
We do need to ensure that the meetings are chaired and will have an agenda. I plan to coordinate direct with Oliver next week on this topic, and I also welcome ideas and suggestions from everyone else too.
There is great value in our tooling work and education, so let’s make sure to continue developing this resource.
On Feb 22, 2023, at 17:31, Kurzmann Marcel (BD/PDL23) via lists.openchainproject.org <Marcel.Kurzmann=bosch.com@...> wrote:
Hi all, I am now completely confused and it seems my calendar totally messed up with all the OpenChain meetings and meeting changes. Can you please confirm all that the next meeting will be on the 1st of march as it is shown in the OpenChain global calendar: https://www.openchainproject.org/participate If yes, can you please furthermore confirm that in future we will always meet the 1st and 3rd Wednesday of a month. I hope to be able to stabilize my calendar and be able to participate again in future, as it feels for me that I missed several meetings.
Furthermore I want to announce that we plan a ORT (User) community meeting in march - see: https://github.com/oss-review-toolkit/ort/issues/6464 (by the doodle it looks like it will be the 15.3. ; it will be in Berlin)
Sitz: Berlin, Registergericht: Amtsgericht Charlottenburg; HRB 148411 B Aufsichtsratsvorsitzender: Stefan Koss; Geschäftsführung: Dr. Andreas Nauerz, Stephan Lampel
-----Ursprüngliche Nachricht----- Von: oss-based-compliance-tooling@groups.io <oss-based-compliance-tooling@groups.io> Im Auftrag von Shane Coughlan via groups.io Gesendet: Mittwoch, 15. Februar 2023 16:07 An: OpenChain Tooling <oss-based-compliance-tooling@groups.io> Cc: smcilroy@...; sschuberth@...; jacobdjwilson@...; heliocastro@...; OpenChain Main <main@...>; balakrishna1838@...; dirkriehle@...; stephen.kilbane@... Betreff: Re: [oss-based-compliance-tooling] OpenChain Reference Tooling Work Group - Third Wednesday Meeting
Thanks Oliver. Noted.
Let’s swing back next month with our tooling meetings.
Shane
On Feb 14, 2023, at 23:43, Oliver Fendt <oliver.fendt@...> wrote:
Hi all,
I would be happy to moderate the meeting, but unfortunately I am on a business trip Probably the best will be to skip the meeting, or any other member will moderate it. Ciao Oliver
-----Original Message----- From: oss-based-compliance-tooling@groups.io <oss-based-compliance-tooling@groups.io> On Behalf Of Jan Thielscher via groups.io Sent: Dienstag, 14. Februar 2023 22:53 To: oss-based-compliance-tooling@groups.io; smcilroy@...; sschuberth@...; jacobdjwilson@...; heliocastro@...; main@...; balakrishna1838@...; dirkriehle@...; stephen.kilbane@... Subject: Re: [oss-based-compliance-tooling] OpenChain Reference Tooling Work Group - Third Wednesday Meeting
Hi Shane, would be happy to join, but unfortunately I am not available that time. Maybe Oliver could jump in?
Seems to follow the former schedule again? Since it recently moved to Tuesday I must admit, I completely lost track…
Gesendet von Outlook für iOS<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2F aka.ms%2Fo0ukef&data=05%7C01%7CMarcel.Kurzmann%40bosch.io%7Ce9aa836eac 074697c00108db0f6663a7%7C0ae51e1907c84e4bbb6d648ee58410f4%7C0%7C0%7C63 8120704649622000%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV 2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=PNbDjmbdCo r%2Bu88yv%2Fsk7mHGo5Kc4MKs4Y6BO%2FaYYPg%3D&reserved=0> ________________________________ Von: oss-based-compliance-tooling@groups.io <oss-based-compliance-tooling@groups.io> im Auftrag von Shane Coughlan via groups.io <scoughlan@...> Gesendet: Tuesday, February 14, 2023 10:27:57 PM An: smcilroy@... <smcilroy@...>; sschuberth@... <sschuberth@...>; jacobdjwilson@... <jacobdjwilson@...>; heliocastro@... <heliocastro@...>; main@... <main@...>; balakrishna1838@... <balakrishna1838@...>; dirkriehle@... <dirkriehle@...>; stephen.kilbane@... <stephen.kilbane@...>; oss-based-compliance-tooling@groups.io <oss-based-compliance-tooling@groups.io> Betreff: [oss-based-compliance-tooling] OpenChain Reference Tooling Work Group - Third Wednesday Meeting
Hi All!
Due to a U.S. legal summit I will be unable to attend this call.
I wanted to check if Oliver, Jan or someone else wants to chair and if there is general interest in proceeding, or we should defer until next month?
Shane
OpenChain Reference Tooling Work Group - Third Wednesday Meeting Scheduled: Feb 15, 2023 14:00 to 15:00, GMT Location: https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fconf .fsfe.org%2Fb%2Fcompliance-tooling&data=05%7C01%7CMarcel.Kurzmann%40bo sch.io%7Ce9aa836eac074697c00108db0f6663a7%7C0ae51e1907c84e4bbb6d648ee5 8410f4%7C0%7C0%7C638120704649622000%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC 4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C% 7C&sdata=GVuIbAse0dONBdVX0%2FAdpdLLllZ48VwRx%2BVGXdPFQ2k%3D&reserved=0 Invitees: OpenChain Global Calendar, smcilroy@..., sschuberth@..., jacobdjwilson@..., heliocastro@..., main@..., balakrishna1838@..., dirkriehle@..., stephen.kilbane@..., oss-based-compliance-tooling@groups.io
Shane Coughlan OpenChain General Manager +818040358083 Book a meeting: https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmeet ings.hubspot.com%2Fscoughlan&data=05%7C01%7CMarcel.Kurzmann%40bosch.io %7Ce9aa836eac074697c00108db0f6663a7%7C0ae51e1907c84e4bbb6d648ee58410f4 %7C0%7C0%7C638120704649622000%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAw MDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sda ta=31Ix54gDKeiPxm%2BdNVTg6xhsSSXlKaBM9hWS56ZTGFU%3D&reserved=0
Hi all, I am now completely confused and it seems my calendar totally messed up with all the OpenChain meetings and meeting changes. Can you please confirm all that the next meeting will be on the 1st of march as it is shown in the OpenChain global calendar: https://www.openchainproject.org/participate If yes, can you please furthermore confirm that in future we will always meet the 1st and 3rd Wednesday of a month. I hope to be able to stabilize my calendar and be able to participate again in future, as it feels for me that I missed several meetings.
Furthermore I want to announce that we plan a ORT (User) community meeting in march - see: https://github.com/oss-review-toolkit/ort/issues/6464 (by the doodle it looks like it will be the 15.3. ; it will be in Berlin)
Sitz: Berlin, Registergericht: Amtsgericht Charlottenburg; HRB 148411 B Aufsichtsratsvorsitzender: Stefan Koss; Geschäftsführung: Dr. Andreas Nauerz, Stephan Lampel
-----Ursprüngliche Nachricht----- Von: oss-based-compliance-tooling@groups.io <oss-based-compliance-tooling@groups.io> Im Auftrag von Shane Coughlan via groups.io Gesendet: Mittwoch, 15. Februar 2023 16:07 An: OpenChain Tooling <oss-based-compliance-tooling@groups.io> Cc: smcilroy@...; sschuberth@...; jacobdjwilson@...; heliocastro@...; OpenChain Main <main@...>; balakrishna1838@...; dirkriehle@...; stephen.kilbane@... Betreff: Re: [oss-based-compliance-tooling] OpenChain Reference Tooling Work Group - Third Wednesday Meeting
Thanks Oliver. Noted.
Let’s swing back next month with our tooling meetings.
On Feb 14, 2023, at 23:43, Oliver Fendt <oliver.fendt@...> wrote:
Hi all,
I would be happy to moderate the meeting, but unfortunately I am on a business trip Probably the best will be to skip the meeting, or any other member will moderate it. Ciao Oliver
-----Original Message----- From: oss-based-compliance-tooling@groups.io <oss-based-compliance-tooling@groups.io> On Behalf Of Jan Thielscher via groups.io Sent: Dienstag, 14. Februar 2023 22:53 To: oss-based-compliance-tooling@groups.io; smcilroy@...; sschuberth@...; jacobdjwilson@...; heliocastro@...; main@...; balakrishna1838@...; dirkriehle@...; stephen.kilbane@... Subject: Re: [oss-based-compliance-tooling] OpenChain Reference Tooling Work Group - Third Wednesday Meeting
Hi Shane, would be happy to join, but unfortunately I am not available that time. Maybe Oliver could jump in?
Seems to follow the former schedule again? Since it recently moved to Tuesday I must admit, I completely lost track…
Gesendet von Outlook für iOS<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2F aka.ms%2Fo0ukef&data=05%7C01%7CMarcel.Kurzmann%40bosch.io%7Ce9aa836eac 074697c00108db0f6663a7%7C0ae51e1907c84e4bbb6d648ee58410f4%7C0%7C0%7C63 8120704649622000%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV 2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=PNbDjmbdCo r%2Bu88yv%2Fsk7mHGo5Kc4MKs4Y6BO%2FaYYPg%3D&reserved=0> ________________________________ Von: oss-based-compliance-tooling@groups.io <oss-based-compliance-tooling@groups.io> im Auftrag von Shane Coughlan via groups.io <scoughlan@...> Gesendet: Tuesday, February 14, 2023 10:27:57 PM An: smcilroy@... <smcilroy@...>; sschuberth@... <sschuberth@...>; jacobdjwilson@... <jacobdjwilson@...>; heliocastro@... <heliocastro@...>; main@... <main@...>; balakrishna1838@... <balakrishna1838@...>; dirkriehle@... <dirkriehle@...>; stephen.kilbane@... <stephen.kilbane@...>; oss-based-compliance-tooling@groups.io <oss-based-compliance-tooling@groups.io> Betreff: [oss-based-compliance-tooling] OpenChain Reference Tooling Work Group - Third Wednesday Meeting
Hi All!
Due to a U.S. legal summit I will be unable to attend this call.
I wanted to check if Oliver, Jan or someone else wants to chair and if there is general interest in proceeding, or we should defer until next month?
Shane
OpenChain Reference Tooling Work Group - Third Wednesday Meeting Scheduled: Feb 15, 2023 14:00 to 15:00, GMT Location: https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fconf .fsfe.org%2Fb%2Fcompliance-tooling&data=05%7C01%7CMarcel.Kurzmann%40bo sch.io%7Ce9aa836eac074697c00108db0f6663a7%7C0ae51e1907c84e4bbb6d648ee5 8410f4%7C0%7C0%7C638120704649622000%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC 4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C% 7C&sdata=GVuIbAse0dONBdVX0%2FAdpdLLllZ48VwRx%2BVGXdPFQ2k%3D&reserved=0 Invitees: OpenChain Global Calendar, smcilroy@..., sschuberth@..., jacobdjwilson@..., heliocastro@..., main@..., balakrishna1838@..., dirkriehle@..., stephen.kilbane@..., oss-based-compliance-tooling@groups.io
Shane Coughlan OpenChain General Manager +818040358083 Book a meeting: https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmeet ings.hubspot.com%2Fscoughlan&data=05%7C01%7CMarcel.Kurzmann%40bosch.io %7Ce9aa836eac074697c00108db0f6663a7%7C0ae51e1907c84e4bbb6d648ee58410f4 %7C0%7C0%7C638120704649622000%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAw MDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sda ta=31Ix54gDKeiPxm%2BdNVTg6xhsSSXlKaBM9hWS56ZTGFU%3D&reserved=0
Invitation: OpenChain Monthly Community Call - 09:00 CST (01:00 UTC) ... @ Monthly from 10:00 to 11:00 on the third Tuesday (JST) (main@lists.openchainproject.org)
OpenChain Monthly Community Call - 09:00 CST (01:00 UTC) on 3rd Tuesday
This is the OpenChain Monthly Community Call - 09:00 CST (01:00 UTC) on 3rd Tuesday. It explains what the OpenChain Project community is doing around the world. You will find both global and indu
This is the OpenChain Monthly Community Call - 09:00 CST (01:00 UTC) on 3rd Tuesday. It explains what the OpenChain Project community is doing around the world. You will find both global and industry-specific discussions with a focus on summary or strategy. This is also where we edit our license compliance and security assurance standards.
This call is open to every individual and company regardless of their membership of Linux Foundation or the OpenChain Project.
Agenda
Introductions
Specification (our process standards) news
SBOM news
Security News
OSPO news
Automation news
Community feedback and comments - issues for standards and core supporting material
Community feedback and comments - issues for reference and supporting material
Check your timezone: PDT United States Pacific UTC-07:00 UTC Coordinated Universal Time UTC CET Central European Time UTC+01:00 IST India Standard Time UTC+05:30 CST China Standard Time UTC+08:00 KST Korea Standard Time UTC+09:00 JST Japan Standard Time UTC+09:00
Join via one tap mobile: +86 10 8783 3177,,4377592799# Mainland China +33 1 8699 5831,,4377592799# France +49 69 7104 9922,,4377592799# Germany +81 524 564 439,,4377592799# Japan +82 2 3143 9612,,4377592799# Korea +91 80 71 279 440,,4377592799# India +886 (2) 7741 7473,,4377592799# Taiwan +44 330 088 5830,,4377592799# UK +13017158592,,4377592799# USA
You are receiving this email because you are an attendee on the event. To stop receiving future updates for this event, decline this event.
Forwarding this invitation could allow any recipient to send a response to the organizer, be added to the guest list, invite others regardless of their own invitation status, or modify your RSVP. Learn more
