Date   

Open Source Policy Template – Now in Japanese

 

The OpenChain Open Source Policy Template helps apply the key requirements for a quality open source compliance program. It provides sample policy text that helps organisations select, classify, incorporate and publish open source code with a focus on legal compliance of open source.

This template has been available in English for several years thanks to the hard work of Andrew Katz, the teams at Moorcrofts and Orcro, and the broader OpenChain community. Now, thanks to Masahiko Hayashi and the team at NEC, this policy template is available in Japanese.

This is an excellent resource to help you conform to OpenChain ISO/IEC 5230:2020 or to simply improve your internal process management for open source.

Download the Japanese version here:
https://github.com/OpenChain-Project/Reference-Material/blob/master/Open-Source-Policy/Official/2.1/ja/Open-Source-Policy-Template-ja-OpenChain2.1-ISO5230-JA.docx

Download the English version here:
https://github.com/OpenChain-Project/Reference-Material/blob/master/Open-Source-Policy/Official/2.1/en/Open-Source-Policy-Template-en-OpenChain2.1-ISO5230.xlsx

Contribute to this work on GitHub:
https://github.com/OpenChain-Project/Reference-Material/tree/master/Open-Source-Policy/Official


Finalizing 'Implementing Open Source License Compliance Management (LFC194)"

 

The education team has done great work on preparing our second training course with certification for the LF Training team. The next meeting takes place in about two hours (10:30 UTC / 11:30 CET / 16:00 IST / 18:30 CST / 19:30 KST + JST).

This is the document we are reviewing. Helping to close some comments would be super useful:
https://1drv.ms/w/s!AsXJVqby5kpnkTXQO3MQSf3J1g98

You can join our meeting here:
https://zoom.us/j/4377592799


OpenChain Security Summit 2022 - Recording Now Available

 

You will find it here:

This event is highly recommended for both compliance and security teams. Why? Viewers will:
  • Learn About OpenSSF In The Current Landscape From Brian Behlendorf, General Manager Open Source Security Foundation
    • OpenSSF is committed to collaboration and working both upstream and with existing communities to advance open source security for all.
  • Learn About SPDX In The Current Landscape From Kate Stewart, VP, Dependable Embedded Systems At The Linux Foundation
    • SPDX is an open standard for communicating software bill of material information, including provenance, license, security, and other related information.
  • And Learn More About Industry Responses To Log4J With A Practical Case Study About How Things Unfolded “On The Ground”
You can expect to come away with a clear understanding of market conditions, how the Linux Foundation is addressing them, and where OpenChain fits into the picture. The goal – as always – is to ensure you have the information necessary to make informed, effective decisions around the open source supply chain.


Reminder: Our regular webinar today covers the Mulan license @ 06:00 UTC / 07:00 CET / 11:30 IST / 14:00 CST / 15:00 KST + JST

 

Reminder: Our regular webinar today covers the Mulan license @ 06:00 UTC / 07:00 CET / 11:30 IST / 14:00 CST / 15:00 KST + JST

Chengshuang Li, a standards engineer at CESI, will talk about the Mulan open source licenses.

The Mulan family marked a milestone in Asian localization of open source legal matters. It is not the first time a major political jurisdiction received a license to address regional considerations (the EUPL was created in part to satisfy procurement requirements in the EU), but it is the largest development in recent years.

I hope you can join us live:
https://zoom.us/j/4377592799

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan


REMINDER: The OpenChain Security Summit starts in half an hour (18:00 PST / 10:00 CST / 11:00 KST + JST)

 

The OpenChain Security Summit starts in half an hour (18:00 PST / 10:00 CST / 11:00 KST + JST). Learn about the processes and solutions available, and learn more about the real market experience of Log4J. Free to join. No registration. All welcome.
https://www.openchainproject.org/featured/2022/02/10/security-summit-2022


OpenChain Event In Beijing: CAICT Hosts 37 Companies

 

OpenChain Event In Beijing: CAICT Hosts 37 Companies

The China Academy of Information and Communications Technology (CAICT) hosted an OpenChain event today at their HQ in Beijing. Thirty-seven representatives from various companies attended in-person. As the world opens, the OpenChain community hopes to hold similar events across Asia, Europe and North America.

This event highlighted the recent Third-Party Certification by General Data Technology Co., Ltd., CETC Kingbase and PingCap while providing attendees with extensive information on OpenChain ISO/IEC 5230, conformance options, and support for conformance in the Chinese market.

Learn More:
https://www.openchainproject.org/news/2022/02/17/caict-hosts-37-companies


Re: HONOR Joins The Governing Board Of The OpenChain Project

JerryTan
 

Congratulations to OpenChain.

 

 

 

发件人: "main@..." <main@...> 代表 Shane Coughlan <scoughlan@...>
答复: "main@..." <main@...>
日期: 2022217 星期四 下午2:57
收件人: OpenChain Main <main@...>
抄送: OpenChain Japan <japan-wg@...>, OpenChain Korea <korea-wg@...>, OpenChain Taiwan <taiwan-wg@...>, OpenChain Germany <germany-wg@...>, OpenChain India <india-wg@...>, OpenChain UK <uk-wg@...>
主题: [openchain] HONOR Joins The Governing Board Of The OpenChain Project

 

HONOR, a leading global provider of smart devices, officially joined the OpenChain Project as a Platinum Member. HONOR will continue to devote efforts to help maintain OpenChain ISO/IEC 5230, the International Standard for open source license compliance.

Learn More:
https://www.openchainproject.org/news/2022/02/16/honor-membership

 


HONOR Joins The Governing Board Of The OpenChain Project

 

HONOR, a leading global provider of smart devices, officially joined the OpenChain Project as a Platinum Member. HONOR will continue to devote efforts to help maintain OpenChain ISO/IEC 5230, the International Standard for open source license compliance.

Learn More:
https://www.openchainproject.org/news/2022/02/16/honor-membership


Third-Party Certification in China – Three Entities Announce Today

 

Today marks a significant step forward for both the field of Third-Party Certification and the Chinese market in the context of OpenChain ISO/IEC 5230, the International Standard for open source license compliance. The China Academy of Information and Communications Technology (CAICT) has helped three companies establish OpenChain conformant programs scoped to cover one key product from each. This type of program is a common method of helping companies to "onboard" to broader programs over time.

Learn more:
https://www.openchainproject.org/featured/2022/02/16/third-party-certification-china


OpenChain Bi-Weekly Global Work Group Call 2022-01-15 - Recording now available

 

Check it out here:
https://www.openchainproject.org/news/2022/02/16/global-work-group-call-2022-01-15

We were working on the latest version of the Security Assurance Reference Guide. It is now available for review:
https://github.com/OpenChain-Project/SecurityAssuranceGuide/tree/main/Guide/2.0

This is version 2.0 Draft 3 2022-02-15. The document is in the editing phase. You can expect adjustments. And… you can leave issues! Just open one on GitHub to help us process the next revision of the document.


Re: IMPORTANT: OpenChain Security Summit 2022 – 17/18th February

 

Of course it will recorded 🙂 There will be an advantage to being live as you (and others) can jump in with questions, but the core of the event will be freely available afterwards.

I know this tile around we are strongly favoring North America / Asia with timezones. Of course we will alternate with events as always.

Regards

Shane 

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan

On Feb 15, 2022, at 23:26, Nicole Pappler <nicole.pappler@...> wrote:



Hi Shane,

shame on me, but I won't be able to make it this time - so sorry! I hope there will be a recording for me to catch up.

Cheers,

Nicole


Am 15.02.22 um 15:11 schrieb Shane Coughlan:
Heads up. If you do not have this in your schedule yet, it probably should be. Calendar invite attached.



On Feb 11, 2022, at 21:22, Shane Coughlan <scoughlan@...> wrote:


Earlier today you should have received calendar invitations (via this list) for our forthcoming OpenChain Security Summit 2022. This event (as always) is free to attend. It will be a pivotal event in showing where the industry is positioned and where OpenChain in this space. I highly recommend that you and your security teams attend. Sharing link:

OpenChain Security Summit 2022 – 17/18th February


Learn About OpenSSF In The Current Landscape From Brian Behlendorf, General Manager Open Source Security Foundation
OpenSSF is committed to collaboration and working both upstream and with existing communities to advance open source security for all.
Learn About SPDX In The Current Landscape From Kate Stewart, VP, Dependable Embedded Systems At The Linux Foundation
SPDX is an open standard for communicating software bill of material information, including provenance, license, security, and other related information.
And Learn More About Industry Responses To Log4J With Practical Cases Studies From User And Vendor Companies
The Security Summit will take place on February 17th 2022 at 17:00 PST / February 18th 2022 02:00 UTC / 10:00 CST / 11:00 JST. It will be hosted on Zoom and it will be free to attend. It will also be recorded. Join the event here:
You can expect to come away with a clear understanding of market conditions, how the Linux Foundation is addressing them, and where OpenChain fits into the picture. The goal – as always – is to ensure you have the information necessary to make informed, effective decisions around the open source supply chain.
We seek to build trust in the quality of programs used by you, your customers and your suppliers. We are proud to have taken significant strides in our field throughout 2021. We expect to push the boundaries of what is possible once again in 2022. You can learn more about what we are doing around security – including our reference assurance guide – here:

-- 
——————————————————————————————————————
Nicole Pappler
email: nicole.pappler@...
mobile: +49 15156078183

PAPPSTARpromotion GmbH
Nürnberger Str. 2
91717 Wassertrüdingen
Germany

Sitz der Gesellschaft: Wassertrüdingen Registergericht: Amtsgericht Ansbach, HRB 7127
Geschäftsführer: Prof. Dr. Andreas Bärwald
http://www.PAPPSTARpromotion.de


Security Assurance Reference Guide (Specification) 2.0 Draft 3 2022-02-15

 

Dear all

The latest version of the Security Assurance Reference Guide is now available for review:
https://github.com/OpenChain-Project/SecurityAssuranceGuide/tree/main/Guide/2.0
This is version 2.0 Draft 3 2022-02-15

The document is in the editing phase. You can expect adjustments. And… you can leave issues! Just open one on GitHub to help us process the next revision of the document.

Want to see how the current version was derived and why? Check out our most recent global bi-weekly work group call to get that context:
https://youtu.be/hNNqNS7ZuCA

Regards

Shane



Shane Coughlan
General Manager, OpenChain
e: scoughlan@...
p: +81 (0) 80 4035 8083
w: www.linuxfoundation.org

Schedule a call:
https://meetings.hubspot.com/scoughlan


Re: About the translation of Open-Source-Policy-Template

 

Yes please! This is amazing news. Once you have completed the pull request, I will publish :)

On Feb 16, 2022, at 17:13, HAYASHI MASAHIKO(林 正彦) <m.hayashi@...> wrote:

Hi Shane San

We have finished the internal review of the Japanese translation of the Open Policy Template,
and I will push it to the following and make a pullrequest, is that OK?
<https://github.com/OpenChain-Project/Reference-Material/tree/master/Open-Source-Policy/Official/2.1/> ja

Regards
Masahiko Hayashi


差出人: main@... <main@...> が HAYASHI MASAHIKO(林 正彦) <m.hayashi@...> の代理で送信
送信日時: 2022年1月25日 10:53
宛先: OpenChain Main <main@...>
件名: Re: [openchain] About the translation of Open-Source-Policy-Template

Hi Shane San

Thank you for the information.

We have now finished the translation and are reviewing it internally.
As soon as we finish the review, we will make a pull request below.
<https://github.com/OpenChain-Project/Reference-Material/tree/master/Open-Source-Policy/Official/2.1/> ja

Regards

Masahiko Hayashi


差出人: main@... <main@...> が Shane Coughlan <scoughlan@...> の代理で送信
送信日時: 2022年1月21日 11:30
宛先: OpenChain Main <main@...>
件名: Re: [openchain] About the translation of Open-Source-Policy-Template

Hi Hayashi San!

I am really glad to hear that you will help support the translation of the policy template document.

The basic way to start is super simple. Download the document here:
https://github.com/OpenChain-Project/Reference-Material/blob/master/Open-Source-Policy/Official/2.1/en/Open-Source-Policy-Template-en-OpenChain2.1-ISO5230.xlsx
And then submit the translation as a pull request (or just send it to this list).

Thank you very much in advance!

Regards

Shane

On Jan 20, 2022, at 19:56, HAYASHI MASAHIKO(林 正彦) <m.hayashi@...> wrote:

Shane-san, Andrew-san

I would like to translate "Open-Source-Policy-Template-en-OpenChain2.1-ISO5230.xlsx" in OpenChain Resource into Japanese and make a contribution. Please let me know how I can do this.







Re: About the translation of Open-Source-Policy-Template

MASAHIKO HAYASHI(林 正彦)
 

Hi Shane San


We have finished the internal review of the Japanese translation of the Open Policy Template, 

and I will push it to the following and make a pullrequest, is that OK?

<https://github.com/OpenChain-Project/Reference-Material/tree/master/Open-Source-Policy/Official/2.1/> ja

 

Regards

Masahiko Hayashi




差出人: main@... <main@...> が HAYASHI MASAHIKO(林 正彦) <m.hayashi@...> の代理で送信
送信日時: 2022年1月25日 10:53
宛先: OpenChain Main <main@...>
件名: Re: [openchain] About the translation of Open-Source-Policy-Template
 

Hi Shane San

 

Thank you for the information.

 

We have now finished the translation and are reviewing it internally.

As soon as we finish the review, we will make a pull request below.

<https://github.com/OpenChain-Project/Reference-Material/tree/master/Open-Source-Policy/Official/2.1/> ja

 

Regards

 

Masahiko Hayashi




差出人: main@... <main@...> が Shane Coughlan <scoughlan@...> の代理で送信
送信日時: 2022年1月21日 11:30
宛先: OpenChain Main <main@...>
件名: Re: [openchain] About the translation of Open-Source-Policy-Template
 
Hi Hayashi San!

I am really glad to hear that you will help support the translation of the policy template document.

The basic way to start is super simple. Download the document here:
https://github.com/OpenChain-Project/Reference-Material/blob/master/Open-Source-Policy/Official/2.1/en/Open-Source-Policy-Template-en-OpenChain2.1-ISO5230.xlsx
And then submit the translation as a pull request (or just send it to this list).

Thank you very much in advance!

Regards

Shane

> On Jan 20, 2022, at 19:56, HAYASHI MASAHIKO(林 正彦) <m.hayashi@...> wrote:
>
> Shane-san, Andrew-san
>
> I would like to translate "Open-Source-Policy-Template-en-OpenChain2.1-ISO5230.xlsx" in OpenChain Resource into Japanese and make a contribution. Please let me know how I can do this.
>
>
>






Re: IMPORTANT: OpenChain Security Summit 2022 – 17/18th February

Nicole Pappler
 

Hi Shane,

shame on me, but I won't be able to make it this time - so sorry! I hope there will be a recording for me to catch up.

Cheers,

Nicole


Am 15.02.22 um 15:11 schrieb Shane Coughlan:
Heads up. If you do not have this in your schedule yet, it probably should be. Calendar invite attached.



On Feb 11, 2022, at 21:22, Shane Coughlan <scoughlan@...> wrote:


Earlier today you should have received calendar invitations (via this list) for our forthcoming OpenChain Security Summit 2022. This event (as always) is free to attend. It will be a pivotal event in showing where the industry is positioned and where OpenChain in this space. I highly recommend that you and your security teams attend. Sharing link:

OpenChain Security Summit 2022 – 17/18th February


Learn About OpenSSF In The Current Landscape From Brian Behlendorf, General Manager Open Source Security Foundation
OpenSSF is committed to collaboration and working both upstream and with existing communities to advance open source security for all.
Learn About SPDX In The Current Landscape From Kate Stewart, VP, Dependable Embedded Systems At The Linux Foundation
SPDX is an open standard for communicating software bill of material information, including provenance, license, security, and other related information.
And Learn More About Industry Responses To Log4J With Practical Cases Studies From User And Vendor Companies
The Security Summit will take place on February 17th 2022 at 17:00 PST / February 18th 2022 02:00 UTC / 10:00 CST / 11:00 JST. It will be hosted on Zoom and it will be free to attend. It will also be recorded. Join the event here:
You can expect to come away with a clear understanding of market conditions, how the Linux Foundation is addressing them, and where OpenChain fits into the picture. The goal – as always – is to ensure you have the information necessary to make informed, effective decisions around the open source supply chain.
We seek to build trust in the quality of programs used by you, your customers and your suppliers. We are proud to have taken significant strides in our field throughout 2021. We expect to push the boundaries of what is possible once again in 2022. You can learn more about what we are doing around security – including our reference assurance guide – here:

-- 
——————————————————————————————————————
Nicole Pappler
email: nicole.pappler@...
mobile: +49 15156078183

PAPPSTARpromotion GmbH
Nürnberger Str. 2
91717 Wassertrüdingen
Germany

Sitz der Gesellschaft: Wassertrüdingen Registergericht: Amtsgericht Ansbach, HRB 7127
Geschäftsführer: Prof. Dr. Andreas Bärwald
http://www.PAPPSTARpromotion.de


Re: IMPORTANT: OpenChain Security Summit 2022 – 17/18th February

 

Heads up. If you do not have this in your schedule yet, it probably should be. Calendar invite attached.



On Feb 11, 2022, at 21:22, Shane Coughlan <scoughlan@...> wrote:


Earlier today you should have received calendar invitations (via this list) for our forthcoming OpenChain Security Summit 2022. This event (as always) is free to attend. It will be a pivotal event in showing where the industry is positioned and where OpenChain in this space. I highly recommend that you and your security teams attend. Sharing link:

OpenChain Security Summit 2022 – 17/18th February


Learn About OpenSSF In The Current Landscape From Brian Behlendorf, General Manager Open Source Security Foundation
OpenSSF is committed to collaboration and working both upstream and with existing communities to advance open source security for all.
Learn About SPDX In The Current Landscape From Kate Stewart, VP, Dependable Embedded Systems At The Linux Foundation
SPDX is an open standard for communicating software bill of material information, including provenance, license, security, and other related information.
And Learn More About Industry Responses To Log4J With Practical Cases Studies From User And Vendor Companies
The Security Summit will take place on February 17th 2022 at 17:00 PST / February 18th 2022 02:00 UTC / 10:00 CST / 11:00 JST. It will be hosted on Zoom and it will be free to attend. It will also be recorded. Join the event here:
You can expect to come away with a clear understanding of market conditions, how the Linux Foundation is addressing them, and where OpenChain fits into the picture. The goal – as always – is to ensure you have the information necessary to make informed, effective decisions around the open source supply chain.
We seek to build trust in the quality of programs used by you, your customers and your suppliers. We are proud to have taken significant strides in our field throughout 2021. We expect to push the boundaries of what is possible once again in 2022. You can learn more about what we are doing around security – including our reference assurance guide – here:


Re: OpenChain Bi-Weekly Global Call 2022-02-15 06:00 UTC / 07:00 CET / 14:00 CST / 15:00 KST + JST (22:00 PST 2022-01-14)

 

Hi Jan!

We wrapped up at 06:30 UTC, moving to email 🙂

Shane 

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan

On Feb 15, 2022, at 15:36, Jan Thielscher <jan.thielscher@...> wrote:

 That‘s really a pitty, it seems like I am not able to get back in again…



On 15. Feb 2022, at 06:50, Shane Coughlan via lists.openchainproject.org <scoughlan=linuxfoundation.org@...> wrote:


Our call starts in 10 minutes. Important topic: we will talk about the security reference guide.

Check your timezone:
2022-02-15 06:00 UTC / 07:00 CET / 14:00 CST / 15:00 KST + JST (22:00 PST 2022-01-14)

Dial-in (as always):

On Feb 14, 2022, at 20:10, Shane Coughlan <scoughlan@...> wrote:

A reminder that our regular bi-weekly global work team call takes place tomorrow (February 15th) at 06:00 UTC.

This will be an important call. We will talk about the security reference guide.

Check your timezone:
2022-02-15 06:00 UTC / 07:00 CET / 14:00 CST / 15:00 KST + JST (22:00 PST 2022-01-14)

Dial-in (as always):

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:


Re: OpenChain Bi-Weekly Global Call 2022-02-15 06:00 UTC / 07:00 CET / 14:00 CST / 15:00 KST + JST (22:00 PST 2022-01-14)

Jan Thielscher
 

That‘s really a pitty, it seems like I am not able to get back in again…



On 15. Feb 2022, at 06:50, Shane Coughlan via lists.openchainproject.org <scoughlan=linuxfoundation.org@...> wrote:


Our call starts in 10 minutes. Important topic: we will talk about the security reference guide.

Check your timezone:
2022-02-15 06:00 UTC / 07:00 CET / 14:00 CST / 15:00 KST + JST (22:00 PST 2022-01-14)

Dial-in (as always):

On Feb 14, 2022, at 20:10, Shane Coughlan <scoughlan@...> wrote:

A reminder that our regular bi-weekly global work team call takes place tomorrow (February 15th) at 06:00 UTC.

This will be an important call. We will talk about the security reference guide.

Check your timezone:
2022-02-15 06:00 UTC / 07:00 CET / 14:00 CST / 15:00 KST + JST (22:00 PST 2022-01-14)

Dial-in (as always):

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:


Re: OpenChain Bi-Weekly Global Call 2022-02-15 06:00 UTC / 07:00 CET / 14:00 CST / 15:00 KST + JST (22:00 PST 2022-01-14)

 

Our call starts in 10 minutes. Important topic: we will talk about the security reference guide.

Check your timezone:
2022-02-15 06:00 UTC / 07:00 CET / 14:00 CST / 15:00 KST + JST (22:00 PST 2022-01-14)

Dial-in (as always):

On Feb 14, 2022, at 20:10, Shane Coughlan <scoughlan@...> wrote:

A reminder that our regular bi-weekly global work team call takes place tomorrow (February 15th) at 06:00 UTC.

This will be an important call. We will talk about the security reference guide.

Check your timezone:
2022-02-15 06:00 UTC / 07:00 CET / 14:00 CST / 15:00 KST + JST (22:00 PST 2022-01-14)

Dial-in (as always):

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:


OpenChain is on Slack

 

Reminder: OpenChain Project has a slack workspace. You can join at this link to stay at the cutting edge of open source compliance:
https://join.slack.com/t/openchainproject/shared_invite/zt-7ayys8g2-dgijHIK_kyrhEWEknrD0cQ

561 - 580 of 5035