Date   

Re: Invitation: OpenChain Telco Work Group Meeting @ Monthly from 17:00 to 18:00 on the first Thursday from Thu Feb 3 to Thu Mar 3 (JST) (main@lists.openchainproject.org)

Christopher Wood
 

Good morning Shane
I am sorry that I missed the 2AM meeting. Guess I was sleeping while it snowed   
Regards
Chris

On Feb 3, 2022, at 1:30 AM, Shane Coughlan <scoughlan@...> wrote:



You have been invited to the following event.

OpenChain Telco Work Group Meeting

When
Monthly from 17:00 to 18:00 on the first Thursday from Thu Feb 3 to Thu Mar 3 Japan Standard Time
Where
https://zoom.us/j/4377592799 (map)
Calendar
main@...
Who
scoughlan@... - creator
OpenChain Main
OpenChain Telco Work Group
~==========================~
You have been invited to a Zoom meeting:

https://zoom.us/j/4377592799

Meeting ID: 4377592799

One tap mobile:
+13017158592,,4377592799# US (Washington DC)
+13126266799,,4377592799# US (Chicago)
+13462487799,,4377592799# US (Houston)
+16465588656,,4377592799# US (New York)
+16699006833,,4377592799# US (San Jose)
+12532158782,,4377592799# US (Tacoma)
+18773690926,,4377592799# US
+18558801246,,4377592799# US
+14388097799,,4377592799# Canada
+15873281099,,4377592799# Canada
+16473744685,,4377592799# Canada
+16475580588,,4377592799# Canada
+17789072071,,4377592799# Canada
+12042727920,,4377592799# Canada
+18557038985,,4377592799# Canada

Dial by your location:
+1 3017158592 US (Washington DC)
+1 3126266799 US (Chicago)
+1 3462487799 US (Houston)
+1 6465588656 US (New York)
+1 6699006833 US (San Jose)
+1 2532158782 US (Tacoma)
+1 8773690926 US
+1 8558801246 US
+1 4388097799 Canada
+1 5873281099 Canada
+1 6473744685 Canada
+1 6475580588 Canada
+1 7789072071 Canada
+1 2042727920 Canada
+1 8557038985 Canada
Find your local number: https://zoom.us/zoomconference
~==========================~

Going (main@...)?   All events in this series:   Yes - Maybe - No    more options »

Invitation from Google Calendar

You are receiving this courtesy email at the account main@... because you are an attendee of this event.

To stop receiving future updates for this event, decline this event. Alternatively you can sign up for a Google account at https://calendar.google.com/calendar/ and control your notification settings for your entire calendar.

Forwarding this invitation could allow any recipient to send a response to the organizer and be added to the guest list, or invite others regardless of their own invitation status, or to modify your RSVP. Learn More.


OpenChain Self Certification

Jari Koivisto
 

Hi All,

I just noticed that the printable version of self-certification document (https://openchain-project.github.io/conformance-questionnaire/questionnaire.pdf) has Spec Refs to the OpenChain Spec 2.0 version and not the latest 2.1 (ISO 5230) version. 

Is someone working on this already?

BR,

   Jari

---
Jari Koivisto
E-mail: jari.p.koivisto@...
Mobile: +41 78 7479791
Skype: jari.p.koivisto
LinkedIn: http://www.linkedin.com/in/jarikoivisto


Re: [telco] Tomorrows Telco Group meeting

 

Telco meeting underway right now:


On Feb 3, 2022, at 16:28, Gergely Csatari <gergely.csatari@...> wrote:



Hi,

 

Uh-oh, for some reason I do not see these meetings in the calendar [1]. Can you please advise how to get an invite?

 

Thanks,

Gergely

 

[1]: https://lists.openchainproject.org/g/telco/calendar

 

From: telco@... <telco@...> On Behalf Of Jimmy Ahlberg via lists.openchainproject.org
Sent: Wednesday, February 2, 2022 11:00 PM
To: telco@...
Subject: [telco] Tomorrows Telco Group meeting

 

Dear Telco group subscribers, welcome all to tomorrows Telco Group meeting.

 

I would like to share with you a bit of the thinking that currently exists around the Telco Group as well as our tentative agenda for tomorrow.

 

In the meetings we ran last year we exchanged experiences and best practices around open source in the telco field, my sincere thanks to everyone who so freely shared of their experiences and wisdom to the group. I for one learned a lot and have a lot more to learn still. Going forward we will have our meetings regularly at the first Thursday of each month, one meeting in the morning (for those of us based in Europe) and one in the afternoon so that we ensure that everyone has a chance to participate regardless of time zone. We can change this cadence later and have ad hoc meetings as needed but this way we have a standing appointment in the calendar. At least initially we will run the meetings with identical agendas, so no one should feel obliged to join both meetings, even if you are welcome to do so if you want to.

 

Last year we also discussed in our meetings and in emails some concrete things we could do in the telco sector to simplify open source management in our industry. The conclusion was that it seems that documenting harmonizing best practices for SBoM management was a low hanging fruit we could reach for. There exists great tools already such as SPDX, Cyclone DX, the OpenChain specification itself, the idea is not to reinvent these wheels but rather to see what we can build on top of that that would be of use to our industry. The group and this list remains a place to exchange experiences and best practices,

we should not lose track of that. At the same time, we are from the telco industry, standardization, harmonization, and interoperability is part of our DNA so I think this more actionable work is a natural expression of this.

 

With this in mind I would like to propose the following agenda for our meeting tomorrow.

 

  1. Welcome & “round the table” introduction of who is who.
  2. Agree on cornerstone principles for our work on “Telco Standard SBoM” going forward. (below are my proposals, if  you would like to add further suggestion feel free to do so during the meeting or over email).
    1. We do not aim to change the OpenChain specification or fork it.
    2. To implement the “Telco standard for SBoM” you need not be OpenChain conformant.
    3. The solution in its entirety needs to adhere to the US federal requirements.
  3. Is there a need for a formal Terms Of Reference style document?
  4. Work items: The suggestion is that we discuss some of the major points that was brought up during our brainstorming sessions.
    1. SBoM Dataformat: Suggestions so far include that the “Telco standard for SBoM” should mandate SPDX in its latest version, SPDX in its ISO format, Cyclone DX (no version suggested), or that we remain agnostic to the issue of dataformat.
    2. File format (What should we use for the machine readable SBoM, one format or many? What format should we use for the human readable version?) Do we want to support that these on a voluntary basis are transactable separately from the binary/source?
    3. Timing, when should the SBoM be delivered?
    4. Template contract clauses to reference our “Telco Standard for SBoM”/playbooks.
    5. Any other additions to the above?
  5. AoB.
  6. Close of the meeting.

 

Feel free to suggest alterations to this agenda if you think there are other things that are more urgent to discuss.

 

Looking forward to seeing you all virtually at any of the meetings tomorrow.

 

Best Regards Jimmy Ahlberg

 

 

Jimmy Ahlberg LL.M

Director Open Source Policy

 

Group Function Technology Standards & Industry Initiatives

 

Phone: +46107198055

Mobile: +46725838055

jimmy.ahlberg@...

 

Ericsson

Lindholmspiren 11

417 56, Göteborg

Sweden

ericsson.com

 

 

Our commitment to Technology for Good and Diversity and Inclusion contributes to positive change.
Follow us on: Facebook LinkedIn Twitter

Legal entity:
ERICSSON AB registration number 556056-6258, registered office in Stockholm.
This communication is confidential. Our email terms: www.ericsson.com/en/legal/privacy/email-disclaimer

 


Invitation: OpenChain Telco Work Group Meeting @ Monthly from 17:00 to 18:00 on the first Thursday from Thu Feb 3 to Thu Mar 3 (JST) (main@lists.openchainproject.org)

 

You have been invited to the following event.

OpenChain Telco Work Group Meeting

When
Monthly from 17:00 to 18:00 on the first Thursday from Thu Feb 3 to Thu Mar 3 Japan Standard Time
Where
https://zoom.us/j/4377592799 (map)
Calendar
main@...
Who
scoughlan@... - creator
OpenChain Main
OpenChain Telco Work Group
~==========================~
You have been invited to a Zoom meeting:

https://zoom.us/j/4377592799

Meeting ID: 4377592799

One tap mobile:
+13017158592,,4377592799# US (Washington DC)
+13126266799,,4377592799# US (Chicago)
+13462487799,,4377592799# US (Houston)
+16465588656,,4377592799# US (New York)
+16699006833,,4377592799# US (San Jose)
+12532158782,,4377592799# US (Tacoma)
+18773690926,,4377592799# US
+18558801246,,4377592799# US
+14388097799,,4377592799# Canada
+15873281099,,4377592799# Canada
+16473744685,,4377592799# Canada
+16475580588,,4377592799# Canada
+17789072071,,4377592799# Canada
+12042727920,,4377592799# Canada
+18557038985,,4377592799# Canada

Dial by your location:
+1 3017158592 US (Washington DC)
+1 3126266799 US (Chicago)
+1 3462487799 US (Houston)
+1 6465588656 US (New York)
+1 6699006833 US (San Jose)
+1 2532158782 US (Tacoma)
+1 8773690926 US
+1 8558801246 US
+1 4388097799 Canada
+1 5873281099 Canada
+1 6473744685 Canada
+1 6475580588 Canada
+1 7789072071 Canada
+1 2042727920 Canada
+1 8557038985 Canada
Find your local number: https://zoom.us/zoomconference
~==========================~

Going (main@...)?   All events in this series:   Yes - Maybe - No    more options »

Invitation from Google Calendar

You are receiving this courtesy email at the account main@... because you are an attendee of this event.

To stop receiving future updates for this event, decline this event. Alternatively you can sign up for a Google account at https://calendar.google.com/calendar/ and control your notification settings for your entire calendar.

Forwarding this invitation could allow any recipient to send a response to the organizer and be added to the guest list, or invite others regardless of their own invitation status, or to modify your RSVP. Learn More.


Re: Meaning of Open Source license in 2.1.1

Mark Gisi
 

Jan’s description is consistent with my interpretation. If there is general confusion over the meaning of “Open Source compliance inquiry” – I would recommend someone file an issue here:

    https://github.com/OpenChain-Project/Specification/issues

 

We can consider using alternative wording or adding a question/answer in the spec FAQ.

 

- Mark

 

Mark Gisi
Director, Open Source Program Office

Empowering Customers to Prosper using Open Source

(510) 749-2016

Wind River

 

From: main@... <main@...> On Behalf Of Jan Thielscher
Sent: Wednesday, February 2, 2022 2:52 AM
To: main@...
Subject: Re: [openchain] Meaning of Open Source license in 2.1.1

 

[Please note: This e-mail is from an EXTERNAL e-mail address]

Hi Gergely,

 

my understanding is that it addresses the handling of the inbound questions concerning the open source parts of the Supplied Software.

 

Assume you are using some GPLv2 licensed code and offer to hand over the sources attached with that license. You will need an interface with the external world, to receive and reliable process the request.

 

The same applies to questions - and here you do good to make sure the process is well known across the organisation -  by potential notifications of infringements through the Supplied Software. Assume someone wants to contact you, because he thinks, the Supplied Software is non-compliant with his view, how the components should be treated/handled/documented… Having a sound procedure in place allowing to record, understand and securely process this inquiry will help to protect the company from potential damage.

 

I hope this answers your question? 

 

Mit freundlichem Gruß / kind regards
Jan Thielscher
 
T: +49 69 153 22 77 55
F: +49 69 153 22 77 51



Am 02.02.2022 um 11:42 schrieb Gergely Csatari via lists.openchainproject.org <gergely.csatari=nokia.com@...>:

 

Hi, 

 

I’m trying to interpret the requirements of 2.1.1 and I have problems finding out the meaning of “Open Source compliance inquiry”. It is not defined in the document. Can someone please clarify its meaning?

 

Thanks, 

Gergely

 


Re: Meaning of Open Source license in 2.1.1

Jan Thielscher
 

Hi Gergely,

my understanding is that it addresses the handling of the inbound questions concerning the open source parts of the Supplied Software.

Assume you are using some GPLv2 licensed code and offer to hand over the sources attached with that license. You will need an interface with the external world, to receive and reliable process the request.

The same applies to questions - and here you do good to make sure the process is well known across the organisation -  by potential notifications of infringements through the Supplied Software. Assume someone wants to contact you, because he thinks, the Supplied Software is non-compliant with his view, how the components should be treated/handled/documented… Having a sound procedure in place allowing to record, understand and securely process this inquiry will help to protect the company from potential damage.

I hope this answers your question? 

Mit freundlichem Gruß / kind regards
Jan Thielscher
 
T: +49 69 153 22 77 55
F: +49 69 153 22 77 51

Am 02.02.2022 um 11:42 schrieb Gergely Csatari via lists.openchainproject.org <gergely.csatari=nokia.com@...>:

Hi, 
 
I’m trying to interpret the requirements of 2.1.1 and I have problems finding out the meaning of “Open Source compliance inquiry”. It is not defined in the document. Can someone please clarify its meaning?
 
Thanks, 
Gergely


Meaning of Open Source license in 2.1.1

Gergely Csatari
 

Hi,

 

I’m trying to interpret the requirements of 2.1.1 and I have problems finding out the meaning of “Open Source compliance inquiry”. It is not defined in the document. Can someone please clarify its meaning?

 

Thanks,

Gergely


Frequent Misunderstandings of OSS licenses V7.1

ouchi yoshiko
 

Hello.
The other day, JAPAN WG FAQ-SG published "Common misunderstandings related to OSS license V7", and we received a request to add a link to each QA slide from the index.
Therefore, we have published a new version with links as V7.1.

We hope you find it useful.
https://github.com/OpenChain-Project/OpenChain-JWG/tree/master/Education_Material/FAQ

Regards,
Yoshiko Ouchi


OpenChain Security Assurance Reference Specification - DRAFT 2.0

 

As discussed on our last call, some changes reflecting our conceptual approach (up for discussion):
https://github.com/OpenChain-Project/SecurityAssuranceGuide/blob/main/Guide/2.0/OpenChainSecurityAssuranceGuide.2.0-DRAFT.docx

From the introduction:

The OpenChain Project is working towards a supply chain where open source is delivered with trusted and consistent compliance information. We maintain OpenChain ISO/IEC 5230:2020, the International Standard for open source license compliance. Adjacent to this the project maintains a large international community, extensive reference materials, and working groups addressing various domain issues. We support discussions around security, export control, M&A and other topics.

OpenChain ISO/IEC 5230:2020 is a process management specification that identifies inbound, internal and outbound inflection points where a process, policy or training should exist. The identification and tracking of software used and deployed is an inherent part of getting this right, and this also allows our standard to also be useful for security or export control.

We noticed that OpenChain ISO/IEC 5230:2020 was being used quite often in deployment discussions and we wanted to support our broader community around these use-cases. The reference specification you are now reading is focused on the security domain. It is intended to identify and describe the key requirements of a quality Security Assurance Program in the context of using Open Source Software. This early iteration of the document focuses on a narrow subset of primary concern: checking Open Source Software against publicly known security vulnerabilities like CVEs, GitHub/GitLab vulnerability reports, and so on.

This document focused on the “what” and “why” aspects of a quality Security Assurance Program rather than delving into to “how” and “when.” This is a conscious decision to ensure flexibility for companies of any size and in any market to use this reference specification. This approach, along with the types of processes identified, is built on more than half a decade of practical global feedback around the creation and management of such programs. The end result is that a company can frame a program that precisely fits their supply chain requirements, scoped to a single product or a complete legal entity, and take this solution to market quickly and effectively.

The scope of this reference specification may expand over time based on community feedback.

This introduction describes the reference specification’s purpose. Section 2 defines key terms used throughout this document. Section 3 defines the requirements that a Program must satisfy to achieve a core level of Security Assurance. Each requirement consists of one or more verification materials (i.e., records) that must be produced to satisfy the requirement. Verification materials are not required to be made public, though an organization may choose to provide them to others, potentially under a Non-Disclosure Agreement (NDA).

This reference specification is licensed under Creative Commons Attribution License 4.0 (CC-BY-4.0). Because it takes the form of a Reference Specification, and is therefore intended to fit into the mental model applied to specification creation, it is not designed to be modified outside of the formal editing track. You can take part in editing this document via the OpenChain Project bi-weekly calls. You can learn about joining these calls and our other activities here:

https://www.openchainproject.org/community


Happy New Year!

 

As we enter the year of the Tiger I want to wish everyone fortune and happiness. 
新年好, 恭喜发财 and 새해 복 많이 받으세요!


Our biweekly meeting takes place in around one hour

 

Reminder:
Our biweekly meeting takes place in around one hour.

Agenda:
Forthcoming summits
Security + the specification
What you (as users) want to see from the partner ecosystem

Dial in:
https://zoom.us/j/4377592799

On Jan 31, 2022, at 17:30, Shane Coughlan <scoughlan@...> wrote:

Our regular bi-weekly meeting takes place today. We will be talking about:
Forthcoming summits
Security + the specification
What you (as users) want to see from the partner ecosystem

Dial in:
https://zoom.us/j/4377592799

Check your time
14:00 UTC 2022-01-31 (today) - 06:00 PST / 14:00 BST / 15:00 CET / 19:00 IST / 22:00 CST / 23:00 KST+JST


OpenChain Bi-Weekly Meeting - 14:00 UTC 2022-01-31 (today) - 06:00 PST / 14:00 BST / 15:00 CET / 19:00 IST / 22:00 CST / 23:00 KST+JST

 

Our regular bi-weekly meeting takes place today. We will be talking about:
Forthcoming summits
Security + the specification
What you (as users) want to see from the partner ecosystem

Dial in:
https://zoom.us/j/4377592799

Check your time
14:00 UTC 2022-01-31 (today) - 06:00 PST / 14:00 BST / 15:00 CET / 19:00 IST / 22:00 CST / 23:00 KST+JST


Re: “A Bug in Early Creative Commons Licenses Has Enabled a New Breed of Superpredator”

McCoy Smith
 

The “immediate termination on breach” clause of GPLv2 was, in part, being used in the McHardy litigations (just settled for good) in Germany. Some more detailed analysis here: https://jolts.world/index.php/jolts/article/view/128/246 It’s also why the cooperation commitment for GPLv2 was done: https://opensource.com/article/18/11/gpl-cooperation-commitment

 

There’s another debate to be had about the notice requirements of various licenses (which is the peg on which this particular CC litigant hangs their hat), and how compliance for that is done, and to what extent that’s all that valuable. I tend to think at some point License Zero type licenses (not the current ones, but different flavors of future ones, which could include copyleft) will look more attractive

 

From: main@... <main@...> On Behalf Of Steve Kilbane
Sent: Friday, January 28, 2022 1:56 AM
To: main@...
Subject: Re: [openchain] “A Bug in Early Creative Commons Licenses Has Enabled a New Breed of Superpredator”

 

If I'm understanding this correctly, the key aspect here is that a breach leads to termination of rights without opportunity of remedy. Isn't that relatively common in open source licenses, not just the Creative Commons ones?

 

I acknowledge that, as Cory describes, it's easy to create large quantities of media (e.g. stock photos) that is directly owned by a copyleft troll, as bait. But doesn't the problem also apply to open source software? While it's harder to software packages that will be so easily picked up by sufficient users to make the effort worthwhile, I can think of a couple of attacks here:

 

The attacker could fork a popular package under a permissive license, make minor changes, and re-release with a subtle renaming under a compatible license w/o remedy period.

 

More perniciously, the attacker could contribute changes to the original package which made use of media under the CC licenses or other licenses with a similar problem.

 

steve

 

From: main@... <main@...> On Behalf Of Shane Coughlan
Sent: 25 January 2022 06:41
To: OpenChain Main <main@...>
Subject: [openchain] “A Bug in Early Creative Commons Licenses Has Enabled a New Breed of Superpredator”

 

[External]

 

Very little open source *code* is under Creative Commons licenses. However, a lot of open source *documentation* is under Creative Commons licenses. Therefore, we should keep an eye on this matter.

Copyleft trolls, robosigning, and Pixsy”


Re: “A Bug in Early Creative Commons Licenses Has Enabled a New Breed of Superpredator”

Steve Kilbane
 

If I'm understanding this correctly, the key aspect here is that a breach leads to termination of rights without opportunity of remedy. Isn't that relatively common in open source licenses, not just the Creative Commons ones?

 

I acknowledge that, as Cory describes, it's easy to create large quantities of media (e.g. stock photos) that is directly owned by a copyleft troll, as bait. But doesn't the problem also apply to open source software? While it's harder to software packages that will be so easily picked up by sufficient users to make the effort worthwhile, I can think of a couple of attacks here:

 

The attacker could fork a popular package under a permissive license, make minor changes, and re-release with a subtle renaming under a compatible license w/o remedy period.

 

More perniciously, the attacker could contribute changes to the original package which made use of media under the CC licenses or other licenses with a similar problem.

 

steve

 

From: main@... <main@...> On Behalf Of Shane Coughlan
Sent: 25 January 2022 06:41
To: OpenChain Main <main@...>
Subject: [openchain] “A Bug in Early Creative Commons Licenses Has Enabled a New Breed of Superpredator”

 

[External]

 

Very little open source *code* is under Creative Commons licenses. However, a lot of open source *documentation* is under Creative Commons licenses. Therefore, we should keep an eye on this matter.

Copyleft trolls, robosigning, and Pixsy”


External: The EU Open Source Policy Summit

 

An OFE production on the 4th of February:
https://summit.openforumeurope.org/

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan


Diversion: our virtual Christmas party

 

For those who missed it, we were hanging out on a virtual island (thank you Korea Community) and sharing stories about trains.


Re: [germany-wg] [openchain] FAQ: Common Misunderstandings about OSS Licensing (English and Japanese

 

This is incredible! Thank you all and I am really looking forward to next steps here. Naturally we will want to share the results far and wide.

On Jan 26, 2022, at 21:31, Astrid Spura <office@...> wrote:

Thank you very much for offering help! Reviewing translation would be great. I will get in touch in time.

Best regards,
Astrid


Am 25.01.22 um 19:53 schrieb Jan Thielscher:
😊 ... so count me in as well...
Von: main@... <main@...> im Auftrag von Stefanie Pors via lists.openchainproject.org <stefanie.pors=intel.com@...>
Datum: Dienstag, 25. Januar 2022 um 18:51
An: germany-wg@... <germany-wg@...>, main@... <main@...>
Betreff: Re: [germany-wg] [openchain] FAQ: Common Misunderstandings about OSS Licensing (English and Japanese
Hi Stefan, Astrid,
Happy to provide a pair of German reviewing eyes as well. (Stefan, the "ping" on the *old* group worked 😉)
Greetings
Steffi
Stefanie Pors
GAT EMEA – Intel Legal Department
-----Original Message-----
From: germany-wg@... <germany-wg@...> On Behalf Of Stefan Thanheiser
Sent: Dienstag, 25. Januar 2022 18:38
To: main@...; germany-wg@...
Subject: Re: [germany-wg] [openchain] FAQ: Common Misunderstandings about OSS Licensing (English and Japanese
Hi Astrid,
please count me in for the translation into German (if you need more helping hands/brains).
I also could offer https://github.com/OCSpecGermanTranslation as collaboration space.
Are there more volunteers (maybe from the 'old' specification translation group 😉 )?
Regards,
Stefan
Stefan Thanheiser
Atruvia AG
---
Servicefeld Qualität IT-Sicherheit Einkauf, Tribe Einkauf, Chapter Software Asset & Lizenzmanagement
---
Telefon +49 721 4004-1860
Mobil +49 170 3304133
E-Mail stefan.thanheiser@...
Atruvia AG | www.atruvia.de<http://www.atruvia.de>
AG Frankfurt a. M. HRB 102381 | Sitz der Gesellschaft: Frankfurt a. M. | USt-IdNr. DE 143582320
Vorstand: Martin Beyer (Vorstandssprecher), Ulrich Coenen (Vorstandssprecher), Daniela Bücker, Birgit Frohnhoff, Jörg Staff, Ralf Teufel Vorsitzender des Aufsichtsrats: Jürgen Brinkmann
-----Ursprüngliche Nachricht-----
Von: main@... <main@...> Im Auftrag von Astrid Spura
Gesendet: Dienstag, 25. Januar 2022 16:38
An: main@...
Cc: OpenChain Japan <japan-wg@...>
Betreff: Re: [openchain] FAQ: Common Misunderstandings about OSS Licensing (English and Japanese
Dear Shane,
dear all,
The OpenChain Japan work group has released a new revision of its FAQ regarding frequent misunderstandings around open source licenses. This FAQ is available in English and Japanese, and assistance in translating it into other languages is very welcome.
We would be happy to help with translation into German language. If there is already work in progress, please get in touch, so that we can share the workload.
It is important to note that this document is based on real world experiences distilled into very practical knowledge. We are fortunate to have had many companies contribute to it, and it holds great potential to assist the supply chain.
Yes, well done. We appreciate the work. The issues mentioned are comparable with our experiences.
You can get over on GitHub

https://github.com/OpenChain-Project/OpenChain-JWG/tree/master/Educati
on_Material/FAQ
Thanks. We will let you know as soon as the German version will be ready.
Best regards,
Astrid
--
Astrid Spura, Compliance & Communication Astrid.Spura@...
Open Source Automation Development Lab (OSADL) eG Im Neuenheimer Feld 583, D-69120 Heidelberg, Germany
Phone: +49(6221)98504-0, Fax: +49(6221)98504-80 office@... http://www.osadl.org
https://youtu.be/z0MiLwP_n40
Location of the company: Heidelberg, Germany Cooperative register #700048 at the district court of Mannheim Chairman of the Supervisory Board: Axel Berghoff
Directors: Andreas Orzelski, Rainer Thieringer Tax number 32080/02883, VAT Id-No DE249975743
Intel Germany GmbH & Co. KG
Registered Address: Lilienthalstraße 15 D-85579 Neubiberg Germany Tel +49 89 89 89 97-0 www.intel.com<http://www.intel.com>
Registered Office: Neubiberg Commercial Register: Amtsgericht München HRA 94167
Limited Partner (Kommanditist): Lantiq Intermediate Holdco S.à r.l
General Partner (Komplementär): Intel Germany Holding GmbH Registered Office: Neubiberg
Commercial Register: Amtsgericht München HRB 180523
Managing Directors (Geschäftsführung): Christin Eisenschmid, Sharon Heck, Tiffany Doon Silva
--
Astrid Spura, Compliance & Kommunikation
Astrid.Spura@...

Open Source Automation Development Lab (OSADL) eG
Im Neuenheimer Feld 583, 69120 Heidelberg
Telefon: 06221 98504-0, Telefax: 06221 98504-80
office@...
http://www.osadl.org
https://youtu.be/18RgBp9X6ss

Sitz des Unternehmens: Heidelberg
Genossenschaftsregister Nr. 700048 beim Amtsgericht Mannheim
Aufsichtsratsvorsitzender: Axel Berghoff
Vorstände: Andreas Orzelski, Rainer Thieringer
Steuer-Nr. 32080/02883, USt-Id DE249975743





Re: [germany-wg] [openchain] FAQ: Common Misunderstandings about OSS Licensing (English and Japanese

Astrid Spura <office@...>
 

Thank you very much for offering help! Reviewing translation would be great. I will get in touch in time.

Best regards,
Astrid


Am 25.01.22 um 19:53 schrieb Jan Thielscher:

😊 ... so count me in as well...
Von: main@... <main@...> im Auftrag von Stefanie Pors via lists.openchainproject.org <stefanie.pors=intel.com@...>
Datum: Dienstag, 25. Januar 2022 um 18:51
An: germany-wg@... <germany-wg@...>, main@... <main@...>
Betreff: Re: [germany-wg] [openchain] FAQ: Common Misunderstandings about OSS Licensing (English and Japanese
Hi Stefan, Astrid,
Happy to provide a pair of German reviewing eyes as well. (Stefan, the "ping" on the *old* group worked 😉)
Greetings
Steffi
Stefanie Pors
GAT EMEA – Intel Legal Department
-----Original Message-----
From: germany-wg@... <germany-wg@...> On Behalf Of Stefan Thanheiser
Sent: Dienstag, 25. Januar 2022 18:38
To: main@...; germany-wg@...
Subject: Re: [germany-wg] [openchain] FAQ: Common Misunderstandings about OSS Licensing (English and Japanese
Hi Astrid,
please count me in for the translation into German (if you need more helping hands/brains).
I also could offer https://github.com/OCSpecGermanTranslation as collaboration space.
Are there more volunteers (maybe from the 'old' specification translation group 😉 )?
Regards,
Stefan
Stefan Thanheiser
Atruvia AG
---
Servicefeld Qualität IT-Sicherheit Einkauf, Tribe Einkauf, Chapter Software Asset & Lizenzmanagement
---
Telefon +49 721 4004-1860
Mobil +49 170 3304133
E-Mail stefan.thanheiser@...
Atruvia AG | www.atruvia.de<http://www.atruvia.de>
AG Frankfurt a. M. HRB 102381 | Sitz der Gesellschaft: Frankfurt a. M. | USt-IdNr. DE 143582320
Vorstand: Martin Beyer (Vorstandssprecher), Ulrich Coenen (Vorstandssprecher), Daniela Bücker, Birgit Frohnhoff, Jörg Staff, Ralf Teufel Vorsitzender des Aufsichtsrats: Jürgen Brinkmann
-----Ursprüngliche Nachricht-----
Von: main@... <main@...> Im Auftrag von Astrid Spura
Gesendet: Dienstag, 25. Januar 2022 16:38
An: main@...
Cc: OpenChain Japan <japan-wg@...>
Betreff: Re: [openchain] FAQ: Common Misunderstandings about OSS Licensing (English and Japanese
Dear Shane,
dear all,

The OpenChain Japan work group has released a new revision of its FAQ regarding frequent misunderstandings around open source licenses. This FAQ is available in English and Japanese, and assistance in translating it into other languages is very welcome.
We would be happy to help with translation into German language. If there is already work in progress, please get in touch, so that we can share the workload.

It is important to note that this document is based on real world experiences distilled into very practical knowledge. We are fortunate to have had many companies contribute to it, and it holds great potential to assist the supply chain.
Yes, well done. We appreciate the work. The issues mentioned are comparable with our experiences.

You can get over on GitHub

https://github.com/OpenChain-Project/OpenChain-JWG/tree/master/Educati
on_Material/FAQ
Thanks. We will let you know as soon as the German version will be ready.
Best regards,
Astrid
--
Astrid Spura, Compliance & Communication Astrid.Spura@...
Open Source Automation Development Lab (OSADL) eG Im Neuenheimer Feld 583, D-69120 Heidelberg, Germany
Phone: +49(6221)98504-0, Fax: +49(6221)98504-80 office@... http://www.osadl.org
https://youtu.be/z0MiLwP_n40
Location of the company: Heidelberg, Germany Cooperative register #700048 at the district court of Mannheim Chairman of the Supervisory Board: Axel Berghoff
Directors: Andreas Orzelski, Rainer Thieringer Tax number 32080/02883, VAT Id-No DE249975743
Intel Germany GmbH & Co. KG
Registered Address: Lilienthalstraße 15 D-85579 Neubiberg Germany Tel +49 89 89 89 97-0 www.intel.com<http://www.intel.com>
Registered Office: Neubiberg Commercial Register: Amtsgericht München HRA 94167
Limited Partner (Kommanditist): Lantiq Intermediate Holdco S.à r.l
General Partner (Komplementär): Intel Germany Holding GmbH Registered Office: Neubiberg
Commercial Register: Amtsgericht München HRB 180523
Managing Directors (Geschäftsführung): Christin Eisenschmid, Sharon Heck, Tiffany Doon Silva
--
Astrid Spura, Compliance & Kommunikation
Astrid.Spura@...

Open Source Automation Development Lab (OSADL) eG
Im Neuenheimer Feld 583, 69120 Heidelberg
Telefon: 06221 98504-0, Telefax: 06221 98504-80
office@...
http://www.osadl.org
https://youtu.be/18RgBp9X6ss

Sitz des Unternehmens: Heidelberg
Genossenschaftsregister Nr. 700048 beim Amtsgericht Mannheim
Aufsichtsratsvorsitzender: Axel Berghoff
Vorstände: Andreas Orzelski, Rainer Thieringer
Steuer-Nr. 32080/02883, USt-Id DE249975743


Re: [germany-wg] [openchain] FAQ: Common Misunderstandings about OSS Licensing (English and Japanese

Jan Thielscher
 

😊 ... so count me in as well...

 

Von: main@... <main@...> im Auftrag von Stefanie Pors via lists.openchainproject.org <stefanie.pors=intel.com@...>
Datum: Dienstag, 25. Januar 2022 um 18:51
An: germany-wg@... <germany-wg@...>, main@... <main@...>
Betreff: Re: [germany-wg] [openchain] FAQ: Common Misunderstandings about OSS Licensing (English and Japanese

Hi Stefan, Astrid,

Happy to provide a pair of German reviewing eyes as well.  (Stefan, the "ping" on the *old* group worked 😉)

Greetings
Steffi

Stefanie Pors

GAT EMEA – Intel Legal Department

-----Original Message-----
From: germany-wg@... <germany-wg@...> On Behalf Of Stefan Thanheiser
Sent: Dienstag, 25. Januar 2022 18:38
To: main@...; germany-wg@...
Subject: Re: [germany-wg] [openchain] FAQ: Common Misunderstandings about OSS Licensing (English and Japanese

Hi Astrid,

please count me in for the translation into German (if you need more helping hands/brains).
I also could offer https://github.com/OCSpecGermanTranslation as collaboration space.

Are there more volunteers (maybe from the 'old' specification translation group 😉 )?

Regards,
Stefan

Stefan Thanheiser

Atruvia AG
---
Servicefeld Qualität IT-Sicherheit Einkauf, Tribe Einkauf, Chapter Software Asset & Lizenzmanagement
---
Telefon +49 721 4004-1860
Mobil +49 170 3304133
E-Mail stefan.thanheiser@...




Atruvia AG | www.atruvia.de
AG Frankfurt a. M. HRB 102381 | Sitz der Gesellschaft: Frankfurt a. M. | USt-IdNr. DE 143582320
Vorstand: Martin Beyer (Vorstandssprecher), Ulrich Coenen (Vorstandssprecher), Daniela Bücker, Birgit Frohnhoff, Jörg Staff, Ralf Teufel Vorsitzender des Aufsichtsrats: Jürgen Brinkmann


-----Ursprüngliche Nachricht-----
Von: main@... <main@...> Im Auftrag von Astrid Spura
Gesendet: Dienstag, 25. Januar 2022 16:38
An: main@...
Cc: OpenChain Japan <japan-wg@...>
Betreff: Re: [openchain] FAQ: Common Misunderstandings about OSS Licensing (English and Japanese

Dear Shane,
dear all,

> The OpenChain Japan work group has released a new revision of its FAQ regarding frequent misunderstandings around open source licenses. This FAQ is available in English and Japanese, and assistance in translating it into other languages is very welcome.
We would be happy to help with translation into German language. If there is already work in progress, please get in touch, so that we can share the workload.

> It is important to note that this document is based on real world experiences distilled into very practical knowledge. We are fortunate to have had many companies contribute to it, and it holds great potential to assist the supply chain.
Yes, well done. We appreciate the work. The issues mentioned are comparable with our experiences.

> You can get over on GitHub
>
> https://github.com/OpenChain-Project/OpenChain-JWG/tree/master/Educati
> on_Material/FAQ
Thanks. We will let you know as soon as the German version will be ready.

Best regards,
Astrid

--
Astrid Spura, Compliance & Communication Astrid.Spura@...

Open Source Automation Development Lab (OSADL) eG Im Neuenheimer Feld 583, D-69120 Heidelberg, Germany
Phone: +49(6221)98504-0, Fax: +49(6221)98504-80 office@... http://www.osadl.org
https://youtu.be/z0MiLwP_n40

Location of the company: Heidelberg, Germany Cooperative register #700048 at the district court of Mannheim Chairman of the Supervisory Board: Axel Berghoff
Directors: Andreas Orzelski, Rainer Thieringer Tax number 32080/02883, VAT Id-No DE249975743










Intel Germany GmbH & Co. KG
Registered Address: Lilienthalstraße 15   D-85579 Neubiberg   Germany   Tel +49 89 89 89 97-0   www.intel.com
Registered Office: Neubiberg   Commercial Register: Amtsgericht München HRA 94167
Limited Partner (Kommanditist): Lantiq Intermediate Holdco S.à r.l
General Partner (Komplementär): Intel Germany Holding GmbH   Registered Office: Neubiberg
Commercial Register: Amtsgericht München HRB 180523
Managing Directors (Geschäftsführung): Christin Eisenschmid, Sharon Heck, Tiffany Doon Silva





Re: [germany-wg] [openchain] FAQ: Common Misunderstandings about OSS Licensing (English and Japanese

Stefanie Pors
 

Hi Stefan, Astrid,

Happy to provide a pair of German reviewing eyes as well. (Stefan, the "ping" on the *old* group worked 😉)

Greetings
Steffi

Stefanie Pors

GAT EMEA – Intel Legal Department

-----Original Message-----
From: germany-wg@... <germany-wg@...> On Behalf Of Stefan Thanheiser
Sent: Dienstag, 25. Januar 2022 18:38
To: main@...; germany-wg@...
Subject: Re: [germany-wg] [openchain] FAQ: Common Misunderstandings about OSS Licensing (English and Japanese

Hi Astrid,

please count me in for the translation into German (if you need more helping hands/brains).
I also could offer https://github.com/OCSpecGermanTranslation as collaboration space.

Are there more volunteers (maybe from the 'old' specification translation group 😉 )?

Regards,
Stefan

Stefan Thanheiser

Atruvia AG
---
Servicefeld Qualität IT-Sicherheit Einkauf, Tribe Einkauf, Chapter Software Asset & Lizenzmanagement
---
Telefon +49 721 4004-1860
Mobil +49 170 3304133
E-Mail stefan.thanheiser@...




Atruvia AG | www.atruvia.de
AG Frankfurt a. M. HRB 102381 | Sitz der Gesellschaft: Frankfurt a. M. | USt-IdNr. DE 143582320
Vorstand: Martin Beyer (Vorstandssprecher), Ulrich Coenen (Vorstandssprecher), Daniela Bücker, Birgit Frohnhoff, Jörg Staff, Ralf Teufel Vorsitzender des Aufsichtsrats: Jürgen Brinkmann


-----Ursprüngliche Nachricht-----
Von: main@... <main@...> Im Auftrag von Astrid Spura
Gesendet: Dienstag, 25. Januar 2022 16:38
An: main@...
Cc: OpenChain Japan <japan-wg@...>
Betreff: Re: [openchain] FAQ: Common Misunderstandings about OSS Licensing (English and Japanese

Dear Shane,
dear all,

The OpenChain Japan work group has released a new revision of its FAQ regarding frequent misunderstandings around open source licenses. This FAQ is available in English and Japanese, and assistance in translating it into other languages is very welcome.
We would be happy to help with translation into German language. If there is already work in progress, please get in touch, so that we can share the workload.

It is important to note that this document is based on real world experiences distilled into very practical knowledge. We are fortunate to have had many companies contribute to it, and it holds great potential to assist the supply chain.
Yes, well done. We appreciate the work. The issues mentioned are comparable with our experiences.

You can get over on GitHub

https://github.com/OpenChain-Project/OpenChain-JWG/tree/master/Educati
on_Material/FAQ
Thanks. We will let you know as soon as the German version will be ready.

Best regards,
Astrid

--
Astrid Spura, Compliance & Communication Astrid.Spura@...

Open Source Automation Development Lab (OSADL) eG Im Neuenheimer Feld 583, D-69120 Heidelberg, Germany
Phone: +49(6221)98504-0, Fax: +49(6221)98504-80 office@... http://www.osadl.org
https://youtu.be/z0MiLwP_n40

Location of the company: Heidelberg, Germany Cooperative register #700048 at the district court of Mannheim Chairman of the Supervisory Board: Axel Berghoff
Directors: Andreas Orzelski, Rainer Thieringer Tax number 32080/02883, VAT Id-No DE249975743










Intel Germany GmbH & Co. KG
Registered Address: Lilienthalstraße 15 D-85579 Neubiberg Germany Tel +49 89 89 89 97-0 www.intel.com
Registered Office: Neubiberg Commercial Register: Amtsgericht München HRA 94167
Limited Partner (Kommanditist): Lantiq Intermediate Holdco S.à r.l
General Partner (Komplementär): Intel Germany Holding GmbH Registered Office: Neubiberg
Commercial Register: Amtsgericht München HRB 180523
Managing Directors (Geschäftsführung): Christin Eisenschmid, Sharon Heck, Tiffany Doon Silva