Date   

Re: OpenChain article in Wikipedia

Stefan Thanheiser
 

Hi all,

 

it seems as the German Wikipedia has a different treatment of the terms of “OpenChain” and “ISO/IEC 5230”.

 

 

The German Wikipedia will forward you to the “ISO/IEC 5230” page when searching for “OpenChain”…

…in the English, French, Spanish and Italiian Wikipedia, it’s just the other way round.

 

So there actually is information on the Wikipedia pages – but under different headlines.

 

Would it be an idea to create two separate articles for “OpenChain” and “ISO/IEC 5230”?

At least it might be good to have a uniform treatment of the search terms in the different language versions…

 

Regards,

Stefan

 

Stefan Thanheiser

 

Atruvia AG
---
Servicefeld Qualität IT-Sicherheit Einkauf,
Tribe Einkauf,
Chapter Software Asset & Lizenzmanagement
---
Telefon +49 721 4004-1860
Mobil +49 170 3304133
E-Mail stefan.thanheiser@...

 


Atruvia AG | www.atruvia.de

AG Frankfurt a. M. HRB 102381 | Sitz der Gesellschaft: Frankfurt a. M. | USt-IdNr. DE 143582320
Vorstand: Martin Beyer (Vorstandssprecher), Ulrich Coenen (Vorstandssprecher),
Daniela Bücker, Birgit Frohnhoff, Jörg Staff, Ralf Teufel
Vorsitzender des Aufsichtsrats: Jürgen Brinkmann

Von: main@... <main@...> Im Auftrag von Vargenau, Marc-Etienne (Nokia - FR/Paris-Saclay)
Gesendet: Dienstag, 22. November 2022 16:16
An: main@...
Cc: Marc-Etienne Vargenau (Nokia) <marc-etienne.vargenau@...>
Betreff: [openchain] OpenChain article in Wikipedia

 

Hi,

 

There is an article about OpenChain in the German Wikipedia:

https://de.wikipedia.org/wiki/ISO/IEC_5230

but in no other language.

 

I consider it would be good to have an article at least in English.

 

What do you think?

 

Best regards,

 

Marc-Etienne

 

--
Marc-Etienne Vargenau marc-etienne.vargenau@...
Nokia, Route de Villejust, 91620 NOZAY, FRANCE
Mobile: +33 6 24 49 78 68

Senior Specialist Open Source
Planned absence: none

 


Re: OpenChain article in Wikipedia

Jan Thielscher
 

Hi Marc,

 

please find attached a translated version of the article. I do not know how to publish it on Wikipedia and whether it should be available in English on the German site or English, American or Irish  site… But feel free to use.

 

Br

Jan

 

 

Von: <main@...> im Auftrag von "Vargenau, Marc-Etienne (Nokia - FR/Paris-Saclay) via lists.openchainproject.org" <marc-etienne.vargenau=nokia.com@...>
Antworten an: "main@..." <main@...>
Datum: Dienstag, 22. November 2022 um 16:16
An: "main@..." <main@...>
Cc: "Marc-Etienne Vargenau (Nokia)" <marc-etienne.vargenau@...>
Betreff: [openchain] OpenChain article in Wikipedia

 

Hi,

 

There is an article about OpenChain in the German Wikipedia:

https://de.wikipedia.org/wiki/ISO/IEC_5230

but in no other language.

 

I consider it would be good to have an article at least in English.

 

What do you think?

 

Best regards,

 

Marc-Etienne

 

--
Marc-Etienne Vargenau marc-etienne.vargenau@...
Nokia, Route de Villejust, 91620 NOZAY, FRANCE
Mobile: +33 6 24 49 78 68

Senior Specialist Open Source
Planned absence: none

 


OpenChain article in Wikipedia

Vargenau, Marc-Etienne (Nokia - FR/Paris-Saclay)
 

Hi,

 

There is an article about OpenChain in the German Wikipedia:

https://de.wikipedia.org/wiki/ISO/IEC_5230

but in no other language.

 

I consider it would be good to have an article at least in English.

 

What do you think?

 

Best regards,

 

Marc-Etienne

 

--
Marc-Etienne Vargenau marc-etienne.vargenau@...
Nokia, Route de Villejust, 91620 NOZAY, FRANCE
Mobile: +33 6 24 49 78 68

Senior Specialist Open Source
Planned absence: none

 


Re: REMINDER: OpenChain Export Control Work Group - First Meeting Today (2022-11-22) at 15:00 UTC

 

Reminder: we start in 30 minutes.

On Nov 22, 2022, at 11:32, Shane Coughlan <scoughlan@...> wrote:

The OpenChain Export Control Work Group will hold its first meeting on the 22nd of November at 15:00 UTC (16:00 CET).

This meeting will have the following agenda:

(1) Introductions
(2) Overview of why export control matters from the perspective of open source and compliance
(3) Open discussion about how our community can contribute to the field

Zoom meeting:
https://zoom.us/j/93456802267

Meeting ID: 93456802267

<OpenChain Export Control Work Group - First Meeting.ics>


Re: OpenChain Specification Chair Election Period Now Open

 

There are just under three hours remaining before 17:00 UTC, the close of the voting period.

We have received 11 votes in total and the provisional results are:

Licensing:

Helio Chissini de Castro has 7 votes
Steve Kilbane has 4 votes

Security:

Chris Wood has 8 votes
Jacob Wilson has 3 votes

Reminder:

You can vote by:
(a) signing up to our Specification mailing list (because this mailing list is our single source of truth for specification work) and
(b) sending an email to operations@... with the subject “Specification Chair Elections” and the following content:

My name is NAME and my votes are as follows:
NAME for licensing
NAME for security
Regards
YOUR NAME

On Nov 21, 2022, at 9:08, Shane Coughlan <scoughlan@...> wrote:

A reminder: a chair election for the specification work team ends tomorrow. You have *one* day left to vote.

Here are our current nominees:
• Steve Kilbane, Analog Devices
• Helio Chissini de Castro, CARIAD
• Jacob Wilson, Gemini
• Chris Wood, Lockheed Martin
Everyone is invited to vote for their preferred chairs. Here is how:
• You have two votes.
• One is licensing focused (Steve or Helio) and one is security focused (Jacob or Chris).
• You can vote by (a) signing up to our Specification mailing list (because this mailing list is our single source of truth for specification work) and (b) sending an email to operations@... with the subject “Specification Chair Elections” and the following content:
My name is NAME and my votes are as follows:
NAME for licensing
NAME for security
Regards
YOUR NAME

On Nov 16, 2022, at 9:59, Shane Coughlan via lists.openchainproject.org <scoughlan=linuxfoundation.org@...> wrote:

OpenChain Specification Chair Election Period Now Open

The OpenChain Project is running an election for co-chairs of the Specification Work Group. The election period is from today (2022-11-16) until 2022-11-22 Close of Business UTC.
Here are our current nominees:
• Steve Kilbane, Analog Devices
• Helio Chissini de Castro, CARIAD
• Jacob Wilson, Gemini
• Chris Wood, Lockheed Martin
Everyone is invited to vote for their preferred chairs. Here is how:
• You have two votes.
• One is licensing focused (Steve or Helio) and one is security focused (Jacob or Chris).
• You can vote by (a) signing up to our Specification mailing list (because this mailing list is our single source of truth for specification work) and (b) sending an email to operations@... with the subject “Specification Chair Elections” and the following content:
My name is NAME and my votes are as follows:
NAME for licensing
NAME for security
Regards
YOUR NAME
Some notes:
• The email address ending your vote must be subscribed to the specification mailing list.
• Any vote not provided in this format will be invalid.
• You can vote for yourself.
• You can only submit your votes once.
More Details
How we are running this election is split into two lengthy descriptions below. We are striving to do two things:
• Create an open election process
• Address the potential we have to have multiple domain experts sharing work
Because this is our first major election for Specification Chair, the process may have some rough edges. If there are any critical issues, we will address them.
How We Are Running The Elections
The OpenChain Governing Board is formally considering who should be appointed by the board for the position(s) of OpenChain Specification Chairperson, and invites the broader OpenChain community to provide their perspective.
In this process, the broader OpenChain community will have nominees proposed and voted on to provide a recommendation. That recommendation will be passed to the OpenChain Governing Board for review, approval and ratification at their next meeting.
The specific process on behalf of the community is to undertake a voting process after a period of nomination. The community will vote in the following manner:
Votes for chairpeople will be sent by email to operations@...(received by the OpenChain General Manager and Project Manager).
Each member of our specification@ can cast *one* vote. All members of main@ are entitled to join specification@. The requirement to join the specification list is to maintain that list as the “single source of truth” for our specification-editing and other core specification work.
The votes will be tallied by the General Manager and prepared for the OpenChain Governing Board to review.
The tally will be reported to the OpenChain governing board. Their feedback and final decision will be provided to the community-at-large after their next formal governing board meeting.
For the 2022 OpenChain Specification Work Group elections the following notes are provided:
(1) we are operationally splitting the specification work group into two work groups: licensing and security, reflecting our two specifications in-market.
(2) for *this* specific election, we will split the election into two threads: one license biased (two nominees) and one security biased (two nominees). The result will be two chairs to fill the co-chair positions after approval by the OpenChain Governing Board.
(3) this means everyone on specification@ should vote for:
(i) their preferred choice for license work group chair;
(I) their preferred choice for security work group chair.
(4) these votes may be cast between the 16th and 22nd of November 2022.
(5) the OpenChain Governing Board will receive the tally of votes expressing community feedback, and will review it formally at their next meeting on the 8th of December 2022.
(6) it is expected that at this juncture the community will receive a response from the OpenChain Governing Board regarding their decision(s) around specification chairperson(s) circa 9th December 2022, and our new specification chairs will begin their term of office prior to 2023.
This process may be adjusted at any time by the governing board, and feedback to improve the process is always welcome, with the optic of ensuring that we continually refine the process as time progresses.
For This Specific Election
For the nomination period, we happen to have two people well versed in license compliance (Steve and Helio) and two people with a security background (Jacob and Chris). This suggest that our co-chair election – for *this* specific election, should break into two threads: one license biased (two nominees) and one security biased (two nominees). The result will be two chairs to fill the co-chair positions after approval by the OpenChain Governing Board.
However, for clarity, the intent is not to split the development of our licensing and security specifications into two different paths. The intent is that both chairs will work on both specifications by helping to collect community feedback and so on, with this feedback being provided to the Steering Committee for formal review and ratification if and when we decide to produce new versions of our standards.


REMINDER: OpenChain Export Control Work Group - First Meeting Today (2022-11-22) at 15:00 UTC

 

The OpenChain Export Control Work Group will hold its first meeting on the 22nd of November at 15:00 UTC (16:00 CET).

This meeting will have the following agenda:

(1) Introductions
(2) Overview of why export control matters from the perspective of open source and compliance
(3) Open discussion about how our community can contribute to the field

Zoom meeting:
https://zoom.us/j/93456802267

Meeting ID: 93456802267


Re: Topic for discussion: how do we link different Bill of Materials?

Alexios Zavras
 

For anyone who can attend FOSDEM in Brussels on 5 February 2023, we have a track (“devroom”) on Software Bills of Materials, where a number of SBOM-related topics will be discussed.

 

The Call for Participation is currently open, till 28 November:

https://gist.github.com/zvr/c852b4a560ac2c67885c473034cd4a93

 

Hope to see you there!

 

-- zvr

 

From: main@... <main@...> On Behalf Of Norio Kobota
Sent: Saturday, 19 November, 2022 01:13
To: main@...
Subject: Re: [openchain] Topic for discussion: how do we link different Bill of Materials?

 

Hi Jacob, Shane and all,

 

Thank you for sharing my thought and your interesting response.

Now some of the OpenChain Japan Sub workgroup member started

discussing about SBOM deeply from the perspective how to use SBOM

effectively in the complex supply chains and what is the problem to use it.

We are still in the early stages of discussions, but we will be sharing our

discussions and materials publicly in the future, so could you give us some advice?

And it might be difficult to participate because the language barriers and

time zones, but if you know similar discussion opportunities elsewhere,

please let me know.

I would like to participate as much as possible.

 

Thanks,

-- kobota

 

From: main@... <main@...> On Behalf Of Jacob Wilson
Sent: Wednesday, November 16, 2022 1:10 AM
To: main@...
Subject: Re: [openchain] Topic for discussion: how do we link different Bill of Materials?

 

This is a great point, and one which I believe has been evolving over time. SAST, DAST, IAST, and RASP outputs similarly all show code analysis at different stages of the software build and distribution process. I would say for storage a Software Artifact Repository is the industry standard for code scanning and will most likely continue for SBOM results, but the combination of results will vary based on organizational policies, procedures, regulators, and other market factors. 

 

If I put my computer forensics hat on, traceability and non-tampered evidence collection are paramount. Having the same piece of information at multiple stages of the software build and distribution process is informative in itself. Combination of the results may harm the overall goal. From a pragmatic perspective this is a significant data storage and analysis challenge.

 

Tying things together, I believe the SBOM consideration material you have made is great and brings light to an important issue. I also believe it fits together remarkably well with the 'SCA tooling evaluation metrics' project mentioned in yesterday's monthly call. Perhaps these stakeholders can work together?

 

On Tue, Nov 15, 2022 at 6:47 AM Shane Coughlan <scoughlan@...> wrote:

Kobota San has raised an interesting topic for discussion. Attached see slides with an overview.

Summary: there are various different types of SBOM involved in preparing various types of product. For example, Build SBOM, Binary SBOM, Source SBOM.

What is the best way to combine these for final records?

Thoughts and suggestions?





Intel Deutschland GmbH
Registered Address: Am Campeon 10, 85579 Neubiberg, Germany
Tel: +49 89 99 8853-0, www.intel.de
Managing Directors: Christin Eisenschmid, Sharon Heck, Tiffany Doon Silva  
Chairperson of the Supervisory Board: Nicole Lau
Registered Office: Munich
Commercial Register: Amtsgericht Muenchen HRB 186928


Re: OpenChain Specification Chair Election Period Now Open

 

A reminder: a chair election for the specification work team ends tomorrow. You have *one* day left to vote.

Here are our current nominees:

Everyone is invited to vote for their preferred chairs. Here is how:

  1. You have two votes.
  2. One is licensing focused (Steve or Helio) and one is security focused (Jacob or Chris).
  3. You can vote by (a) signing up to our Specification mailing list (because this mailing list is our single source of truth for specification work) and (b) sending an email to operations@... with the subject “Specification Chair Elections” and the following content:

My name is NAME and my votes are as follows:
NAME for licensing
NAME for security
Regards
YOUR NAME


On Nov 16, 2022, at 9:59, Shane Coughlan via lists.openchainproject.org <scoughlan=linuxfoundation.org@...> wrote:

OpenChain Specification Chair Election Period Now Open

The OpenChain Project is running an election for co-chairs of the Specification Work Group. The election period is from today (2022-11-16) until 2022-11-22 Close of Business UTC.
Here are our current nominees:
• Steve Kilbane, Analog Devices
• Helio Chissini de Castro, CARIAD 
• Jacob Wilson, Gemini
• Chris Wood, Lockheed Martin
Everyone is invited to vote for their preferred chairs. Here is how:
• You have two votes.
• One is licensing focused (Steve or Helio) and one is security focused (Jacob or Chris).
• You can vote by (a) signing up to our Specification mailing list (because this mailing list is our single source of truth for specification work) and (b) sending an email to operations@... with the subject “Specification Chair Elections” and the following content:
My name is NAME and my votes are as follows:
NAME for licensing
NAME for security
Regards
YOUR NAME
Some notes:
• The email address ending your vote must be subscribed to the specification mailing list.
• Any vote not provided in this format will be invalid.
• You can vote for yourself.
• You can only submit your votes once.
More Details
How we are running this election is split into two lengthy descriptions below. We are striving to do two things:
• Create an open election process
• Address the potential we have to have multiple domain experts sharing work
Because this is our first major election for Specification Chair, the process may have some rough edges. If there are any critical issues, we will address them.
How We Are Running The Elections
The OpenChain Governing Board is formally considering who should be appointed by the board for the position(s) of OpenChain Specification Chairperson, and invites the broader OpenChain community to provide their perspective.
In this process, the broader OpenChain community will have nominees proposed and voted on to provide a recommendation. That recommendation will be passed to the OpenChain Governing Board for review, approval and ratification at their next meeting.
The specific process on behalf of the community is to undertake a voting process after a period of nomination. The community will vote in the following manner:
Votes for chairpeople will be sent by email to operations@...(received by the OpenChain General Manager and Project Manager).
Each member of our specification@ can cast *one* vote. All members of main@ are entitled to join specification@. The requirement to join the specification list is to maintain that list as the “single source of truth” for our specification-editing and other core specification work.
The votes will be tallied by the General Manager and prepared for the OpenChain Governing Board to review.
The tally will be reported to the OpenChain governing board. Their feedback and final decision will be provided to the community-at-large after their next formal governing board meeting.
For the 2022 OpenChain Specification Work Group elections the following notes are provided:
(1) we are operationally splitting the specification work group into two work groups: licensing and security, reflecting our two specifications in-market.
(2) for *this* specific election, we will split the election into two threads: one license biased (two nominees) and one security biased (two nominees). The result will be two chairs to fill the co-chair positions after approval by the OpenChain Governing Board.
(3) this means everyone on specification@ should vote for:
(i) their preferred choice for license work group chair;
(I) their preferred choice for security work group chair.
(4) these votes may be cast between the 16th and 22nd of November 2022.
(5) the OpenChain Governing Board will receive the tally of votes expressing community feedback, and will review it formally at their next meeting on the 8th of December 2022.
(6) it is expected that at this juncture the community will receive a response from the OpenChain Governing Board regarding their decision(s) around specification chairperson(s) circa 9th December 2022, and our new specification chairs will begin their term of office prior to 2023.
This process may be adjusted at any time by the governing board, and feedback to improve the process is always welcome, with the optic of ensuring that we continually refine the process as time progresses.
For This Specific Election
For the nomination period, we happen to have two people well versed in license compliance (Steve and Helio) and two people with a security background (Jacob and Chris). This suggest that our co-chair election – for *this* specific election, should break into two threads: one license biased (two nominees) and one security biased (two nominees). The result will be two chairs to fill the co-chair positions after approval by the OpenChain Governing Board.
However, for clarity, the intent is not to split the development of our licensing and security specifications into two different paths. The intent is that both chairs will work on both specifications by helping to collect community feedback and so on, with this feedback being provided to the Steering Committee for formal review and ratification if and when we decide to produce new versions of our standards.


Re: Topic for discussion: how do we link different Bill of Materials?

Norio Kobota
 

Hi Jacob, Shane and all,

 

Thank you for sharing my thought and your interesting response.

Now some of the OpenChain Japan Sub workgroup member started

discussing about SBOM deeply from the perspective how to use SBOM

effectively in the complex supply chains and what is the problem to use it.

We are still in the early stages of discussions, but we will be sharing our

discussions and materials publicly in the future, so could you give us some advice?

And it might be difficult to participate because the language barriers and

time zones, but if you know similar discussion opportunities elsewhere,

please let me know.

I would like to participate as much as possible.

 

Thanks,

-- kobota

 

From: main@... <main@...> On Behalf Of Jacob Wilson
Sent: Wednesday, November 16, 2022 1:10 AM
To: main@...
Subject: Re: [openchain] Topic for discussion: how do we link different Bill of Materials?

 

This is a great point, and one which I believe has been evolving over time. SAST, DAST, IAST, and RASP outputs similarly all show code analysis at different stages of the software build and distribution process. I would say for storage a Software Artifact Repository is the industry standard for code scanning and will most likely continue for SBOM results, but the combination of results will vary based on organizational policies, procedures, regulators, and other market factors. 

 

If I put my computer forensics hat on, traceability and non-tampered evidence collection are paramount. Having the same piece of information at multiple stages of the software build and distribution process is informative in itself. Combination of the results may harm the overall goal. From a pragmatic perspective this is a significant data storage and analysis challenge.

 

Tying things together, I believe the SBOM consideration material you have made is great and brings light to an important issue. I also believe it fits together remarkably well with the 'SCA tooling evaluation metrics' project mentioned in yesterday's monthly call. Perhaps these stakeholders can work together?

 

On Tue, Nov 15, 2022 at 6:47 AM Shane Coughlan <scoughlan@...> wrote:

Kobota San has raised an interesting topic for discussion. Attached see slides with an overview.

Summary: there are various different types of SBOM involved in preparing various types of product. For example, Build SBOM, Binary SBOM, Source SBOM.

What is the best way to combine these for final records?

Thoughts and suggestions?







Re: OpenChain Reference Training Slides now in MarkDown (Draft, needs work)

Jacob Wilson
 

Hi Carlo,

First of all excellent work, this is no small task and is a huge benefit to the community. Second you mentioned conversion of the powerpoint graphs to SVG and then displaying in markdown. Have you had a chance to read this github blog post tackling similar issues? I took a pass at what this might look like in pull request 41 specifically for slide 54 from your last screen shot. Luckily the Mermaid dev team was nice enough to include a live editor, here's a link to the source code for this diagram in action. The chart type I picked was a sequence diagram, it could be that flow diagram or even a mind map works better. Hopefully this helps, or at least provides another option.

Jacob Wilson

On Fri, Nov 18, 2022 at 8:02 AM Carlo Piana <carlo@...> wrote:
Too fast.

see attached.

K



----- Messaggio originale -----
> Da: "Carlo Piana" <carlo@...>
> A: "main@..." <main@...>
> Cc: "OpenChain Education" <education@...>
> Inviato: Venerdì, 18 novembre 2022 12:33:43
> Oggetto: Re: [openchain] OpenChain Reference Training Slides now in MarkDown (Draft, needs work)

> Anyway, even in Powerpoint online, the charts have issues.
>
> see here:
>
>
> ----- Messaggio originale -----
>> Da: "Carlo Piana" <carlo@...>
>> A: "main@..." <main@...>
>> Cc: "OpenChain Education" <education@...>
>> Inviato: Venerdì, 18 novembre 2022 12:15:09
>> Oggetto: Re: [openchain] OpenChain Reference Training Slides now in MarkDown
>> (Draft, needs work)
>
>> Hi,
>>
>> I have tried to figure out an easier way to do it and extract the images in a
>> bulk-ish way, but they appear to be Powerpoint internal objects without any
>> coherence. The best way I have figured out without spending too much time,
>> was to export to PDF, open the PDF in Inkscape, remove the text, group the
>> graphic and export what remains as SVG.
>>
>> Now Inkscape can deal with multiple pages, but it would be a much better idea to
>> separate each page, remove the ones without images, put the remaining ones in a
>> place and proceed page by page.
>>
>> It's painful and error prone. Powerpoint is something that is better left with
>> presentations (or even better, alone, sitting in the dark to rotten), not
>> documents.
>>
>> Cheers
>>
>> Carlo
>>
>>
>> ----- Messaggio originale -----
>>> Da: "Shane Coughlan" <scoughlan@...>
>>> A: "OpenChain Main" <main@...>
>>> Cc: "OpenChain Education" <education@...>
>>> Inviato: Mercoledì, 16 novembre 2022 15:02:02
>>> Oggetto: [openchain] OpenChain Reference Training Slides now in MarkDown (Draft,
>>> needs work)
>>
>>> Well, this is big news. Our reference training slides - one of the most used
>>> parts of our reference library - is now in MarkDown. The conversation status is
>>> “draft” and we need to check for rough edges:
>>> https://github.com/OpenChain-Project/Reference-Material/blob/master/Training-Slides/Official/2.1/en/openchain-reference-training-slides-iso5230-version1.md
>>>
>>> Original PowerPoint slides here for compare, contrast and planning:
>>> https://github.com/OpenChain-Project/Reference-Material/blob/master/Training-Slides/Official/2.1/en/openchain-reference-training-slides-for-ISO-5230-en.pptx
>>>
>>> The biggest to-do item is that we need to extract the images from the slides and
>>> add them to the MarkDown. This is probably a relatively big lift… we may want
>>> to recreate some of the images at this juncture.
>>>
>>>
>>
>>
>>






Re: OpenChain Reference Training Slides now in MarkDown (Draft, needs work)

Carlo Piana <carlo@...>
 

Too fast.

see attached.

K



----- Messaggio originale -----

Da: "Carlo Piana" <carlo@...>
A: "main@..." <main@...>
Cc: "OpenChain Education" <education@...>
Inviato: Venerdì, 18 novembre 2022 12:33:43
Oggetto: Re: [openchain] OpenChain Reference Training Slides now in MarkDown (Draft, needs work)
Anyway, even in Powerpoint online, the charts have issues.

see here:


----- Messaggio originale -----
Da: "Carlo Piana" <carlo@...>
A: "main@..." <main@...>
Cc: "OpenChain Education" <education@...>
Inviato: Venerdì, 18 novembre 2022 12:15:09
Oggetto: Re: [openchain] OpenChain Reference Training Slides now in MarkDown
(Draft, needs work)
Hi,

I have tried to figure out an easier way to do it and extract the images in a
bulk-ish way, but they appear to be Powerpoint internal objects without any
coherence. The best way I have figured out without spending too much time,
was to export to PDF, open the PDF in Inkscape, remove the text, group the
graphic and export what remains as SVG.

Now Inkscape can deal with multiple pages, but it would be a much better idea to
separate each page, remove the ones without images, put the remaining ones in a
place and proceed page by page.

It's painful and error prone. Powerpoint is something that is better left with
presentations (or even better, alone, sitting in the dark to rotten), not
documents.

Cheers

Carlo


----- Messaggio originale -----
Da: "Shane Coughlan" <scoughlan@...>
A: "OpenChain Main" <main@...>
Cc: "OpenChain Education" <education@...>
Inviato: Mercoledì, 16 novembre 2022 15:02:02
Oggetto: [openchain] OpenChain Reference Training Slides now in MarkDown (Draft,
needs work)
Well, this is big news. Our reference training slides - one of the most used
parts of our reference library - is now in MarkDown. The conversation status is
“draft” and we need to check for rough edges:
https://github.com/OpenChain-Project/Reference-Material/blob/master/Training-Slides/Official/2.1/en/openchain-reference-training-slides-iso5230-version1.md

Original PowerPoint slides here for compare, contrast and planning:
https://github.com/OpenChain-Project/Reference-Material/blob/master/Training-Slides/Official/2.1/en/openchain-reference-training-slides-for-ISO-5230-en.pptx

The biggest to-do item is that we need to extract the images from the slides and
add them to the MarkDown. This is probably a relatively big lift… we may want
to recreate some of the images at this juncture.



Re: OpenChain Reference Training Slides now in MarkDown (Draft, needs work)

Carlo Piana <carlo@...>
 

Anyway, even in Powerpoint online, the charts have issues.

see here:


----- Messaggio originale -----

Da: "Carlo Piana" <carlo@...>
A: "main@..." <main@...>
Cc: "OpenChain Education" <education@...>
Inviato: Venerdì, 18 novembre 2022 12:15:09
Oggetto: Re: [openchain] OpenChain Reference Training Slides now in MarkDown (Draft, needs work)
Hi,

I have tried to figure out an easier way to do it and extract the images in a
bulk-ish way, but they appear to be Powerpoint internal objects without any
coherence. The best way I have figured out without spending too much time,
was to export to PDF, open the PDF in Inkscape, remove the text, group the
graphic and export what remains as SVG.

Now Inkscape can deal with multiple pages, but it would be a much better idea to
separate each page, remove the ones without images, put the remaining ones in a
place and proceed page by page.

It's painful and error prone. Powerpoint is something that is better left with
presentations (or even better, alone, sitting in the dark to rotten), not
documents.

Cheers

Carlo


----- Messaggio originale -----
Da: "Shane Coughlan" <scoughlan@...>
A: "OpenChain Main" <main@...>
Cc: "OpenChain Education" <education@...>
Inviato: Mercoledì, 16 novembre 2022 15:02:02
Oggetto: [openchain] OpenChain Reference Training Slides now in MarkDown (Draft,
needs work)
Well, this is big news. Our reference training slides - one of the most used
parts of our reference library - is now in MarkDown. The conversation status is
“draft” and we need to check for rough edges:
https://github.com/OpenChain-Project/Reference-Material/blob/master/Training-Slides/Official/2.1/en/openchain-reference-training-slides-iso5230-version1.md

Original PowerPoint slides here for compare, contrast and planning:
https://github.com/OpenChain-Project/Reference-Material/blob/master/Training-Slides/Official/2.1/en/openchain-reference-training-slides-for-ISO-5230-en.pptx

The biggest to-do item is that we need to extract the images from the slides and
add them to the MarkDown. This is probably a relatively big lift… we may want
to recreate some of the images at this juncture.



Re: OpenChain Reference Training Slides now in MarkDown (Draft, needs work)

Carlo Piana <carlo@...>
 

Hi,

I have tried to figure out an easier way to do it and extract the images in a bulk-ish way, but they appear to be Powerpoint internal objects without any coherence. The best way I have figured out without spending too much time, was to export to PDF, open the PDF in Inkscape, remove the text, group the graphic and export what remains as SVG.

Now Inkscape can deal with multiple pages, but it would be a much better idea to separate each page, remove the ones without images, put the remaining ones in a place and proceed page by page.

It's painful and error prone. Powerpoint is something that is better left with presentations (or even better, alone, sitting in the dark to rotten), not documents.

Cheers

Carlo


----- Messaggio originale -----

Da: "Shane Coughlan" <scoughlan@...>
A: "OpenChain Main" <main@...>
Cc: "OpenChain Education" <education@...>
Inviato: Mercoledì, 16 novembre 2022 15:02:02
Oggetto: [openchain] OpenChain Reference Training Slides now in MarkDown (Draft, needs work)
Well, this is big news. Our reference training slides - one of the most used
parts of our reference library - is now in MarkDown. The conversation status is
“draft” and we need to check for rough edges:
https://github.com/OpenChain-Project/Reference-Material/blob/master/Training-Slides/Official/2.1/en/openchain-reference-training-slides-iso5230-version1.md

Original PowerPoint slides here for compare, contrast and planning:
https://github.com/OpenChain-Project/Reference-Material/blob/master/Training-Slides/Official/2.1/en/openchain-reference-training-slides-for-ISO-5230-en.pptx

The biggest to-do item is that we need to extract the images from the slides and
add them to the MarkDown. This is probably a relatively big lift… we may want
to recreate some of the images at this juncture.


Re: OpenChain Specification Chair Election Period Now Open

Mattran, Mary
 

Hi Steve, the address to send the vote email is "Operations@..." and doesn't resolve to a real email address, so that is what I'm missing.  Yes, I'm signed up to the specification mailing list.


Re: OpenChain Specification Chair Election Period Now Open

Mary Hardy
 

Thank you! Signing up now.

 

From: main@... <main@...> On Behalf Of Steve Kilbane via lists.openchainproject.org
Sent: Wednesday, November 16, 2022 7:20 AM
To: main@...
Subject: [EXTERNAL] Re: [openchain] OpenChain Specification Chair Election Period Now Open

 

And just to check: did you sign up to the specification mailing list before sending the email?

 

From: main@... <main@...> on behalf of Steve Kilbane <stephen.kilbane@...>
Date: Wednesday, 16 November 2022 at 15:19
To: main@... <main@...>
Subject: Re: [openchain] OpenChain Specification Chair Election Period Now Open

[External]

 

Hi Mary,

 

See step 3:

> You can vote by (a) signing up to our Specification mailing list (because this mailing list is our single source of truth for specification work) and (b) sending an email to operations@... with the subject “Specification Chair Elections” and the following content:

 

 

From: main@... <main@...> on behalf of Mattran, Mary <mary.mattran@...>
Date: Wednesday, 16 November 2022 at 15:09
To: main@... <main@...>
Subject: Re: [openchain] OpenChain Specification Chair Election Period Now Open

[External]

 

Hi Shane, 

I'm probably being dense, but what email address to send the votes to?  The one I guessed at bounced.

Mary


Re: OpenChain Specification Chair Election Period Now Open

Jacob Wilson
 

Hello OpenChain Members!


I am Jacob Wilson, previously a consultant in software security assurance and offensive security testing... a servant leader and computer hacker of 15 years :) I
ve held a number of roles serving financial services, automotive OEMs, government, and internet service providers.

Most pertinent to this election, I led the effort for Synopsys to become the 3rd OpenChain Global Certifier, and first partner in the service provider, vendor, and certifier categories. I subsequently developed multiple consulting offerings focused on maturing OSPOs in multinational companies. With formal mentors in leadership of our partnering SPDX standard, I assembled the training and professional consulting services to accompany the commercial tooling for open source scanning.

I have now moved client side into the crypto and blockchain space, which allows me to step away from the partnerships and have an unbiased role. I have dedicated my career to supply chain security and am looking forward to fostering a sense of community within OpenChain. Please consider me for the specification working group security candidate, and see my github, linkedin, https://twitter.com/jacobdjwilson/twitter, and personal website for more details and to stay in touch.

Jacob Wilson


On Wed, Nov 16, 2022 at 4:04 AM Shane Coughlan <scoughlan@...> wrote:
Steve, Helio, Jacob and Chris, I would like to invite you to share a brief bio of yourself in this thread to help our potential votes to understand who you are. Given our wide community, not everyone makes our calls, and may not know you from your active contributions there and on GitHub, etc.

> On Nov 16, 2022, at 9:59, Shane Coughlan via lists.openchainproject.org <scoughlan=linuxfoundation.org@...> wrote:
>
> OpenChain Specification Chair Election Period Now Open
>
> The OpenChain Project is running an election for co-chairs of the Specification Work Group. The election period is from today (2022-11-16) until 2022-11-22 Close of Business UTC.
> Here are our current nominees:
>     • Steve Kilbane, Analog Devices
>     • Helio Chissini de Castro, CARIAD
>     • Jacob Wilson, Gemini
>     • Chris Wood, Lockheed Martin
> Everyone is invited to vote for their preferred chairs. Here is how:
>     • You have two votes.
>     • One is licensing focused (Steve or Helio) and one is security focused (Jacob or Chris).
>     • You can vote by (a) signing up to our Specification mailing list (because this mailing list is our single source of truth for specification work) and (b) sending an email to operations@... with the subject “Specification Chair Elections” and the following content:
> My name is NAME and my votes are as follows:
> NAME for licensing
> NAME for security
> Regards
> YOUR NAME
> Some notes:
>     • The email address ending your vote must be subscribed to the specification mailing list.
>     • Any vote not provided in this format will be invalid.
>     • You can vote for yourself.
>     • You can only submit your votes once.
> More Details
> How we are running this election is split into two lengthy descriptions below. We are striving to do two things:
>     • Create an open election process
>     • Address the potential we have to have multiple domain experts sharing work
> Because this is our first major election for Specification Chair, the process may have some rough edges. If there are any critical issues, we will address them.
> How We Are Running The Elections
> The OpenChain Governing Board is formally considering who should be appointed by the board for the position(s) of OpenChain Specification Chairperson, and invites the broader OpenChain community to provide their perspective.
> In this process, the broader OpenChain community will have nominees proposed and voted on to provide a recommendation. That recommendation will be passed to the OpenChain Governing Board for review, approval and ratification at their next meeting.
> The specific process on behalf of the community is to undertake a voting process after a period of nomination. The community will vote in the following manner:
> Votes for chairpeople will be sent by email to operations@...(received by the OpenChain General Manager and Project Manager).
> Each member of our specification@ can cast *one* vote. All members of main@ are entitled to join specification@. The requirement to join the specification list is to maintain that list as the “single source of truth” for our specification-editing and other core specification work.
> The votes will be tallied by the General Manager and prepared for the OpenChain Governing Board to review.
> The tally will be reported to the OpenChain governing board. Their feedback and final decision will be provided to the community-at-large after their next formal governing board meeting.
> For the 2022 OpenChain Specification Work Group elections the following notes are provided:
> (1) we are operationally splitting the specification work group into two work groups: licensing and security, reflecting our two specifications in-market.
> (2) for *this* specific election, we will split the election into two threads: one license biased (two nominees) and one security biased (two nominees). The result will be two chairs to fill the co-chair positions after approval by the OpenChain Governing Board.
> (3) this means everyone on specification@ should vote for:
> (i) their preferred choice for license work group chair;
> (I) their preferred choice for security work group chair.
> (4) these votes may be cast between the 16th and 22nd of November 2022.
> (5) the OpenChain Governing Board will receive the tally of votes expressing community feedback, and will review it formally at their next meeting on the 8th of December 2022.
> (6) it is expected that at this juncture the community will receive a response from the OpenChain Governing Board regarding their decision(s) around specification chairperson(s) circa 9th December 2022, and our new specification chairs will begin their term of office prior to 2023.
> This process may be adjusted at any time by the governing board, and feedback to improve the process is always welcome, with the optic of ensuring that we continually refine the process as time progresses.
> For This Specific Election
> For the nomination period, we happen to have two people well versed in license compliance (Steve and Helio) and two people with a security background (Jacob and Chris). This suggest that our co-chair election – for *this* specific election, should break into two threads: one license biased (two nominees) and one security biased (two nominees). The result will be two chairs to fill the co-chair positions after approval by the OpenChain Governing Board.
> However, for clarity, the intent is not to split the development of our licensing and security specifications into two different paths. The intent is that both chairs will work on both specifications by helping to collect community feedback and so on, with this feedback being provided to the Steering Committee for formal review and ratification if and when we decide to produce new versions of our standards.


Re: OpenChain Specification Chair Election Period Now Open

Steve Kilbane
 

And just to check: did you sign up to the specification mailing list before sending the email?

 

From: main@... <main@...> on behalf of Steve Kilbane <stephen.kilbane@...>
Date: Wednesday, 16 November 2022 at 15:19
To: main@... <main@...>
Subject: Re: [openchain] OpenChain Specification Chair Election Period Now Open

[External]

 

Hi Mary,

 

See step 3:

> You can vote by (a) signing up to our Specification mailing list (because this mailing list is our single source of truth for specification work) and (b) sending an email to operations@... with the subject “Specification Chair Elections” and the following content:

 

 

From: main@... <main@...> on behalf of Mattran, Mary <mary.mattran@...>
Date: Wednesday, 16 November 2022 at 15:09
To: main@... <main@...>
Subject: Re: [openchain] OpenChain Specification Chair Election Period Now Open

[External]

 

Hi Shane, 

I'm probably being dense, but what email address to send the votes to?  The one I guessed at bounced.

Mary


Re: OpenChain Specification Chair Election Period Now Open

Steve Kilbane
 

Hi Mary,

 

See step 3:

> You can vote by (a) signing up to our Specification mailing list (because this mailing list is our single source of truth for specification work) and (b) sending an email to operations@... with the subject “Specification Chair Elections” and the following content:

 

 

From: main@... <main@...> on behalf of Mattran, Mary <mary.mattran@...>
Date: Wednesday, 16 November 2022 at 15:09
To: main@... <main@...>
Subject: Re: [openchain] OpenChain Specification Chair Election Period Now Open

[External]

 

Hi Shane, 

I'm probably being dense, but what email address to send the votes to?  The one I guessed at bounced.

Mary


Re: OpenChain Specification Chair Election Period Now Open

Mattran, Mary
 

Hi Shane, 

I'm probably being dense, but what email address to send the votes to?  The one I guessed at bounced.

Mary


OpenChain Reference Training Slides now in MarkDown (Draft, needs work)

 

Well, this is big news. Our reference training slides - one of the most used parts of our reference library - is now in MarkDown. The conversation status is “draft” and we need to check for rough edges:
https://github.com/OpenChain-Project/Reference-Material/blob/master/Training-Slides/Official/2.1/en/openchain-reference-training-slides-iso5230-version1.md

Original PowerPoint slides here for compare, contrast and planning:
https://github.com/OpenChain-Project/Reference-Material/blob/master/Training-Slides/Official/2.1/en/openchain-reference-training-slides-for-ISO-5230-en.pptx

The biggest to-do item is that we need to extract the images from the slides and add them to the MarkDown. This is probably a relatively big lift… we may want to recreate some of the images at this juncture.