Re: OpenChain article in Wikipedia
Hi all,
it seems as the German Wikipedia has a different treatment of the terms of “OpenChain” and “ISO/IEC 5230”.

The German Wikipedia will forward you to the “ISO/IEC 5230” page when searching for “OpenChain”…
…in the English, French, Spanish and Italiian Wikipedia, it’s just the other way round.
So there actually is information on the Wikipedia pages – but under different headlines.
Would it be an idea to create two separate articles for “OpenChain” and “ISO/IEC 5230”?
At least it might be good to have a uniform treatment of the search terms in the different language versions…
Regards,
Stefan
Stefan Thanheiser
Atruvia AG
---
Servicefeld Qualität IT-Sicherheit Einkauf,
Tribe Einkauf,
Chapter Software Asset & Lizenzmanagement
---
Telefon +49 721 4004-1860
Mobil +49 170 3304133
E-Mail stefan.thanheiser@...
Atruvia AG | www.atruvia.de AG Frankfurt a. M. HRB 102381 | Sitz der Gesellschaft: Frankfurt a. M. | USt-IdNr. DE 143582320 Vorstand: Martin Beyer (Vorstandssprecher), Ulrich Coenen (Vorstandssprecher), Daniela Bücker, Birgit Frohnhoff, Jörg Staff, Ralf Teufel Vorsitzender des Aufsichtsrats: Jürgen Brinkmann
Von: main@... <main@...>
Im Auftrag von Vargenau, Marc-Etienne (Nokia - FR/Paris-Saclay)
Gesendet: Dienstag, 22. November 2022 16:16
An: main@...
Cc: Marc-Etienne Vargenau (Nokia) <marc-etienne.vargenau@...>
Betreff: [openchain] OpenChain article in Wikipedia
Hi,
There is an article about OpenChain in the German Wikipedia:
https://de.wikipedia.org/wiki/ISO/IEC_5230
but in no other language.
I consider it would be good to have an article at least in English.
What do you think?
Best regards,
Marc-Etienne
--
Marc-Etienne Vargenau marc-etienne.vargenau@...
Nokia, Route de Villejust, 91620 NOZAY, FRANCE
Mobile: +33 6 24 49 78 68
Senior Specialist Open Source
Planned absence: none
|
|
Re: OpenChain article in Wikipedia
Hi Marc, please find attached a translated version of the article. I do not know how to publish it on Wikipedia and whether it should be available in English on the German site or English, American or Irish site… But feel free to use. Br Jan Von: <main@...> im Auftrag von "Vargenau, Marc-Etienne (Nokia - FR/Paris-Saclay) via lists.openchainproject.org" <marc-etienne.vargenau=nokia.com@...> Antworten an: "main@..." <main@...> Datum: Dienstag, 22. November 2022 um 16:16 An: "main@..." <main@...> Cc: "Marc-Etienne Vargenau (Nokia)" <marc-etienne.vargenau@...> Betreff: [openchain] OpenChain article in Wikipedia Hi, There is an article about OpenChain in the German Wikipedia: https://de.wikipedia.org/wiki/ISO/IEC_5230 but in no other language. I consider it would be good to have an article at least in English. What do you think? Best regards, Marc-Etienne -- Marc-Etienne Vargenau marc-etienne.vargenau@... Nokia, Route de Villejust, 91620 NOZAY, FRANCE Mobile: +33 6 24 49 78 68 Senior Specialist Open Source Planned absence: none
|
|
OpenChain article in Wikipedia

Vargenau, Marc-Etienne (Nokia - FR/Paris-Saclay)
Hi,
There is an article about OpenChain in the German Wikipedia:
https://de.wikipedia.org/wiki/ISO/IEC_5230
but in no other language.
I consider it would be good to have an article at least in English.
What do you think?
Best regards,
Marc-Etienne
--
Marc-Etienne Vargenau marc-etienne.vargenau@...
Nokia, Route de Villejust, 91620 NOZAY, FRANCE
Mobile: +33 6 24 49 78 68
Senior Specialist Open Source
Planned absence: none
|
|
Re: REMINDER: OpenChain Export Control Work Group - First Meeting Today (2022-11-22) at 15:00 UTC
Reminder: we start in 30 minutes.
toggle quoted messageShow quoted text
On Nov 22, 2022, at 11:32, Shane Coughlan <scoughlan@...> wrote:
The OpenChain Export Control Work Group will hold its first meeting on the 22nd of November at 15:00 UTC (16:00 CET).
This meeting will have the following agenda:
(1) Introductions (2) Overview of why export control matters from the perspective of open source and compliance (3) Open discussion about how our community can contribute to the field
Zoom meeting: https://zoom.us/j/93456802267
Meeting ID: 93456802267
<OpenChain Export Control Work Group - First Meeting.ics>
|
|
Re: OpenChain Specification Chair Election Period Now Open
There are just under three hours remaining before 17:00 UTC, the close of the voting period.
We have received 11 votes in total and the provisional results are:
Licensing:
Helio Chissini de Castro has 7 votes Steve Kilbane has 4 votes
Security:
Chris Wood has 8 votes Jacob Wilson has 3 votes
Reminder:
You can vote by: (a) signing up to our Specification mailing list (because this mailing list is our single source of truth for specification work) and (b) sending an email to operations@... with the subject “Specification Chair Elections” and the following content:
My name is NAME and my votes are as follows: NAME for licensing NAME for security Regards YOUR NAME
toggle quoted messageShow quoted text
On Nov 21, 2022, at 9:08, Shane Coughlan <scoughlan@...> wrote:
A reminder: a chair election for the specification work team ends tomorrow. You have *one* day left to vote.
Here are our current nominees: • Steve Kilbane, Analog Devices • Helio Chissini de Castro, CARIAD • Jacob Wilson, Gemini • Chris Wood, Lockheed Martin Everyone is invited to vote for their preferred chairs. Here is how: • You have two votes. • One is licensing focused (Steve or Helio) and one is security focused (Jacob or Chris). • You can vote by (a) signing up to our Specification mailing list (because this mailing list is our single source of truth for specification work) and (b) sending an email to operations@... with the subject “Specification Chair Elections” and the following content: My name is NAME and my votes are as follows: NAME for licensing NAME for security Regards YOUR NAME
On Nov 16, 2022, at 9:59, Shane Coughlan via lists.openchainproject.org <scoughlan=linuxfoundation.org@...> wrote:
OpenChain Specification Chair Election Period Now Open
The OpenChain Project is running an election for co-chairs of the Specification Work Group. The election period is from today (2022-11-16) until 2022-11-22 Close of Business UTC. Here are our current nominees: • Steve Kilbane, Analog Devices • Helio Chissini de Castro, CARIAD • Jacob Wilson, Gemini • Chris Wood, Lockheed Martin Everyone is invited to vote for their preferred chairs. Here is how: • You have two votes. • One is licensing focused (Steve or Helio) and one is security focused (Jacob or Chris). • You can vote by (a) signing up to our Specification mailing list (because this mailing list is our single source of truth for specification work) and (b) sending an email to operations@... with the subject “Specification Chair Elections” and the following content: My name is NAME and my votes are as follows: NAME for licensing NAME for security Regards YOUR NAME Some notes: • The email address ending your vote must be subscribed to the specification mailing list. • Any vote not provided in this format will be invalid. • You can vote for yourself. • You can only submit your votes once. More Details How we are running this election is split into two lengthy descriptions below. We are striving to do two things: • Create an open election process • Address the potential we have to have multiple domain experts sharing work Because this is our first major election for Specification Chair, the process may have some rough edges. If there are any critical issues, we will address them. How We Are Running The Elections The OpenChain Governing Board is formally considering who should be appointed by the board for the position(s) of OpenChain Specification Chairperson, and invites the broader OpenChain community to provide their perspective. In this process, the broader OpenChain community will have nominees proposed and voted on to provide a recommendation. That recommendation will be passed to the OpenChain Governing Board for review, approval and ratification at their next meeting. The specific process on behalf of the community is to undertake a voting process after a period of nomination. The community will vote in the following manner: Votes for chairpeople will be sent by email to operations@...(received by the OpenChain General Manager and Project Manager). Each member of our specification@ can cast *one* vote. All members of main@ are entitled to join specification@. The requirement to join the specification list is to maintain that list as the “single source of truth” for our specification-editing and other core specification work. The votes will be tallied by the General Manager and prepared for the OpenChain Governing Board to review. The tally will be reported to the OpenChain governing board. Their feedback and final decision will be provided to the community-at-large after their next formal governing board meeting. For the 2022 OpenChain Specification Work Group elections the following notes are provided: (1) we are operationally splitting the specification work group into two work groups: licensing and security, reflecting our two specifications in-market. (2) for *this* specific election, we will split the election into two threads: one license biased (two nominees) and one security biased (two nominees). The result will be two chairs to fill the co-chair positions after approval by the OpenChain Governing Board. (3) this means everyone on specification@ should vote for: (i) their preferred choice for license work group chair; (I) their preferred choice for security work group chair. (4) these votes may be cast between the 16th and 22nd of November 2022. (5) the OpenChain Governing Board will receive the tally of votes expressing community feedback, and will review it formally at their next meeting on the 8th of December 2022. (6) it is expected that at this juncture the community will receive a response from the OpenChain Governing Board regarding their decision(s) around specification chairperson(s) circa 9th December 2022, and our new specification chairs will begin their term of office prior to 2023. This process may be adjusted at any time by the governing board, and feedback to improve the process is always welcome, with the optic of ensuring that we continually refine the process as time progresses. For This Specific Election For the nomination period, we happen to have two people well versed in license compliance (Steve and Helio) and two people with a security background (Jacob and Chris). This suggest that our co-chair election – for *this* specific election, should break into two threads: one license biased (two nominees) and one security biased (two nominees). The result will be two chairs to fill the co-chair positions after approval by the OpenChain Governing Board. However, for clarity, the intent is not to split the development of our licensing and security specifications into two different paths. The intent is that both chairs will work on both specifications by helping to collect community feedback and so on, with this feedback being provided to the Steering Committee for formal review and ratification if and when we decide to produce new versions of our standards.
|
|
REMINDER: OpenChain Export Control Work Group - First Meeting Today (2022-11-22) at 15:00 UTC
The OpenChain Export Control Work Group will hold its first meeting on the 22nd of November at 15:00 UTC (16:00 CET). This meeting will have the following agenda: (1) Introductions (2) Overview of why export control matters from the perspective of open source and compliance (3) Open discussion about how our community can contribute to the field Zoom meeting: https://zoom.us/j/93456802267 Meeting ID: 93456802267
|
|
Re: Topic for discussion: how do we link different Bill of Materials?
For anyone who can attend FOSDEM in Brussels on 5 February 2023, we have a track (“devroom”) on Software Bills of Materials, where a number of SBOM-related topics will be discussed.
The Call for Participation is currently open, till 28 November:
https://gist.github.com/zvr/c852b4a560ac2c67885c473034cd4a93
Hope to see you there!
From: main@... <main@...>
On Behalf Of Norio Kobota
Sent: Saturday, 19 November, 2022 01:13
To: main@...
Subject: Re: [openchain] Topic for discussion: how do we link different Bill of Materials?
Hi Jacob, Shane and all,
Thank you for sharing my thought and your interesting response.
Now some of the OpenChain Japan Sub workgroup member started
discussing about SBOM deeply from the perspective how to use SBOM
effectively in the complex supply chains and what is the problem to use it.
We are still in the early stages of discussions, but we will be sharing our
discussions and materials publicly in the future, so could you give us some advice?
And it might be difficult to participate because the language barriers and
time zones, but if you know similar discussion opportunities elsewhere,
please let me know.
I would like to participate as much as possible.
Thanks,
-- kobota
From:
main@... <main@...>
On Behalf Of Jacob Wilson
Sent: Wednesday, November 16, 2022 1:10 AM
To: main@...
Subject: Re: [openchain] Topic for discussion: how do we link different Bill of Materials?
This is a great point, and one which I believe has been evolving over time. SAST, DAST, IAST, and RASP outputs similarly all show code analysis at different stages of the
software build and distribution process. I would say for storage a Software Artifact Repository is the industry standard for code scanning and will most likely continue for SBOM results, but the combination of results will vary based on organizational policies,
procedures, regulators, and other market factors.
If I put my computer forensics hat on, traceability and non-tampered evidence collection are paramount. Having the same piece of information at multiple stages of the software
build and distribution process is informative in itself. Combination of the results may harm the overall goal. From a pragmatic perspective this is a significant data storage and analysis challenge.
Tying things together, I believe the SBOM consideration material you have made is great and brings light to an important issue. I also believe it fits together remarkably
well with the 'SCA tooling evaluation metrics' project mentioned in yesterday's monthly call. Perhaps these stakeholders can work together?
toggle quoted messageShow quoted text
On Tue, Nov 15, 2022 at 6:47 AM Shane Coughlan <scoughlan@...> wrote:
Kobota San has raised an interesting topic for discussion. Attached see slides with an overview.
Summary: there are various different types of SBOM involved in preparing various types of product. For example, Build SBOM, Binary SBOM, Source SBOM.
What is the best way to combine these for final records?
Thoughts and suggestions?
Intel Deutschland GmbH Registered Address: Am Campeon 10, 85579 Neubiberg, Germany Tel: +49 89 99 8853-0, www.intel.de Managing Directors: Christin Eisenschmid, Sharon Heck, Tiffany Doon
Silva Chairperson of the Supervisory Board: Nicole Lau Registered Office: Munich Commercial Register: Amtsgericht Muenchen HRB 186928
|
|
Re: OpenChain Specification Chair Election Period Now Open
A reminder: a chair election for the specification work team ends tomorrow. You have *one* day left to vote.
Here are our current nominees: Everyone is invited to vote for their preferred chairs. Here is how: - You have two votes.
- One is licensing focused (Steve or Helio) and one is security focused (Jacob or Chris).
- You can vote by (a) signing up to our Specification mailing list (because this mailing list is our single source of truth for specification work) and (b) sending an email to operations@... with the subject “Specification Chair Elections” and the following content:
My name is NAME and my votes are as follows: NAME for licensing NAME for security Regards YOUR NAME
toggle quoted messageShow quoted text
On Nov 16, 2022, at 9:59, Shane Coughlan via lists.openchainproject.org <scoughlan=linuxfoundation.org@...> wrote:
OpenChain Specification Chair Election Period Now Open
The OpenChain Project is running an election for co-chairs of the Specification Work Group. The election period is from today (2022-11-16) until 2022-11-22 Close of Business UTC. Here are our current nominees: • Steve Kilbane, Analog Devices • Helio Chissini de Castro, CARIAD • Jacob Wilson, Gemini • Chris Wood, Lockheed Martin Everyone is invited to vote for their preferred chairs. Here is how: • You have two votes. • One is licensing focused (Steve or Helio) and one is security focused (Jacob or Chris). • You can vote by (a) signing up to our Specification mailing list (because this mailing list is our single source of truth for specification work) and (b) sending an email to operations@... with the subject “Specification Chair Elections” and the following content: My name is NAME and my votes are as follows: NAME for licensing NAME for security Regards YOUR NAME Some notes: • The email address ending your vote must be subscribed to the specification mailing list. • Any vote not provided in this format will be invalid. • You can vote for yourself. • You can only submit your votes once. More Details How we are running this election is split into two lengthy descriptions below. We are striving to do two things: • Create an open election process • Address the potential we have to have multiple domain experts sharing work Because this is our first major election for Specification Chair, the process may have some rough edges. If there are any critical issues, we will address them. How We Are Running The Elections The OpenChain Governing Board is formally considering who should be appointed by the board for the position(s) of OpenChain Specification Chairperson, and invites the broader OpenChain community to provide their perspective. In this process, the broader OpenChain community will have nominees proposed and voted on to provide a recommendation. That recommendation will be passed to the OpenChain Governing Board for review, approval and ratification at their next meeting. The specific process on behalf of the community is to undertake a voting process after a period of nomination. The community will vote in the following manner: Votes for chairpeople will be sent by email to operations@...(received by the OpenChain General Manager and Project Manager). Each member of our specification@ can cast *one* vote. All members of main@ are entitled to join specification@. The requirement to join the specification list is to maintain that list as the “single source of truth” for our specification-editing and other core specification work. The votes will be tallied by the General Manager and prepared for the OpenChain Governing Board to review. The tally will be reported to the OpenChain governing board. Their feedback and final decision will be provided to the community-at-large after their next formal governing board meeting. For the 2022 OpenChain Specification Work Group elections the following notes are provided: (1) we are operationally splitting the specification work group into two work groups: licensing and security, reflecting our two specifications in-market. (2) for *this* specific election, we will split the election into two threads: one license biased (two nominees) and one security biased (two nominees). The result will be two chairs to fill the co-chair positions after approval by the OpenChain Governing Board. (3) this means everyone on specification@ should vote for: (i) their preferred choice for license work group chair; (I) their preferred choice for security work group chair. (4) these votes may be cast between the 16th and 22nd of November 2022. (5) the OpenChain Governing Board will receive the tally of votes expressing community feedback, and will review it formally at their next meeting on the 8th of December 2022. (6) it is expected that at this juncture the community will receive a response from the OpenChain Governing Board regarding their decision(s) around specification chairperson(s) circa 9th December 2022, and our new specification chairs will begin their term of office prior to 2023. This process may be adjusted at any time by the governing board, and feedback to improve the process is always welcome, with the optic of ensuring that we continually refine the process as time progresses. For This Specific Election For the nomination period, we happen to have two people well versed in license compliance (Steve and Helio) and two people with a security background (Jacob and Chris). This suggest that our co-chair election – for *this* specific election, should break into two threads: one license biased (two nominees) and one security biased (two nominees). The result will be two chairs to fill the co-chair positions after approval by the OpenChain Governing Board. However, for clarity, the intent is not to split the development of our licensing and security specifications into two different paths. The intent is that both chairs will work on both specifications by helping to collect community feedback and so on, with this feedback being provided to the Steering Committee for formal review and ratification if and when we decide to produce new versions of our standards.
|
|
Re: Topic for discussion: how do we link different Bill of Materials?
Hi Jacob, Shane and all,
Thank you for sharing my thought and your interesting response.
Now some of the OpenChain Japan Sub workgroup member started
discussing about SBOM deeply from the perspective how to use SBOM
effectively in the complex supply chains and what is the problem to use it.
We are still in the early stages of discussions, but we will be sharing our
discussions and materials publicly in the future, so could you give us some advice?
And it might be difficult to participate because the language barriers and
time zones, but if you know similar discussion opportunities elsewhere,
please let me know.
I would like to participate as much as possible.
Thanks,
-- kobota
From: main@... <main@...>
On Behalf Of Jacob Wilson
Sent: Wednesday, November 16, 2022 1:10 AM
To: main@...
Subject: Re: [openchain] Topic for discussion: how do we link different Bill of Materials?
This is a great point, and one which I believe has been evolving over time. SAST, DAST, IAST, and RASP outputs similarly all show code analysis at different stages
of the software build and distribution process. I would say for storage a Software Artifact Repository is the industry standard for code scanning and will most likely continue for SBOM results, but the combination of results will vary based on organizational
policies, procedures, regulators, and other market factors.
If I put my computer forensics hat on, traceability and non-tampered evidence collection are paramount. Having the same piece of information at multiple stages of
the software build and distribution process is informative in itself. Combination of the results may harm the overall goal. From a pragmatic perspective this is a significant data storage and analysis challenge.
Tying things together, I believe the SBOM consideration material you have made is great and brings light to an important issue. I also believe it fits together remarkably
well with the 'SCA tooling evaluation metrics' project mentioned in yesterday's monthly call. Perhaps these stakeholders can work together?
toggle quoted messageShow quoted text
On Tue, Nov 15, 2022 at 6:47 AM Shane Coughlan <scoughlan@...> wrote:
Kobota San has raised an interesting topic for discussion. Attached see slides with an overview.
Summary: there are various different types of SBOM involved in preparing various types of product. For example, Build SBOM, Binary SBOM, Source SBOM.
What is the best way to combine these for final records?
Thoughts and suggestions?
|
|
Re: OpenChain Reference Training Slides now in MarkDown (Draft, needs work)

Jacob Wilson
Hi Carlo,
First of all excellent work, this is no small task and is a huge benefit to the community. Second you mentioned conversion of the powerpoint graphs to SVG and then displaying in markdown. Have you had a chance to read this github blog post tackling similar issues? I took a pass at what this might look like in pull request 41 specifically for slide 54 from your last screen shot. Luckily the Mermaid dev team was nice enough to include a live editor, here's a link to the source code for this diagram in action. The chart type I picked was a sequence diagram, it could be that flow diagram or even a mind map works better. Hopefully this helps, or at least provides another option. Jacob Wilson
toggle quoted messageShow quoted text
On Fri, Nov 18, 2022 at 8:02 AM Carlo Piana < carlo@...> wrote: Too fast.
see attached.
K
----- Messaggio originale -----
> Da: "Carlo Piana" <carlo@...>
> A: "main@..." <main@...>
> Cc: "OpenChain Education" <education@...>
> Inviato: Venerdì, 18 novembre 2022 12:33:43
> Oggetto: Re: [openchain] OpenChain Reference Training Slides now in MarkDown (Draft, needs work)
> Anyway, even in Powerpoint online, the charts have issues.
>
> see here:
>
>
> ----- Messaggio originale -----
>> Da: "Carlo Piana" <carlo@...>
>> A: "main@..." <main@...>
>> Cc: "OpenChain Education" <education@...>
>> Inviato: Venerdì, 18 novembre 2022 12:15:09
>> Oggetto: Re: [openchain] OpenChain Reference Training Slides now in MarkDown
>> (Draft, needs work)
>
>> Hi,
>>
>> I have tried to figure out an easier way to do it and extract the images in a
>> bulk-ish way, but they appear to be Powerpoint internal objects without any
>> coherence. The best way I have figured out without spending too much time,
>> was to export to PDF, open the PDF in Inkscape, remove the text, group the
>> graphic and export what remains as SVG.
>>
>> Now Inkscape can deal with multiple pages, but it would be a much better idea to
>> separate each page, remove the ones without images, put the remaining ones in a
>> place and proceed page by page.
>>
>> It's painful and error prone. Powerpoint is something that is better left with
>> presentations (or even better, alone, sitting in the dark to rotten), not
>> documents.
>>
>> Cheers
>>
>> Carlo
>>
>>
>> ----- Messaggio originale -----
>>> Da: "Shane Coughlan" <scoughlan@...>
>>> A: "OpenChain Main" <main@...>
>>> Cc: "OpenChain Education" <education@...>
>>> Inviato: Mercoledì, 16 novembre 2022 15:02:02
>>> Oggetto: [openchain] OpenChain Reference Training Slides now in MarkDown (Draft,
>>> needs work)
>>
>>> Well, this is big news. Our reference training slides - one of the most used
>>> parts of our reference library - is now in MarkDown. The conversation status is
>>> “draft” and we need to check for rough edges:
>>> https://github.com/OpenChain-Project/Reference-Material/blob/master/Training-Slides/Official/2.1/en/openchain-reference-training-slides-iso5230-version1.md
>>>
>>> Original PowerPoint slides here for compare, contrast and planning:
>>> https://github.com/OpenChain-Project/Reference-Material/blob/master/Training-Slides/Official/2.1/en/openchain-reference-training-slides-for-ISO-5230-en.pptx
>>>
>>> The biggest to-do item is that we need to extract the images from the slides and
>>> add them to the MarkDown. This is probably a relatively big lift… we may want
>>> to recreate some of the images at this juncture.
>>>
>>>
>>
>>
>>
|
|
Re: OpenChain Reference Training Slides now in MarkDown (Draft, needs work)
Too fast.
see attached.
K
----- Messaggio originale -----
toggle quoted messageShow quoted text
Da: "Carlo Piana" <carlo@...> A: "main@..." <main@...> Cc: "OpenChain Education" <education@...> Inviato: Venerdì, 18 novembre 2022 12:33:43 Oggetto: Re: [openchain] OpenChain Reference Training Slides now in MarkDown (Draft, needs work) Anyway, even in Powerpoint online, the charts have issues.
see here:
----- Messaggio originale -----
Da: "Carlo Piana" <carlo@...> A: "main@..." <main@...> Cc: "OpenChain Education" <education@...> Inviato: Venerdì, 18 novembre 2022 12:15:09 Oggetto: Re: [openchain] OpenChain Reference Training Slides now in MarkDown (Draft, needs work) Hi,
I have tried to figure out an easier way to do it and extract the images in a bulk-ish way, but they appear to be Powerpoint internal objects without any coherence. The best way I have figured out without spending too much time, was to export to PDF, open the PDF in Inkscape, remove the text, group the graphic and export what remains as SVG.
Now Inkscape can deal with multiple pages, but it would be a much better idea to separate each page, remove the ones without images, put the remaining ones in a place and proceed page by page.
It's painful and error prone. Powerpoint is something that is better left with presentations (or even better, alone, sitting in the dark to rotten), not documents.
Cheers
Carlo
----- Messaggio originale -----
Da: "Shane Coughlan" <scoughlan@...> A: "OpenChain Main" <main@...> Cc: "OpenChain Education" <education@...> Inviato: Mercoledì, 16 novembre 2022 15:02:02 Oggetto: [openchain] OpenChain Reference Training Slides now in MarkDown (Draft, needs work) Well, this is big news. Our reference training slides - one of the most used parts of our reference library - is now in MarkDown. The conversation status is “draft” and we need to check for rough edges: https://github.com/OpenChain-Project/Reference-Material/blob/master/Training-Slides/Official/2.1/en/openchain-reference-training-slides-iso5230-version1.md
Original PowerPoint slides here for compare, contrast and planning: https://github.com/OpenChain-Project/Reference-Material/blob/master/Training-Slides/Official/2.1/en/openchain-reference-training-slides-for-ISO-5230-en.pptx
The biggest to-do item is that we need to extract the images from the slides and add them to the MarkDown. This is probably a relatively big lift… we may want to recreate some of the images at this juncture.
|
|
Re: OpenChain Reference Training Slides now in MarkDown (Draft, needs work)
Anyway, even in Powerpoint online, the charts have issues.
see here:
----- Messaggio originale -----
toggle quoted messageShow quoted text
Da: "Carlo Piana" <carlo@...> A: "main@..." <main@...> Cc: "OpenChain Education" <education@...> Inviato: Venerdì, 18 novembre 2022 12:15:09 Oggetto: Re: [openchain] OpenChain Reference Training Slides now in MarkDown (Draft, needs work) Hi,
I have tried to figure out an easier way to do it and extract the images in a bulk-ish way, but they appear to be Powerpoint internal objects without any coherence. The best way I have figured out without spending too much time, was to export to PDF, open the PDF in Inkscape, remove the text, group the graphic and export what remains as SVG.
Now Inkscape can deal with multiple pages, but it would be a much better idea to separate each page, remove the ones without images, put the remaining ones in a place and proceed page by page.
It's painful and error prone. Powerpoint is something that is better left with presentations (or even better, alone, sitting in the dark to rotten), not documents.
Cheers
Carlo
----- Messaggio originale -----
Da: "Shane Coughlan" <scoughlan@...> A: "OpenChain Main" <main@...> Cc: "OpenChain Education" <education@...> Inviato: Mercoledì, 16 novembre 2022 15:02:02 Oggetto: [openchain] OpenChain Reference Training Slides now in MarkDown (Draft, needs work) Well, this is big news. Our reference training slides - one of the most used parts of our reference library - is now in MarkDown. The conversation status is “draft” and we need to check for rough edges: https://github.com/OpenChain-Project/Reference-Material/blob/master/Training-Slides/Official/2.1/en/openchain-reference-training-slides-iso5230-version1.md
Original PowerPoint slides here for compare, contrast and planning: https://github.com/OpenChain-Project/Reference-Material/blob/master/Training-Slides/Official/2.1/en/openchain-reference-training-slides-for-ISO-5230-en.pptx
The biggest to-do item is that we need to extract the images from the slides and add them to the MarkDown. This is probably a relatively big lift… we may want to recreate some of the images at this juncture.
|
|
Re: OpenChain Reference Training Slides now in MarkDown (Draft, needs work)
Hi,
I have tried to figure out an easier way to do it and extract the images in a bulk-ish way, but they appear to be Powerpoint internal objects without any coherence. The best way I have figured out without spending too much time, was to export to PDF, open the PDF in Inkscape, remove the text, group the graphic and export what remains as SVG.
Now Inkscape can deal with multiple pages, but it would be a much better idea to separate each page, remove the ones without images, put the remaining ones in a place and proceed page by page.
It's painful and error prone. Powerpoint is something that is better left with presentations (or even better, alone, sitting in the dark to rotten), not documents.
Cheers
Carlo
----- Messaggio originale -----
toggle quoted messageShow quoted text
|
|
Re: OpenChain Specification Chair Election Period Now Open

Mattran, Mary
Hi Steve, the address to send the vote email is "Operations@..." and doesn't resolve to a real email address, so that is what I'm missing. Yes, I'm signed up to the specification mailing list.
|
|
Re: OpenChain Specification Chair Election Period Now Open

Mary Hardy
Thank you! Signing up now.
From: main@... <main@...>
On Behalf Of Steve Kilbane via lists.openchainproject.org
Sent: Wednesday, November 16, 2022 7:20 AM
To: main@...
Subject: [EXTERNAL] Re: [openchain] OpenChain Specification Chair Election Period Now Open
And just to check: did you sign up to the specification mailing list before sending the email?
Hi Mary,
See step 3:
>
You can vote by (a) signing up to our Specification
mailing list (because this mailing list is our single source of truth for specification work) and (b) sending an email to operations@... with the subject “Specification Chair
Elections” and the following content:
Hi Shane,
I'm probably being dense, but what email address to send the votes to? The one I guessed at bounced.
Mary
|
|
Re: OpenChain Specification Chair Election Period Now Open

Jacob Wilson
Hello OpenChain
Members!
I am Jacob Wilson, previously a consultant in software security assurance and
offensive security testing... a servant leader and computer hacker of 15 years
:) I’ve held a number of
roles serving financial services, automotive OEMs, government, and internet service
providers.
Most pertinent to this election, I led the effort for Synopsys
to become the 3rd OpenChain Global Certifier, and first partner
in the service provider, vendor, and certifier categories. I subsequently
developed multiple consulting offerings focused on maturing OSPOs in multinational
companies. With formal mentors in leadership of our partnering SPDX standard, I
assembled the training and professional consulting services to accompany the
commercial tooling for open source scanning.
I have now moved client
side into the crypto and blockchain space, which allows me to step away from
the partnerships and have an unbiased role. I have dedicated my career to supply
chain security and am looking forward to fostering a sense of community within
OpenChain. Please consider me for the specification working group security candidate, and see my github, linkedin, https://twitter.com/jacobdjwilson/twitter,
and personal website for more details
and to stay in touch.
Jacob Wilson
toggle quoted messageShow quoted text
On Wed, Nov 16, 2022 at 4:04 AM Shane Coughlan < scoughlan@...> wrote: Steve, Helio, Jacob and Chris, I would like to invite you to share a brief bio of yourself in this thread to help our potential votes to understand who you are. Given our wide community, not everyone makes our calls, and may not know you from your active contributions there and on GitHub, etc.
> On Nov 16, 2022, at 9:59, Shane Coughlan via lists.openchainproject.org <scoughlan=linuxfoundation.org@...> wrote:
>
> OpenChain Specification Chair Election Period Now Open
>
> The OpenChain Project is running an election for co-chairs of the Specification Work Group. The election period is from today (2022-11-16) until 2022-11-22 Close of Business UTC.
> Here are our current nominees:
> • Steve Kilbane, Analog Devices
> • Helio Chissini de Castro, CARIAD
> • Jacob Wilson, Gemini
> • Chris Wood, Lockheed Martin
> Everyone is invited to vote for their preferred chairs. Here is how:
> • You have two votes.
> • One is licensing focused (Steve or Helio) and one is security focused (Jacob or Chris).
> • You can vote by (a) signing up to our Specification mailing list (because this mailing list is our single source of truth for specification work) and (b) sending an email to operations@... with the subject “Specification Chair Elections” and the following content:
> My name is NAME and my votes are as follows:
> NAME for licensing
> NAME for security
> Regards
> YOUR NAME
> Some notes:
> • The email address ending your vote must be subscribed to the specification mailing list.
> • Any vote not provided in this format will be invalid.
> • You can vote for yourself.
> • You can only submit your votes once.
> More Details
> How we are running this election is split into two lengthy descriptions below. We are striving to do two things:
> • Create an open election process
> • Address the potential we have to have multiple domain experts sharing work
> Because this is our first major election for Specification Chair, the process may have some rough edges. If there are any critical issues, we will address them.
> How We Are Running The Elections
> The OpenChain Governing Board is formally considering who should be appointed by the board for the position(s) of OpenChain Specification Chairperson, and invites the broader OpenChain community to provide their perspective.
> In this process, the broader OpenChain community will have nominees proposed and voted on to provide a recommendation. That recommendation will be passed to the OpenChain Governing Board for review, approval and ratification at their next meeting.
> The specific process on behalf of the community is to undertake a voting process after a period of nomination. The community will vote in the following manner:
> Votes for chairpeople will be sent by email to operations@...(received by the OpenChain General Manager and Project Manager).
> Each member of our specification@ can cast *one* vote. All members of main@ are entitled to join specification@. The requirement to join the specification list is to maintain that list as the “single source of truth” for our specification-editing and other core specification work.
> The votes will be tallied by the General Manager and prepared for the OpenChain Governing Board to review.
> The tally will be reported to the OpenChain governing board. Their feedback and final decision will be provided to the community-at-large after their next formal governing board meeting.
> For the 2022 OpenChain Specification Work Group elections the following notes are provided:
> (1) we are operationally splitting the specification work group into two work groups: licensing and security, reflecting our two specifications in-market.
> (2) for *this* specific election, we will split the election into two threads: one license biased (two nominees) and one security biased (two nominees). The result will be two chairs to fill the co-chair positions after approval by the OpenChain Governing Board.
> (3) this means everyone on specification@ should vote for:
> (i) their preferred choice for license work group chair;
> (I) their preferred choice for security work group chair.
> (4) these votes may be cast between the 16th and 22nd of November 2022.
> (5) the OpenChain Governing Board will receive the tally of votes expressing community feedback, and will review it formally at their next meeting on the 8th of December 2022.
> (6) it is expected that at this juncture the community will receive a response from the OpenChain Governing Board regarding their decision(s) around specification chairperson(s) circa 9th December 2022, and our new specification chairs will begin their term of office prior to 2023.
> This process may be adjusted at any time by the governing board, and feedback to improve the process is always welcome, with the optic of ensuring that we continually refine the process as time progresses.
> For This Specific Election
> For the nomination period, we happen to have two people well versed in license compliance (Steve and Helio) and two people with a security background (Jacob and Chris). This suggest that our co-chair election – for *this* specific election, should break into two threads: one license biased (two nominees) and one security biased (two nominees). The result will be two chairs to fill the co-chair positions after approval by the OpenChain Governing Board.
> However, for clarity, the intent is not to split the development of our licensing and security specifications into two different paths. The intent is that both chairs will work on both specifications by helping to collect community feedback and so on, with this feedback being provided to the Steering Committee for formal review and ratification if and when we decide to produce new versions of our standards.
|
|
Re: OpenChain Specification Chair Election Period Now Open

Steve Kilbane
And just to check: did you sign up to the specification mailing list before sending the email?
From:
main@... <main@...> on behalf of Steve Kilbane <stephen.kilbane@...>
Date: Wednesday, 16 November 2022 at 15:19
To: main@... <main@...>
Subject: Re: [openchain] OpenChain Specification Chair Election Period Now Open
Hi Mary,
See step 3:
>
You can vote by (a) signing up to our Specification
mailing list (because this mailing list is our single source of truth for specification work) and (b) sending an email to operations@... with the subject “Specification Chair Elections” and the following content:
From:
main@... <main@...> on behalf of Mattran, Mary <mary.mattran@...>
Date: Wednesday, 16 November 2022 at 15:09
To: main@... <main@...>
Subject: Re: [openchain] OpenChain Specification Chair Election Period Now Open
Hi Shane,
I'm probably being dense, but what email address to send the votes to? The one I guessed at bounced.
Mary
|
|
Re: OpenChain Specification Chair Election Period Now Open

Steve Kilbane
Hi Mary,
See step 3:
>
You can vote by (a) signing up to our Specification
mailing list (because this mailing list is our single source of truth for specification work) and (b) sending an email to operations@... with the subject “Specification Chair Elections” and the following content:
From:
main@... <main@...> on behalf of Mattran, Mary <mary.mattran@...>
Date: Wednesday, 16 November 2022 at 15:09
To: main@... <main@...>
Subject: Re: [openchain] OpenChain Specification Chair Election Period Now Open
Hi Shane,
I'm probably being dense, but what email address to send the votes to? The one I guessed at bounced.
Mary
|
|
Re: OpenChain Specification Chair Election Period Now Open

Mattran, Mary
Hi Shane,
I'm probably being dense, but what email address to send the votes to? The one I guessed at bounced.
Mary
|
|
OpenChain Reference Training Slides now in MarkDown (Draft, needs work)
|
|