Date   

OpenChain Japan Work Group Meeting #20 - Virtual Meeting #7

 

This was a special event with a bunch of corporate case studies. Learn more:
https://www.openchainproject.org/news/2021/08/03/japan-wg-20


Re: OpenChain Webinar #28 – Securing the Development & Supply Chain of Open Source Software

 

No problem! Attached!

Please remember: it’s a draft 🙂

On Aug 4, 2021, at 11:44, Gaokun (King) via lists.openchainproject.org <king.gao=huawei.com@lists.openchainproject.org> wrote:

Hi shane,

Thank you for sharing this video to us . That really helpful , could you share the PPT ?

Best
King

高琨/(King Gao)
2012实验室
2012Labs

华为技术有限公司 Huawei Technologies Co., Ltd.
Mobile: 15986646117
Email: king.gao@huawei.com
地址:深圳市龙岗区坂田华为基地 邮编:518129
Huawei Technologies Co., Ltd.
Bantian, Longgang District,Shenzhen 518129, P.R.China


-----邮件原件-----
发件人: main@lists.openchainproject.org [mailto:main@lists.openchainproject.org] 代表 Shane Coughlan
发送时间: 2021年8月4日 9:16
收件人: OpenChain Main <main@lists.openchainproject.org>
主题: [openchain] OpenChain Webinar #28 – Securing the Development & Supply Chain of Open Source Software

Full recording here:
https://www.openchainproject.org/news/2021/08/03/openchain-webinar-28-securing-the-development-supply-chain-of-open-source-software









Re: 答复: [openchain] OpenChain Webinar #28 – Securing the Development & Supply Chain of Open Source Software

Gaokun (King)
 

Hi shane,

Thank you for sharing this video to us . That really helpful , could you share the PPT ?

Best
King

高琨/(King Gao)
2012实验室
2012Labs

华为技术有限公司 Huawei Technologies Co., Ltd.
Mobile: 15986646117
Email: king.gao@huawei.com
地址:深圳市龙岗区坂田华为基地 邮编:518129
Huawei Technologies Co., Ltd.
Bantian, Longgang District,Shenzhen 518129, P.R.China


-----邮件原件-----
发件人: main@lists.openchainproject.org [mailto:main@lists.openchainproject.org] 代表 Shane Coughlan
发送时间: 2021年8月4日 9:16
收件人: OpenChain Main <main@lists.openchainproject.org>
主题: [openchain] OpenChain Webinar #28 – Securing the Development & Supply Chain of Open Source Software

Full recording here:
https://www.openchainproject.org/news/2021/08/03/openchain-webinar-28-securing-the-development-supply-chain-of-open-source-software


Re: [taiwan-wg] We have another Chinese translation assistance on our GitHub - any extra thoughts welcome!

 

Thank you Lucien! Great feedback and understood! 🙂

On Jul 30, 2021, at 19:21, Lucien C.H. Lin - 林誠夏 <lucien.cc@...> wrote:


Dear Shane,

I believe that has the "OpenChain Project" translated as "OpenChain項目" instead of the "OpenChain專案" suggested by PeterDaveHello is made by me, it is originally submitted for the Traditional Chinese version, not cited from the Simplified Chinese version in any way. Actually, back in the old days the first draft of the Simplified Chinese version was made by me as well, based on the Traditional one for the 1.1 spec. However, taking the "OpenChain專案" to replace the translation of the old one seems expressing better nowadays. If PeterDaveHello would like to submit his suggestion in pptx or in odp format to you or to the community, I would be very much glad to have it proofread again to get us an updated revision.

All the best and wish you a productive outcome at the COSCUP 2021 tomorrow!

:)

20210730 UTC+8 18:15 Lucien

Shane Coughlan <scoughlan@...> 於 2021年7月30日 週五 下午5:46寫道:
PeterDaveHello: "I just found that Pre-Release version of Traditional Chinese Supplier Education Pack on https://www.openchainproject.org/supplier-education-pack, which is very useful, but some terms at page 2, 40, 48, 54, 77, 80 & 81 of openchain-curriculum-for-2-0-zh-Hant.pptx, seem to be the usage of Simplified Chinese, not Traditional Chinese, "專案" would be more suitable than "項目" here.:
<125280140-526d2580-e347-11eb-9672-3a18b0cb0bd9.png>

However, it's a Microsoft PowerPoint "pptx" file inside a zip file, doesn't seem to be easy to send a pull request for it with a reviewable diff comparison, how should I suggest or help the translation? Is there any data source that I can send a pull request to?"


My reply so far:

If you edit the PPTX file and submit it as a pull request, we can do community review and merge. It would be fantastic to have your contribution.


OpenChain Webinar #28 – Securing the Development & Supply Chain of Open Source Software

 


OpenChain Webinar #27 – PwC Readiness Assessment

 


OpenChain Tooling Work Group Meeting #39

 


OpenChain Today and Tomorrow – COSCUP Keynote

 


Today is event recording catch-up day

 

Each recording will be clearly identified by the email subject line.


OpenChain Bi-Weekly Webinar - 2021-08-03 at 06:00 UTC / 07:00 BST / 08:00 CEST / 11:30 IST / 14:00 CST / 15:00 KST+JST

 

Today we are talking about 'Securing the Development & Supply Chain of Open Source Software (OSS)'

Join Zoom Meeting
https://zoom.us/j/4377592799

Meeting ID: 437 759 2799
One tap mobile
+13017158592,,4377592799# US (Washington DC)
+13126266799,,4377592799# US (Chicago)

Need to confirm your timezone?
OpenChain Bi-Weekly Webinar - 2021-08-03 at 06:00 UTC / 07:00 BST / 08:00 CEST / 11:30 IST / 14:00 CST / 15:00 KST+JST


On our GitHub: "Formal statement format for project with no OSS BOM"

 

dineshr93: "Is there a formal statement to give to customers for the projects which has no OSS components.?
we cannot give confirmation that no OSS is being used because we cannot ensure 100% accuracy since there is always limitations to the tools. So we need come up with a statement which sets the tools limitations in place & also state that no OSS evidence has been found after performing the so & so scan.
I wanted to know does there are any statements already in place in Open chain. I searched here https://github.com/OpenChain-Project/Reference-Material but I did not find anything related to it.”

https://github.com/OpenChain-Project/Reference-Material/issues/9

My initial reply:
We do not provide a single "source of truth" statement for such a matter. It is really up to the in-house procurement and legal times.
Conceptually, it might be something like this:
The supplier confirms that the provided software has been audited and confirms that it contains no components under open source licenses."


Re: [taiwan-wg] We have another Chinese translation assistance on our GitHub - any extra thoughts welcome!

Lucien C.H. Lin - 林誠夏
 

Dear Shane,

I believe that has the "OpenChain Project" translated as "OpenChain項目" instead of the "OpenChain專案" suggested by PeterDaveHello is made by me, it is originally submitted for the Traditional Chinese version, not cited from the Simplified Chinese version in any way. Actually, back in the old days the first draft of the Simplified Chinese version was made by me as well, based on the Traditional one for the 1.1 spec. However, taking the "OpenChain專案" to replace the translation of the old one seems expressing better nowadays. If PeterDaveHello would like to submit his suggestion in pptx or in odp format to you or to the community, I would be very much glad to have it proofread again to get us an updated revision.

All the best and wish you a productive outcome at the COSCUP 2021 tomorrow!

:)

20210730 UTC+8 18:15 Lucien

Shane Coughlan <scoughlan@...> 於 2021年7月30日 週五 下午5:46寫道:

PeterDaveHello: "I just found that Pre-Release version of Traditional Chinese Supplier Education Pack on https://www.openchainproject.org/supplier-education-pack, which is very useful, but some terms at page 2, 40, 48, 54, 77, 80 & 81 of openchain-curriculum-for-2-0-zh-Hant.pptx, seem to be the usage of Simplified Chinese, not Traditional Chinese, "專案" would be more suitable than "項目" here.:

However, it's a Microsoft PowerPoint "pptx" file inside a zip file, doesn't seem to be easy to send a pull request for it with a reviewable diff comparison, how should I suggest or help the translation? Is there any data source that I can send a pull request to?"


My reply so far:

If you edit the PPTX file and submit it as a pull request, we can do community review and merge. It would be fantastic to have your contribution.


We have another Chinese translation assistance on our GitHub - any extra thoughts welcome!

 

PeterDaveHello: "I just found that Pre-Release version of Traditional Chinese Supplier Education Pack on https://www.openchainproject.org/supplier-education-pack, which is very useful, but some terms at page 2, 40, 48, 54, 77, 80 & 81 of openchain-curriculum-for-2-0-zh-Hant.pptx, seem to be the usage of Simplified Chinese, not Traditional Chinese, "專案" would be more suitable than "項目" here.:

However, it's a Microsoft PowerPoint "pptx" file inside a zip file, doesn't seem to be easy to send a pull request for it with a reviewable diff comparison, how should I suggest or help the translation? Is there any data source that I can send a pull request to?"

https://github.com/OpenChain-Project/Reference-Material/issues/8

My reply so far:

If you edit the PPTX file and submit it as a pull request, we can do community review and merge. It would be fantastic to have your contribution.


Re: Open Hardware: Chinese chip designers hope to topple Arm's Cortex-A76 with XiangShan RISC-V design

 

I suspect it will all shake out to health competition :)
IIRC Risc-V provides cores, but full SoC requires a lot of other IPR, and the mind even wanders to the possibility of future SoCs with hybrid Arm/R5 core arrays. The field is open. Some companies like Western Digital have been really visible in Risc-V, but what we can learn from the new push in China is really fascinating.

On Jul 30, 2021, at 18:02, Gilles Gravier via lists.openchainproject.org <gilles.gravier=wipro.com@lists.openchainproject.org> wrote:

Super interesting as RISC-V is open hardware, if I understand correctly... Having a strong implementation of it could indeed topple ARM...

Best regards,
<Outlook-uxsxrod4.gif>
Gilles Gravier
Director, Senior Strategy Advisor - Global Open Source Practice
Wipro Limited
M: +41 79 472 8437
in/gillesgravier @gravax

From: main@lists.openchainproject.org <main@lists.openchainproject.org> on behalf of Shane Coughlan via lists.openchainproject.org <scoughlan=linuxfoundation.org@lists.openchainproject.org>
Sent: Friday 30 July 2021 10:59
To: OpenChain Main <main@lists.openchainproject.org>
Subject: [openchain] Open Hardware: Chinese chip designers hope to topple Arm's Cortex-A76 with XiangShan RISC-V design

CAUTION:This email is received from an external domain. Open the hyperlink(s) & attachment(s) with caution.
.


This has flown under the Western Media radar but may be significant in terms of open hardware licensing. Worth watching to keep track of execution.

“The Institute of Computing Technology at the Chinese Academy of Sciences (ICT CAS) has showcased progress on a fully open-source processor, designed around the RISC-V architecture, which it hopes will offer competition for Arm parts at the performance end of the market. Developed from the opening of a GitHub repository to booting Debian Linux in a matter of months, with work currently progressing on a higher-performance second iteration, XiangShan, or "Fragrant Hills", comes with bold promises […]”
https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.theregister.com%2F2021%2F07%2F06%2Fxiangshan_risc_v%2F&;data=04%7C01%7Cgilles.gravier%40wipro.com%7C19638bfc2ecc430f3e5708d95338574a%7C258ac4e4146a411e9dc879a9e12fd6da%7C1%7C0%7C637632323728656169%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=RrKw8KcmST%2ByJ94eq25mLJ0yLqGKceX3wPX303U3nD4%3D&amp;reserved=0




'The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com'


Re: Open Hardware: Chinese chip designers hope to topple Arm's Cortex-A76 with XiangShan RISC-V design

Gilles Gravier
 

Super interesting as RISC-V is open hardware, if I understand correctly... Having a strong implementation of it could indeed topple ARM...

Best regards,

Gilles Gravier
Director, Senior Strategy Advisor - Global Open Source Practice
Wipro Limited
M: +41 79 472 8437
in/gillesgravier  @gravax


From: main@... <main@...> on behalf of Shane Coughlan via lists.openchainproject.org <scoughlan=linuxfoundation.org@...>
Sent: Friday 30 July 2021 10:59
To: OpenChain Main <main@...>
Subject: [openchain] Open Hardware: Chinese chip designers hope to topple Arm's Cortex-A76 with XiangShan RISC-V design
 
CAUTION:This email is received from an external domain. Open the hyperlink(s) & attachment(s) with caution.
.


This has flown under the Western Media radar but may be significant in terms of open hardware licensing. Worth watching to keep track of execution.

“The Institute of Computing Technology at the Chinese Academy of Sciences (ICT CAS) has showcased progress on a fully open-source processor, designed around the RISC-V architecture, which it hopes will offer competition for Arm parts at the performance end of the market. Developed from the opening of a GitHub repository to booting Debian Linux in a matter of months, with work currently progressing on a higher-performance second iteration, XiangShan, or "Fragrant Hills", comes with bold promises […]”
https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.theregister.com%2F2021%2F07%2F06%2Fxiangshan_risc_v%2F&amp;data=04%7C01%7Cgilles.gravier%40wipro.com%7C19638bfc2ecc430f3e5708d95338574a%7C258ac4e4146a411e9dc879a9e12fd6da%7C1%7C0%7C637632323728656169%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=RrKw8KcmST%2ByJ94eq25mLJ0yLqGKceX3wPX303U3nD4%3D&amp;reserved=0




'The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com'


Open Hardware: Chinese chip designers hope to topple Arm's Cortex-A76 with XiangShan RISC-V design

 

This has flown under the Western Media radar but may be significant in terms of open hardware licensing. Worth watching to keep track of execution.

“The Institute of Computing Technology at the Chinese Academy of Sciences (ICT CAS) has showcased progress on a fully open-source processor, designed around the RISC-V architecture, which it hopes will offer competition for Arm parts at the performance end of the market. Developed from the opening of a GitHub repository to booting Debian Linux in a matter of months, with work currently progressing on a higher-performance second iteration, XiangShan, or "Fragrant Hills", comes with bold promises […]”
https://www.theregister.com/2021/07/06/xiangshan_risc_v/


US National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems

 

From the White House:
"Protection of our Nation’s critical infrastructure is a responsibility of the government at the Federal, State, local, Tribal, and territorial levels and of the owners and operators of that infrastructure. The cybersecurity threats posed to the systems that control and operate the critical infrastructure on which we all depend are among the most significant and growing issues confronting our Nation. The degradation, destruction, or malfunction of systems that control this infrastructure could cause significant harm to the national and economic security of the United States.”

This memorandum contains the following sections (Section 2 and 4 appear most relevant to parties in this field):
Section 1. Policy.
Sec. 2. Industrial Control Systems Cybersecurity Initiative.
Sec. 3. Furthering the Industrial Control Systems Cybersecurity Initiative.
Sec. 4. Critical Infrastructure Cybersecurity Performance Goals.
Sec. 5. General Provisions.

https://www.whitehouse.gov/briefing-room/statements-releases/2021/07/28/national-security-memorandum-on-improving-cybersecurity-for-critical-infrastructure-control-systems/


Japanese Government (METI): Collection of Use Case Examples Compiled Regarding Management Methods for Utilizing Open Source Software and Ensuring Its Security

 

"The Ministry of Economy, Trade and Industry (METI) publishes a "Collection of Use Case Examples Regarding Management Methods for Utilizing OSS and Ensuring Its Security." The collection summarizes the points to note when utilizing open source software (OSS), and for each point, provides information including use case examples of companies that are conducting instructive initiatives.”

This information is all in English:
https://www.meti.go.jp/english/press/2021/0421_003.html


OpenChain Global Work Group Meeting 2021-07-26 - Full Recording

 

You can find the full recording of our most recent meeting here:
https://www.youtube.com/watch?v=okRa07dfokE&t=2s

As mentioned in my last email, focus was solely on the security guidance document for OpenChain ISO 5230.


IMPORTANT: OpenChain Security Assurance Reference Guide (ISO 5230 Security Assurance Reference Guide)

 

The security guidance guide for OpenChain ISO 5230 is nearly ready. This is the last call for comments.

This document will provide all that is necessary to apply OpenChain ISO 5230 to address security matters related to open source. It does not alter or adjust the standard itself. It is a “mapping” guide.

Here is the document in a format that allows you to add comments:
https://1drv.ms/w/s!AsXJVqby5kpnkSaMT5WBZwJBONuB

Here is the most recent call where we discussed specifics:
https://www.youtube.com/watch?v=okRa07dfokE

You have until the 10th of August to provide feedback, with the process ending during our regular Global Work Team call on that day. The document will be released on the 11th of August.

Regards

Shane


Shane Coughlan
General Manager, OpenChain
e: scoughlan@linuxfoundation.org
p: +81 (0) 80 4035 8083
w: www.linuxfoundation.org

Schedule a call:
https://meetings.hubspot.com/scoughlan

61 - 80 of 4197