Jan’s description is consistent with my interpretation. If there is general confusion over the meaning of “Open Source compliance inquiry” – I would recommend someone file an issue here: https://githu

Thank you Shane for your kind words. Like any successful open source initiative, the real force lies within the community collectively, and the crafting of the OpenChain specification and Security gui

Hi Tak, >> "There is no registration procedure such as in §3.6.2 of OpenChain Specification." That is correct - conformance is obtained once an organization has satisfied all the requirements (verific

Hi Chris, >> Is there some way to incorporate this guide into the basic OpenChain Specification as an added conformance item? We introduced the security assurance guide as a separate deliverable initi

Hi Tak, >> there is no specific way to declare conformance to this guide. And each duration will be managed separately. One can declare conformance with the guide. According to section 3.4.2: ÿ 3.4.2.

One of the core guiding principles for the OpenChain Specification is to focus on the what and why of compliance (and avoid the how and when). This is highlighted in the introduction of the spec. That

Hi Nicole, Thanks for the feedback. We briefly discussed your concern during the Specification working group meeting yesterday. The Specification working group's mission is: Establishing trust in the

The current draft of the Security Assurance Reference Guide can be found here: https://github.com/OpenChain-Project/SecurityAssuranceGuide/tree/main/Guide best, Mark Gisi Director, Open Source Program

Attached are the slides for the OpenChain Q1 2021 Mini-Summit Specification Discussion: Security Guide Exploration. best, Mark Gisi Director, Open Source Program Office (510) 749-2016

As Shane announced last week - we will be meeting today (9am PST) to discuss the next version of the OpenChain specification (3.0) Note – there is a password (123456) Join Zoom Meeting https://windriv

Dear OpenChain Community, We are now seeking broader public comments for ISO submission version 2.1 of the Specification which will conclude on December 10th. This is the last major step in the spec d

Shane - Ok. Sounds good.

We will continue to accept feedback on version 2.1 of specification up through Thursday October 31st. We will be holding a F2F meeting/workshop at the Open Source Summit conference in Lyon tomorrow (O

OpenChain specification conformance extends trust to security vulnerability assurance. That is, OpenChain conforming suppliers are better positioned to manage security vulnerabilities because of the b

Reminder: the next version of the specification (spec) will largely involve converting the current 2.0 version into an ISO format for submission for ISO adoption. Therefore we are only considering sma

The latest draft of the next version of OpenChain Specification can be found here: https://wiki.linuxfoundation.org/_media/openchain/OpenChainSpec-2.1.draft.MarkUp.pdf Our objective is to make only mi

Reminder: If you would like to actively contribute to the development of the next version of the spec (or just follow along) you should subscribe to the spec mailing list: https://lists.linuxfoundatio

This is a reasonable objective. We need to formally commit to that. If we are going to keep the "2" in the version I would be reluctant to change anything other than formatting. That is, the semantics

I will queue the items up in the github wiki so that we can begin to review each in turn. I attached the latest format. I accepts Rex’s comments (seem reasonable -e.g., might vs may, ...). I did adjus

Hi Masao, Sorry for the delayed follow up. We have had success employing Open Development principles to solve a similar problem. I would not categorize it so much as Inner Source, but more as Open Inn