|
Meaning of Open Source license in 2.1.1
Jan’s description is consistent with my interpretation. If there is general confusion over the meaning of “Open Source compliance inquiry” – I would recommend someone file an issue here: https://githu
Jan’s description is consistent with my interpretation. If there is general confusion over the meaning of “Open Source compliance inquiry” – I would recommend someone file an issue here: https://githu
|
By
Mark Gisi
· #4422
·
|
|
OpenChain Person of the Year: Mark Gisi
Thank you Shane for your kind words. Like any successful open source initiative, the real force lies within the community collectively, and the crafting of the OpenChain specification and Security gui
Thank you Shane for your kind words. Like any successful open source initiative, the real force lies within the community collectively, and the crafting of the OpenChain specification and Security gui
|
By
Mark Gisi
· #4330
·
|
|
OpenChain Security Assurance Reference Guide - Public Sharing - Feedback Requested
Hi Tak, >> "There is no registration procedure such as in §3.6.2 of OpenChain Specification." That is correct - conformance is obtained once an organization has satisfied all the requirements (verific
Hi Tak, >> "There is no registration procedure such as in §3.6.2 of OpenChain Specification." That is correct - conformance is obtained once an organization has satisfied all the requirements (verific
|
By
Mark Gisi
· #4269
·
|
|
OpenChain Security Assurance Reference Guide - Public Sharing - Feedback Requested
Hi Chris, >> Is there some way to incorporate this guide into the basic OpenChain Specification as an added conformance item? We introduced the security assurance guide as a separate deliverable initi
Hi Chris, >> Is there some way to incorporate this guide into the basic OpenChain Specification as an added conformance item? We introduced the security assurance guide as a separate deliverable initi
|
By
Mark Gisi
· #4266
·
|
|
OpenChain Security Assurance Reference Guide - Public Sharing - Feedback Requested
Hi Tak, >> there is no specific way to declare conformance to this guide. And each duration will be managed separately. One can declare conformance with the guide. According to section 3.4.2: ÿ 3.4.2.
Hi Tak, >> there is no specific way to declare conformance to this guide. And each duration will be managed separately. One can declare conformance with the guide. According to section 3.4.2: ÿ 3.4.2.
|
By
Mark Gisi
· #4265
·
|
|
[specification] Proposal - OpenChain Quality of Conformance Assessment Levels (including a sub-proposal for tooling quality assessment levels)
One of the core guiding principles for the OpenChain Specification is to focus on the what and why of compliance (and avoid the how and when). This is highlighted in the introduction of the spec. That
One of the core guiding principles for the OpenChain Specification is to focus on the what and why of compliance (and avoid the how and when). This is highlighted in the introduction of the spec. That
|
By
Mark Gisi
· #4163
·
|
|
FINAL REMINDER: OpenChain Security Guidance Document - Last Call
Hi Nicole, Thanks for the feedback. We briefly discussed your concern during the Specification working group meeting yesterday. The Specification working group's mission is: Establishing trust in the
Hi Nicole, Thanks for the feedback. We briefly discussed your concern during the Specification working group meeting yesterday. The Specification working group's mission is: Establishing trust in the
|
By
Mark Gisi
· #4146
·
|
|
OpenChain Global Work Team Call - 2021-07-26 - 14:00 UTC / 07:00 PST / 15:00 BST / 16:00 CEST / 19:30 IST / 22:00 CST / 23:00 KST / 23:00 JST
The current draft of the Security Assurance Reference Guide can be found here: https://github.com/OpenChain-Project/SecurityAssuranceGuide/tree/main/Guide best, Mark Gisi Director, Open Source Program
The current draft of the Security Assurance Reference Guide can be found here: https://github.com/OpenChain-Project/SecurityAssuranceGuide/tree/main/Guide best, Mark Gisi Director, Open Source Program
|
By
Mark Gisi
· #4117
·
|
|
OpenChain Q1 2021 Mini-Summit: Specification Discussion - Security Guide Exploration
Attached are the slides for the OpenChain Q1 2021 Mini-Summit Specification Discussion: Security Guide Exploration. best, Mark Gisi Director, Open Source Program Office (510) 749-2016
Attached are the slides for the OpenChain Q1 2021 Mini-Summit Specification Discussion: Security Guide Exploration. best, Mark Gisi Director, Open Source Program Office (510) 749-2016
|
By
Mark Gisi
· #3871
·
|
|
Specification 3.0 Draft/Review Meeting - June 8th @ 9am PST
As Shane announced last week - we will be meeting today (9am PST) to discuss the next version of the OpenChain specification (3.0) Note – there is a password (123456) Join Zoom Meeting https://windriv
As Shane announced last week - we will be meeting today (9am PST) to discuss the next version of the OpenChain specification (3.0) Note – there is a password (123456) Join Zoom Meeting https://windriv
|
By
Mark Gisi
· #3193
·
|
|
It is official – we are now seeking public comments for ISO submission version 2.1 of the Specification
Dear OpenChain Community, We are now seeking broader public comments for ISO submission version 2.1 of the Specification which will conclude on December 10th. This is the last major step in the spec d
Dear OpenChain Community, We are now seeking broader public comments for ISO submission version 2.1 of the Specification which will conclude on December 10th. This is the last major step in the spec d
|
By
Mark Gisi
· #2675
·
|
|
OpenChain’s value proposition is bigger than you think
Shane - Ok. Sounds good.
By
Mark Gisi
· #2654
·
|
|
Spec Version 2.1 release schedule and status
We will continue to accept feedback on version 2.1 of specification up through Thursday October 31st. We will be holding a F2F meeting/workshop at the Open Source Summit conference in Lyon tomorrow (O
We will continue to accept feedback on version 2.1 of specification up through Thursday October 31st. We will be holding a F2F meeting/workshop at the Open Source Summit conference in Lyon tomorrow (O
|
By
Mark Gisi
· #2651
·
|
|
OpenChain’s value proposition is bigger than you think
OpenChain specification conformance extends trust to security vulnerability assurance. That is, OpenChain conforming suppliers are better positioned to manage security vulnerabilities because of the b
OpenChain specification conformance extends trust to security vulnerability assurance. That is, OpenChain conforming suppliers are better positioned to manage security vulnerabilities because of the b
|
By
Mark Gisi
· #2648
·
|
|
Latest draft of the next spec verision 2.1 - Last call for feeback.
Reminder: the next version of the specification (spec) will largely involve converting the current 2.0 version into an ISO format for submission for ISO adoption. Therefore we are only considering sma
Reminder: the next version of the specification (spec) will largely involve converting the current 2.0 version into an ISO format for submission for ISO adoption. Therefore we are only considering sma
|
By
Mark Gisi
· #2642
·
|
|
Latest OpenChain Specification 2.1 ISO draft (Sept 1st)
The latest draft of the next version of OpenChain Specification can be found here: https://wiki.linuxfoundation.org/_media/openchain/OpenChainSpec-2.1.draft.MarkUp.pdf Our objective is to make only mi
The latest draft of the next version of OpenChain Specification can be found here: https://wiki.linuxfoundation.org/_media/openchain/OpenChainSpec-2.1.draft.MarkUp.pdf Our objective is to make only mi
|
By
Mark Gisi
· #2547
·
|
|
Reminder: Spec development takes place on the spec mailiing list
Reminder: If you would like to actively contribute to the development of the next version of the spec (or just follow along) you should subscribe to the spec mailing list: https://lists.linuxfoundatio
Reminder: If you would like to actively contribute to the development of the next version of the spec (or just follow along) you should subscribe to the spec mailing list: https://lists.linuxfoundatio
|
By
Mark Gisi
· #2477
·
|
|
Question: Difference between “attribution notices” and “attribution requirements”
This is a reasonable objective. We need to formally commit to that. If we are going to keep the "2" in the version I would be reluctant to change anything other than formatting. That is, the semantics
This is a reasonable objective. We need to formally commit to that. If we are going to keep the "2" in the version I would be reluctant to change anything other than formatting. That is, the semantics
|
By
Mark Gisi
· #2472
·
|
|
Question: Difference between “attribution notices” and “attribution requirements”
I will queue the items up in the github wiki so that we can begin to review each in turn. I attached the latest format. I accepts Rex’s comments (seem reasonable -e.g., might vs may, ...). I did adjus
I will queue the items up in the github wiki so that we can begin to review each in turn. I attached the latest format. I accepts Rex’s comments (seem reasonable -e.g., might vs may, ...). I did adjus
|
By
Mark Gisi
· #2469
·
|
|
How do we encourage collaborative development INTERNALLY? (so far)
Hi Masao, Sorry for the delayed follow up. We have had success employing Open Development principles to solve a similar problem. I would not categorize it so much as Inner Source, but more as Open Inn
Hi Masao, Sorry for the delayed follow up. We have had success employing Open Development principles to solve a similar problem. I would not categorize it so much as Inner Source, but more as Open Inn
|
By
Mark Gisi
· #2253
·
|