Date
1 - 8 of 8
OSADL demo for consideration of certification prototype -- OpenChain agenda 12/7
|
RUFFIN, MICHEL (MICHEL) <michel.ruffin@...>
Jim, I look at the questionnaire
toggle quoted messageShow quoted text
1) the question are not formulated very clearly and are not always applying to Alcatel-Lucent, because we use different solutions that the one represented in the questionnaire 2) the questionnaire is asking to link documents on our process. We consider our process as a competitive advantage and cannot disclose the details like this and second there is confidential information in it on the way we interprete licenses, the deal we have with some foss suppliers to interprete their license differently or on our patent, so I cannot link documents Michel Michel.Ruffin@..., PhD Software Coordination Manager, COO - B&ITT Distinguished Member of Technical Staff Tel +33 6 75 25 21 94 Alcatel-Lucent International, Centre de Villarceaux - France
-----Message d'origine-----
De : Jim Hutchison [mailto:hutch@...] Envoyé : jeudi 10 décembre 2015 01:18 À : RUFFIN, MICHEL (MICHEL); RUFFIN, MICHEL (MICHEL) Objet : OSADL demo for consideration of certification prototype -- [OpenChain] OpenChain agenda 12/7 Hi Michel, In our last OpenChain meeting, OSADL shared this prototype with the working group. You might find it interesting, as a representation of current thinking of how we might collect certification data. https://www.foss-slca.org User name: openchain Password: buE93oaCw If you don't submit at the end, Till assured us they would receive no data. Also they would not be worried by test/hypothetical data you might enter in trying out their prototype. Regards, Jim Hutchison
|
|
|
|
Jim Hutchison
Hi Michel,
toggle quoted messageShow quoted text
These are helpful observations, as we are looking for a solution folks would want to use productively. In considering OpenChain, we should be able to steer clear of contract/agreement terms. This will be good to keep an eye on as we proceed in formulating the certification questions. The group discussion appears to be trending towards using such an on-line mechanism, and with text crafted from the OpenChain text. Ideally we will make the questions flexible to many business processes, while retaining inquiry to illuminate adherence to the core concerns. Thanks, Jim Hutchison Qualcomm Technologies, Inc.
At 02:04 AM 12/10/2015, RUFFIN, MICHEL (MICHEL) wrote:
Jim, I look at the questionnaire
|
|
|
|
RUFFIN, MICHEL (MICHEL) <michel.ruffin@...>
Jim,
toggle quoted messageShow quoted text
I am sorry not being able to participate more to Openchain discussions, I really think it is important but at the moment I am involved in the integration between Alcatel-Lucent and Nokia (on FOSS issues 8-)) and this is taking a lot of my bandwidth. Anyway I am available to answer dedicated questions and will try in the future to participate to Openchain more. My point of view is that the questions sent to companies should be more on "an issue, how do you solve the issue", not on "proposing a solution and how you comply with this solution". Second point is not attaching documents, I have no time to write special documents for OpenChain and the ALU process is are around 140 pages of text and mixed sometimes with confidential information, so replace it with free text We will need more discussion on this and I am happy to help. it is in the interest of ALU and Nokia that Openchain is successful and so far I have a white blanket to participate from ALU and Nokia. Michel Michel.Ruffin@..., PhD Software Coordination Manager, COO - B&ITT Distinguished Member of Technical Staff Tel +33 6 75 25 21 94 Alcatel-Lucent International, Centre de Villarceaux - France
-----Message d'origine-----
De : Jim Hutchison [mailto:hutch@...] Envoyé : vendredi 18 décembre 2015 19:40 À : RUFFIN, MICHEL (MICHEL) Cc : openchain@... Objet : RE: OSADL demo for consideration of certification prototype -- [OpenChain] OpenChain agenda 12/7 Hi Michel, These are helpful observations, as we are looking for a solution folks would want to use productively. In considering OpenChain, we should be able to steer clear of contract/agreement terms. This will be good to keep an eye on as we proceed in formulating the certification questions. The group discussion appears to be trending towards using such an on-line mechanism, and with text crafted from the OpenChain text. Ideally we will make the questions flexible to many business processes, while retaining inquiry to illuminate adherence to the core concerns. Thanks, Jim Hutchison Qualcomm Technologies, Inc. At 02:04 AM 12/10/2015, RUFFIN, MICHEL (MICHEL) wrote: Jim, I look at the questionnaire
|
|
|
|
Jilayne Lovejoy <Jilayne.Lovejoy@...>
Hi Michel, Jim,
I wanted to highlight something Michel said that I find interesting: "We consider our process as a competitive advantage…” - this seems to be counter-intuitive to the whole goal of OpenChain. If companies (still) thought that good process around the management of open source software was a competitive advantage, I don’t think we’d have been able to even get OpenChain off the ground as a concept. My feeling or observation is that companies have evolved past this belief and realized that to facilitate trust in the software supply chain we need to have transparency around how open source software is managed - just having the software bill of materials with no insight on how it was generated is not enough. Good open source management should not be a competitive advantage - no one benefits by that. Of course, as Michel and Jim raised and also has been discussed on the calls, the extent of sharing need not include confidential information (unless mutually agreed upon by the relevant parties, of course). Anyway, I may have read Michel’s words too broadly or strictly (sorry, Michel, if so!) but I thought it was a good opportunity, in any case, to acknowledge the evolution of how the use of open source software in corporations is viewed - we’ve come a long way! Jilayne On 12/18/15, 11:40 AM, "openchain-bounces@... on behalf of Jim Hutchison" <openchain-bounces@... on behalf of hutch@...> wrote: Hi Michel, These are helpful observations, as we are looking for a solution folks would want to use productively. In considering OpenChain, we should be able to steer clear of contract/agreement terms. This will be good to keep an eye on as we proceed in formulating the certification questions. The group discussion appears to be trending towards using such an on-line mechanism, and with text crafted from the OpenChain text. Ideally we will make the questions flexible to many business processes, while retaining inquiry to illuminate adherence to the core concerns. Thanks, Jim Hutchison Qualcomm Technologies, Inc. At 02:04 AM 12/10/2015, RUFFIN, MICHEL (MICHEL) wrote: Jim, I look at the questionnaire_______________________________________________ OpenChain mailing list OpenChain@... https://lists.linuxfoundation.org/mailman/listinfo/openchain IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
|
|
|
|
RUFFIN, MICHEL (MICHEL) <michel.ruffin@...>
Well we consider our FOSS process as a competitive advantage toward our competitors, this does not mean that we do not want anybody to reach this level. But the day Openchain will issue a compliance system we should be able to prove that we are following all criteria. While it takes years to a big company to reach these criteria (we started our FOSS process in 2003).
toggle quoted messageShow quoted text
Now our customers are asking questions on this topics and we are happy to meet their expectations and from what they said it is not the case of some of our competitors. When they name an ALU product, we are able to provide them the list of FOSS included in it, the license and take guarantees on FOSS IPR issues. We also provide them a package to respect FOSS license obligations. I cannot guarantee this is 100% true but perhaps 70% to 80% and we are trying to reach 100% (I am trying at this stage to get the 100%, it is very difficult to do this in a big company) So yes we are doing this to be competitive and yes we do it to respect the law, but Alcatel-Lucent wish to be a good citizen, we get a lot of advantage in using open source, but recognize that there is a philosophy behind open source and we want to respect it. In the training for our FOSS experts we say "respecting the FOSS obligations is not only a matter of law it is also respecting a philosophy, if you cannot respect the FOSS license obligations, do not use it" Michel Michel Michel.Ruffin@..., PhD Software Coordination Manager, COO - B&ITT Distinguished Member of Technical Staff Tel +33 6 75 25 21 94 Alcatel-Lucent International, Centre de Villarceaux - France
-----Message d'origine-----
De : Jilayne Lovejoy [mailto:Jilayne.Lovejoy@...] Envoyé : lundi 4 janvier 2016 18:57 À : Jim Hutchison; RUFFIN, MICHEL (MICHEL) Cc : openchain@... Objet : Re: [OpenChain] OSADL demo for consideration of certification prototype -- OpenChain agenda 12/7 Hi Michel, Jim, I wanted to highlight something Michel said that I find interesting: "We consider our process as a competitive advantage…” - this seems to be counter-intuitive to the whole goal of OpenChain. If companies (still) thought that good process around the management of open source software was a competitive advantage, I don’t think we’d have been able to even get OpenChain off the ground as a concept. My feeling or observation is that companies have evolved past this belief and realized that to facilitate trust in the software supply chain we need to have transparency around how open source software is managed - just having the software bill of materials with no insight on how it was generated is not enough. Good open source management should not be a competitive advantage - no one benefits by that. Of course, as Michel and Jim raised and also has been discussed on the calls, the extent of sharing need not include confidential information (unless mutually agreed upon by the relevant parties, of course). Anyway, I may have read Michel’s words too broadly or strictly (sorry, Michel, if so!) but I thought it was a good opportunity, in any case, to acknowledge the evolution of how the use of open source software in corporations is viewed - we’ve come a long way! Jilayne On 12/18/15, 11:40 AM, "openchain-bounces@... on behalf of Jim Hutchison" <openchain-bounces@... on behalf of hutch@...> wrote: Hi Michel, These are helpful observations, as we are looking for a solution folks would want to use productively. In considering OpenChain, we should be able to steer clear of contract/agreement terms. This will be good to keep an eye on as we proceed in formulating the certification questions. The group discussion appears to be trending towards using such an on-line mechanism, and with text crafted from the OpenChain text. Ideally we will make the questions flexible to many business processes, while retaining inquiry to illuminate adherence to the core concerns. Thanks, Jim Hutchison Qualcomm Technologies, Inc. At 02:04 AM 12/10/2015, RUFFIN, MICHEL (MICHEL) wrote: Jim, I look at the questionnaire_______________________________________________ OpenChain mailing list OpenChain@... https://lists.linuxfoundation.org/mailman/listinfo/openchain IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
|
|
|
|
Dave Marr
Yes, much of what each of us might do in our company roles is often intended to benefit folks downstream through good compliance and some of those practices might be positive differentiators for a company, but the reason why we (or at least I) wish to make contributions to OpenChain is because we would happily trade those possible differentiators for the outcomes of better ecosystem compliance, shortened time-to-market, and cost savings.
toggle quoted messageShow quoted text
Dave
-----Original Message-----
From: openchain-bounces@... [mailto:openchain-bounces@...] On Behalf Of RUFFIN, MICHEL (MICHEL) Sent: Monday, January 04, 2016 12:54 PM To: Jilayne Lovejoy; Hutchison, Jim Cc: openchain@... Subject: Re: [OpenChain] OSADL demo for consideration of certification prototype -- OpenChain agenda 12/7 Well we consider our FOSS process as a competitive advantage toward our competitors, this does not mean that we do not want anybody to reach this level. But the day Openchain will issue a compliance system we should be able to prove that we are following all criteria. While it takes years to a big company to reach these criteria (we started our FOSS process in 2003). Now our customers are asking questions on this topics and we are happy to meet their expectations and from what they said it is not the case of some of our competitors. When they name an ALU product, we are able to provide them the list of FOSS included in it, the license and take guarantees on FOSS IPR issues. We also provide them a package to respect FOSS license obligations. I cannot guarantee this is 100% true but perhaps 70% to 80% and we are trying to reach 100% (I am trying at this stage to get the 100%, it is very difficult to do this in a big company) So yes we are doing this to be competitive and yes we do it to respect the law, but Alcatel-Lucent wish to be a good citizen, we get a lot of advantage in using open source, but recognize that there is a philosophy behind open source and we want to respect it. In the training for our FOSS experts we say "respecting the FOSS obligations is not only a matter of law it is also respecting a philosophy, if you cannot respect the FOSS license obligations, do not use it" Michel Michel Michel.Ruffin@..., PhD Software Coordination Manager, COO - B&ITT Distinguished Member of Technical Staff Tel +33 6 75 25 21 94 Alcatel-Lucent International, Centre de Villarceaux - France -----Message d'origine----- De : Jilayne Lovejoy [mailto:Jilayne.Lovejoy@...] Envoyé : lundi 4 janvier 2016 18:57 À : Jim Hutchison; RUFFIN, MICHEL (MICHEL) Cc : openchain@... Objet : Re: [OpenChain] OSADL demo for consideration of certification prototype -- OpenChain agenda 12/7 Hi Michel, Jim, I wanted to highlight something Michel said that I find interesting: "We consider our process as a competitive advantage…” - this seems to be counter-intuitive to the whole goal of OpenChain. If companies (still) thought that good process around the management of open source software was a competitive advantage, I don’t think we’d have been able to even get OpenChain off the ground as a concept. My feeling or observation is that companies have evolved past this belief and realized that to facilitate trust in the software supply chain we need to have transparency around how open source software is managed - just having the software bill of materials with no insight on how it was generated is not enough. Good open source management should not be a competitive advantage - no one benefits by that. Of course, as Michel and Jim raised and also has been discussed on the calls, the extent of sharing need not include confidential information (unless mutually agreed upon by the relevant parties, of course). Anyway, I may have read Michel’s words too broadly or strictly (sorry, Michel, if so!) but I thought it was a good opportunity, in any case, to acknowledge the evolution of how the use of open source software in corporations is viewed - we’ve come a long way! Jilayne On 12/18/15, 11:40 AM, "openchain-bounces@... on behalf of Jim Hutchison" <openchain-bounces@... on behalf of hutch@...> wrote: Hi Michel, These are helpful observations, as we are looking for a solution folks would want to use productively. In considering OpenChain, we should be able to steer clear of contract/agreement terms. This will be good to keep an eye on as we proceed in formulating the certification questions. The group discussion appears to be trending towards using such an on-line mechanism, and with text crafted from the OpenChain text. Ideally we will make the questions flexible to many business processes, while retaining inquiry to illuminate adherence to the core concerns. Thanks, Jim Hutchison Qualcomm Technologies, Inc. At 02:04 AM 12/10/2015, RUFFIN, MICHEL (MICHEL) wrote: Jim, I look at the questionnaire_______________________________________________ OpenChain mailing list OpenChain@... https://lists.linuxfoundation.org/mailman/listinfo/openchain IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. _______________________________________________ OpenChain mailing list OpenChain@... https://lists.linuxfoundation.org/mailman/listinfo/openchain
|
|
|
|
Shane Martin Coughlan <shane@...>
Hi Dave
toggle quoted messageShow quoted text
I wanted to chime in and note that this perspective aligns with what I have heard from larger companies in China, Japan and Korea with significant Open Source engagement. The general perception appears to be that improved ecosystem compliance offers long-term strategic benefits which offset the “cost" of reducing short-term individual company compliance process advantages. Regards Shane
On Jan 5, 2016, at 06:20 , Marr, David <dmarr@...> wrote:
|
|
|
|
Dave Marr
On Jan 11, 2016, at 5:02 PM, Shane Martin Coughlan <shane@...> wrote:Better said than my long run-on attempt at a sentence. Very glad there is that consistency across geos. Esp. for OpenChain it would seem we need it to be global and not confined to regional success. Dave
|
|
|