Meaning of Open Source license in 2.1.1


Gergely Csatari
 

Hi,

 

I’m trying to interpret the requirements of 2.1.1 and I have problems finding out the meaning of “Open Source compliance inquiry”. It is not defined in the document. Can someone please clarify its meaning?

 

Thanks,

Gergely


Jan Thielscher
 

Hi Gergely,

my understanding is that it addresses the handling of the inbound questions concerning the open source parts of the Supplied Software.

Assume you are using some GPLv2 licensed code and offer to hand over the sources attached with that license. You will need an interface with the external world, to receive and reliable process the request.

The same applies to questions - and here you do good to make sure the process is well known across the organisation -  by potential notifications of infringements through the Supplied Software. Assume someone wants to contact you, because he thinks, the Supplied Software is non-compliant with his view, how the components should be treated/handled/documented… Having a sound procedure in place allowing to record, understand and securely process this inquiry will help to protect the company from potential damage.

I hope this answers your question? 

Mit freundlichem Gruß / kind regards
Jan Thielscher
 
T: +49 69 153 22 77 55
F: +49 69 153 22 77 51

Am 02.02.2022 um 11:42 schrieb Gergely Csatari via lists.openchainproject.org <gergely.csatari=nokia.com@...>:

Hi, 
 
I’m trying to interpret the requirements of 2.1.1 and I have problems finding out the meaning of “Open Source compliance inquiry”. It is not defined in the document. Can someone please clarify its meaning?
 
Thanks, 
Gergely


Mark Gisi
 

Jan’s description is consistent with my interpretation. If there is general confusion over the meaning of “Open Source compliance inquiry” – I would recommend someone file an issue here:

    https://github.com/OpenChain-Project/Specification/issues

 

We can consider using alternative wording or adding a question/answer in the spec FAQ.

 

- Mark

 

Mark Gisi
Director, Open Source Program Office

Empowering Customers to Prosper using Open Source

(510) 749-2016

Wind River

 

From: main@... <main@...> On Behalf Of Jan Thielscher
Sent: Wednesday, February 2, 2022 2:52 AM
To: main@...
Subject: Re: [openchain] Meaning of Open Source license in 2.1.1

 

[Please note: This e-mail is from an EXTERNAL e-mail address]

Hi Gergely,

 

my understanding is that it addresses the handling of the inbound questions concerning the open source parts of the Supplied Software.

 

Assume you are using some GPLv2 licensed code and offer to hand over the sources attached with that license. You will need an interface with the external world, to receive and reliable process the request.

 

The same applies to questions - and here you do good to make sure the process is well known across the organisation -  by potential notifications of infringements through the Supplied Software. Assume someone wants to contact you, because he thinks, the Supplied Software is non-compliant with his view, how the components should be treated/handled/documented… Having a sound procedure in place allowing to record, understand and securely process this inquiry will help to protect the company from potential damage.

 

I hope this answers your question? 

 

Mit freundlichem Gruß / kind regards
Jan Thielscher
 
T: +49 69 153 22 77 55
F: +49 69 153 22 77 51



Am 02.02.2022 um 11:42 schrieb Gergely Csatari via lists.openchainproject.org <gergely.csatari=nokia.com@...>:

 

Hi, 

 

I’m trying to interpret the requirements of 2.1.1 and I have problems finding out the meaning of “Open Source compliance inquiry”. It is not defined in the document. Can someone please clarify its meaning?

 

Thanks, 

Gergely