Hello, I am circulating my notes from the OpenChain meetings that we just had at LinuxCon Europe. If any attendees have any edits/corrections, they are much welcome.
Thank you to all participants, in particular to our Team Leads, Mark, Miriam and Shane for leading us all through a highly productive day.
Dave
---
OpenChain Work Team Meetings – 5 Oct. 2016, Berlin, InterContinental Hotel, Bishop Conference Room
Attendees (at various points):
Sami Atabani
Miriam Ballhausen
Hung Chang
Karl Clinger
Shane Coughlan
Mike Dolan
Oliver Fendt
Mark Gisi,
Ibrahim Haddad
Paul Holland
Till Jaeger
Jilayne Lovejoy,
Catharina Maracke
Dave Marr
Kate Stewart
Oskar Swirtun
Bill Weinberg
Jon <missed the last name>
Minutes:
Discussion on goals for the day
Expansion opportunities (contributions [small/large], security, cryptography, etc.)
Recognition of accomplishment to date
Desire to agree on next steps for each Work Team
Specification discussion
Example of a real world audit use case (automotive)
Used the spec to create common understanding/trust
Self-certification can be effective as a conformance check method
Need to consider policy/procedure for remediation
Discussion on “best practice” and “legal advice” – this framing is to be avoided
Anyone new should read the FAQ
We have an FAQ that includes Curriculum and Conformance questions
Discussion re community comments deferred for next spec version
Comment re adding a requirement for a process for identifying license conditions of applicable FOSS licenses
Requirement 4.1 requires the distributed compliance artifacts be included, which implies there is a process
New 3.2: A process exists to identify license obligations in all Identified Licenses
Verification Artifact: A documented procedure exists used to identify…
Discussion on whether to keep the word “distribution”
Discussion on whether to link 3.3 to 4.1
Conformance discussion
Continued discussion of Section 4 (picking up from where the Conformance team last met)
Discussion of Section 5; whether upstream contributions are required – consensus to keep as is, not required
Remove 5.4
In 5.6 replace “wiki” with “documentation”
Numerous other edits
Curriculum discussion
Handbook to be created as a teacher’s guide
Could consist of expanded notes for each slide
We need to decide what to do about Chapter 8
Expectation is 3-4 hours to deliver ~70 slides in total
Gary has already built a prototype for the “Check Your Understanding” slides – impressive!
Steps: clean up the slide notes, create answers for Check Your Understanding, then build handbook
In chapter 6 there are complex slides
Remedy is to note that a checklist can be sufficient for a small org
Keep the complex slides for now, prefaced by comment that they are for large corporate enterprises
Goal: keep slides simple
Discussion on compliance vs. curriculum standards
Title of the curriculum deck will be renamed consistent w/ the spec language
The curriculum will iterate more quickly than the spec, but will reference which version of the spec it addresses
December deliverable expected
Need volunteer translators
Hak Sun (sp?) from LG has kindly offered to create a Korean version
Any other volunteer translators?
What about jurisdiction-specific content that is keyed to the different translation
Include placeholders for localization?
Suggestion to reference the IFOSS Law Book
Keep correct for a reference legal system
Since the slides are already based on US law, add an express note so folks are aware
Put in jurisdiction capability as a 2017 goal
Include instructions on how to contribute to the slides, esp. for jurisdiction-specific slides
