Notes on OpenChain Work Team Meetings - Face-to-Face


Dave Marr
 

Hello, I am circulating my notes from the OpenChain meetings that we just had at LinuxCon Europe.  If any attendees have any edits/corrections, they are much welcome.

 

Thank you to all participants, in particular to our Team Leads, Mark, Miriam and Shane for leading us all through a highly productive day.

 

Dave

 

---

 

OpenChain Work Team Meetings – 5 Oct. 2016, Berlin, InterContinental Hotel, Bishop Conference Room

 

Attendees (at various points):

Sami Atabani

Miriam Ballhausen

Hung Chang

Karl Clinger

Shane Coughlan

Mike Dolan

Oliver Fendt

Mark Gisi,

Ibrahim Haddad

Paul Holland

Till Jaeger

Jilayne Lovejoy,

Catharina Maracke

Dave Marr

Kate Stewart

Oskar Swirtun

Bill Weinberg

Jon <missed the last name>

 

Minutes:

 

Discussion on goals for the day

                Expansion opportunities (contributions [small/large], security, cryptography, etc.)

                Recognition of accomplishment to date

                Desire to agree on next steps for each Work Team

 

Specification discussion

                Example of a real world audit use case (automotive)

                                Used the spec to create common understanding/trust

                                Self-certification can be effective as a conformance check method

                                Need to consider policy/procedure for remediation

                Discussion on “best practice” and “legal advice” – this framing is to be avoided

                Anyone new should read the FAQ

                                We have an FAQ that includes Curriculum and Conformance questions

Discussion re community comments deferred for next spec version

Comment re adding a requirement for a process for identifying license conditions of applicable FOSS licenses

                                Requirement 4.1 requires the distributed compliance artifacts be included, which implies there is a process

                                New 3.2: A process exists to identify license obligations in all Identified Licenses

                                Verification Artifact: A documented procedure exists used to identify…

Discussion on whether to keep the word “distribution”

Discussion on whether to link 3.3 to 4.1

 

Conformance discussion

                Continued discussion of Section 4 (picking up from where the Conformance team last met)

                Discussion of Section 5; whether upstream contributions are required – consensus to keep as is, not required

                                Remove 5.4

                                In 5.6 replace “wiki” with “documentation”

                Numerous other edits

 

Curriculum discussion

                Handbook to be created as a teacher’s guide

                                Could consist of expanded notes for each slide

                We need to decide what to do about Chapter 8

                Expectation is 3-4 hours to deliver ~70 slides in total

                Gary has already built a prototype for the “Check Your Understanding” slides – impressive!

                Steps: clean up the slide notes, create answers for Check Your Understanding, then build handbook

                In chapter 6 there are complex slides

                                Remedy is to note that a checklist can be sufficient for a small org

                                Keep the complex slides for now, prefaced by comment that they are for large corporate enterprises

                Goal: keep slides simple

                Discussion on compliance vs. curriculum standards

                Title of the curriculum deck will be renamed consistent w/ the spec language

                The curriculum will iterate more quickly than the spec, but will reference which version of the spec it addresses

                December deliverable expected

                Need volunteer translators

                                Hak Sun (sp?) from LG has kindly offered to create a Korean version

                                Any other volunteer translators?

                What about jurisdiction-specific content that is keyed to the different translation

                                Include placeholders for localization?

                                Suggestion to reference the IFOSS Law Book

                                Keep correct for a reference legal system

Since the slides are already based on US law, add an express note so folks are aware

                                Put in jurisdiction capability as a 2017 goal

                                                Include instructions on how to contribute to the slides, esp. for jurisdiction-specific slides