main@lists.openchainproject.org | Openchain new member

Home Messages Hashtags Subgroups

Date Date 1 - 2 of 2

Openchain new member

RUFFIN, MICHEL (MICHEL) <michel.ruffin@...>

Dear all I have just discover OpenChain today

I look at your criteria for good practice, and I think (I will have to cross check in detail) but Alcatel-Lucent is compliant to G1 to G6 and even to RP1 and more.

But it appears to me that you are still missing several things (sorry if I am wrong I have not checked all discussion and results)

1) Handling outsourcing, divertissement and merge and acquisition (this could be called RP2)

2) Handling new/quite recent technologies: DRM, Bit torrent, Saas, IaaS, PaaS, Maven, …

3) Measuring the level of implementation of the FOSS governance process: I am currently working on this in a company of 60 000 people so it is not yet well done in ALU but I have ideas like having internal audits, having certificate of compliance for ALU products, blocking the general availability of new products if they are not compliant (we already do that partially) etc.

FYI the FOSS governance process of ALU is a set of 120 pages of information addressing all (20 page on how to package an ALU product with FOSS); We have a FOSS executive committee that meet all weeks during 1h30 since 2007 with lawyers, procurement technical people, we have 180 FOSS evaluators in the company (coach by the FOSS EC), which corresponds to your FOSS compliance officers, we have registered tutorials, we have a process to contribute to open source, …. We have plan to issue a compliance alert in the company in September to inform people on FOSS in which training will be mandatory even for high executives, We have launched a recognition program for FOSS evaluator with Human resource, and quality group to be sure that they are empowered.

I am not too sure, that I can participate to your meetings (too much things to do), but this need to be addressed.

Now I am curious to know if you have some plans to make this like a CCMi certification program and in what timeframe

To provide you a small contribution, I send you the FOSS clauses that we put in ALL our suppliers contracts (I would like to standardize that). It is a public document that has already been sent to the FTF Europe legal network and to the SPDX group. Note that clause 5 needs to be reworked, because it does not exactly means what we intend to do. The legal phrasing is asking too much compared to what we expect. We also plan to change this clauses to impose the SPDX format rather that “electronic form”. Our internal tools are SPDX compliant (not perhaps yet to SPDX 2 yet , but to SPDX 1.2)

Now I have another important comment to your group. The criteria that you define are Ok for Alcatel-lucent, we can already claim that we are compliant with the highest criteria and I can prove it. But for companies which are far from this level of compliance, it is freighting, I do not know how this can be solved, but you should think a little bit about that. Because an open source process in a company needs steps to be acceptable and you need to put resource in place to face the demands.

My two cents, like we say in US

Michel

Michel.Ruffin@..., PhD
Software Coordination Manager, COO - Business transformation
Distinguished Member of Technical Staff
Tel +33 6 75 25 21 94
Alcatel-Lucent International, Centre de Villarceau - France

Mike Dolan <mdolan@...>

#158

Hi Michel, per my other email welcome to the OpenChain community. Your review of the status thus far is helpful to get a fresh perspective and help us take another look at possible gaps.

However, for everyone on this list, I’d like to send a reminder that repeats what I’ve email Michel directly. The LF’s antitrust policy prohibits any behavior that involves companies setting contract terms together. Please delete all instances of the email received at 9:38am Eastern time today from Michel Ruffin that contains an attachment with contract terms. If you have any questions, you may review our antitrust policy here:.

http://www.linuxfoundation.org/antitrust-policy

Thanks,

Mike

---
Mike Dolan
Sr. Director of Strategic Programs, The Linux Foundation

Office: +1.330.460.3250 Cell: +1.440.552.5322 Skype: michaelkdolan
Email / Google Talk: mdolan@...
---

Show quoted text

On May 21, 2015, at 5:30 PM, RUFFIN, MICHEL (MICHEL) <michel.ruffin@...> wrote:

Dear all I have just discover OpenChain today

I look at your criteria for good practice, and I think (I will have to cross check in detail) but Alcatel-Lucent is compliant to G1 to G6 and even to RP1 and more.

But it appears to me that you are still missing several things (sorry if I am wrong I have not checked all discussion and results)
1)      Handling outsourcing, divertissement and merge and acquisition (this could be called RP2)
2)       Handling new/quite recent technologies: DRM, Bit torrent, Saas, IaaS, PaaS, Maven, …
3)      Measuring the level of implementation of the FOSS governance process: I am currently working on this in a company of 60 000 people so it is not yet well done in ALU but I have ideas like having internal audits, having certificate of compliance for ALU products, blocking the general availability of new products if they are not compliant (we already do that partially) etc.

FYI the FOSS governance process of ALU is a set of 120 pages of information addressing all (20 page on how to package an ALU product with FOSS); We have a FOSS executive committee that meet all weeks during 1h30 since 2007 with lawyers, procurement technical people, we have 180 FOSS evaluators in the company (coach by the FOSS EC), which corresponds to your FOSS compliance officers, we have registered tutorials, we have a process to contribute to open source, …. We have plan to issue a compliance alert in the company in September to inform people on FOSS in which training will be mandatory even for high executives, We have launched a recognition program for FOSS evaluator with Human resource, and quality group to be sure that they are empowered.

I am not too sure, that I can participate to your meetings (too much things to do), but this need to be addressed.

Now I am curious to know if you have some plans to make this like a CCMi certification program and in what timeframe

To provide you a small contribution, I send you the FOSS clauses that we put in ALL our suppliers contracts (I would like to standardize that). It is a public document that has already been sent to the FTF Europe legal network and to the SPDX group. Note that clause 5 needs to be reworked, because it does not exactly means what we intend to do. The legal phrasing is asking too much compared to what we expect. We also plan to change this clauses to impose the SPDX format rather that “electronic form”. Our internal tools are SPDX compliant (not perhaps yet to SPDX 2 yet , but to SPDX 1.2)

Now I have another important comment to your group. The criteria that you define are Ok for Alcatel-lucent, we can already claim that we are compliant with the highest criteria and I can prove it. But for companies which are far from this level of compliance, it is freighting, I do not know how this can be solved, but you should think a little bit about that. Because an open source process in a company needs steps to be acceptable and you need to put resource in place to face the demands.

My two cents, like we say in US

Michel
Michel.Ruffin@..., PhD
Software Coordination Manager, COO - Business transformation
Distinguished Member of Technical Staff
Tel +33 6 75 25 21 94
Alcatel-Lucent International, Centre de Villarceau - France

<FOSS_clauses_rationale_150508.doc>_______________________________________________
OpenChain mailing list
OpenChain@...
https://lists.linuxfoundation.org/mailman/listinfo/openchain

signature.asc

1 - 2 of 2

Previous Topic Next Topic

Home Hashtags Subgroups Terms