Slides
Miriam Ballhausen <Ballhausen@...>
Hi everyone,
Kelly asked me to circulate the slides for today’s call. Please find them attached.
All the best, Miriam ______________________________________________________________ Dr. Miriam Ballhausen Rechtsanwältin
JBB Rechtsanwälte Jaschinski Biere Brexl Partnerschaft mbB Christinenstraße 18/19 | 10119 Berlin Tel. +49.30.443 765 0 | Fax +49.30.443 765 22 Sitz der Gesellschaft: Berlin | Registergericht AG Charlottenburg | PR 609 B
|
|
Sami Atabani
Hi Miriam,
We should also consider the frequency of the certification. Should it be annually renewed?
Thanks
Sami
From: openchain-bounces@...
[mailto:openchain-bounces@...] On Behalf Of Miriam Ballhausen
Hi everyone,
Kelly asked me to circulate the slides for today’s call. Please find them attached.
All the best, Miriam ______________________________________________________________ Dr. Miriam Ballhausen Rechtsanwältin
JBB Rechtsanwälte Jaschinski Biere Brexl Partnerschaft mbB Christinenstraße 18/19 | 10119 Berlin Tel. +49.30.443 765 0 | Fax +49.30.443 765 22 Sitz der Gesellschaft: Berlin | Registergericht AG Charlottenburg | PR 609 B
|
|
Miriam Ballhausen <Ballhausen@...>
Hi Sami,
good point! My first impulse is to say yes. From my point of view it should’t be too much of a hassle for a company that has its processes in order, while it might increase the credibility and value of the certification/ assessment. But I’d like to get some feedback form other, especially those who deal with certification/ assessment in other cases. I’ll send out a summary of today’s call later this week and I’ll include your point
Best, Miriam ______________________________________________________________ Dr. Miriam Ballhausen Rechtsanwältin
JBB Rechtsanwälte Jaschinski Biere Brexl Partnerschaft mbB Christinenstraße 18/19 | 10119 Berlin Tel. +49.30.443 765 0 | Fax +49.30.443 765 22 Sitz der Gesellschaft: Berlin | Registergericht AG Charlottenburg | PR 609 B
Von: Sami Atabani
[mailto:Sami.Atabani@...]
Hi Miriam,
We should also consider the frequency of the certification. Should it be annually renewed?
Thanks
Sami
From:
openchain-bounces@... [mailto:openchain-bounces@...]
On Behalf Of Miriam Ballhausen
Hi everyone,
Kelly asked me to circulate the slides for today’s call. Please find them attached.
All the best, Miriam ______________________________________________________________ Dr. Miriam Ballhausen Rechtsanwältin
JBB Rechtsanwälte Jaschinski Biere Brexl Partnerschaft mbB Christinenstraße 18/19 | 10119 Berlin Tel. +49.30.443 765 0 | Fax +49.30.443 765 22 Sitz der Gesellschaft: Berlin | Registergericht AG Charlottenburg | PR 609 B
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
|
|
Mark Radcliffe
I think that it is a good idea.
If we are going to have certifications of large entities which may acquire other companies. Does the certification apply to the new entity (for example when Dell bought EMC if Dell was certified would the certification apply to EMC?). I think that we should consider either a distinction for companies that have been purchased or provide a period (three to six months) for the certifying company to certify that the new “subsidiary” can be considered compliant. I am open to suggestions.
From: openchain-bounces@... [mailto:openchain-bounces@...]
On Behalf Of Miriam Ballhausen
Hi Sami,
good point! My first impulse is to say yes. From my point of view it should’t be too much of a hassle for a company that has its processes in order, while it might increase the credibility and value of the certification/ assessment. But I’d like to get some feedback form other, especially those who deal with certification/ assessment in other cases. I’ll send out a summary of today’s call later this week and I’ll include your point
Best, Miriam ______________________________________________________________ Dr. Miriam Ballhausen Rechtsanwältin
JBB Rechtsanwälte Jaschinski Biere Brexl Partnerschaft mbB Christinenstraße 18/19 | 10119 Berlin Tel. +49.30.443 765 0 | Fax +49.30.443 765 22 Sitz der Gesellschaft: Berlin | Registergericht AG Charlottenburg | PR 609 B
Von: Sami Atabani [mailto:Sami.Atabani@...]
Hi Miriam,
We should also consider the frequency of the certification. Should it be annually renewed?
Thanks
Sami
From:
openchain-bounces@... [mailto:openchain-bounces@...]
On Behalf Of Miriam Ballhausen
Hi everyone,
Kelly asked me to circulate the slides for today’s call. Please find them attached.
All the best, Miriam ______________________________________________________________ Dr. Miriam Ballhausen Rechtsanwältin
JBB Rechtsanwälte Jaschinski Biere Brexl Partnerschaft mbB Christinenstraße 18/19 | 10119 Berlin Tel. +49.30.443 765 0 | Fax +49.30.443 765 22 Sitz der Gesellschaft: Berlin | Registergericht AG Charlottenburg | PR 609 B
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. The information contained in this email may be confidential and/or legally privileged. It has been sent for the sole use of the intended recipient(s). If the reader of this message is not an intended recipient, you are hereby notified that any unauthorized review, use, disclosure, dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please reply to the sender and destroy all copies of the message. To contact us directly, send to postmaster@.... Thank you.
|
|
Michael Dolan <mdolan@...>
One issue I know happens in supply chains based on hearing stories is that the person responsible for open source software compliance may leave the company, take a new role, etc and the company does not backfill them. So when you're talking about a compliance standard that will also be used with smaller vendors, I think many companies will want the assurance that the people/processes that were there a year ago exist after some key resource left. ---
On Mon, Jun 6, 2016 at 2:56 PM, Radcliffe, Mark <Mark.Radcliffe@...> wrote:
|
|
Armijn Hemel - Tjaldur Software Governance Solutions
On 06-06-16 21:03, Michael Dolan wrote:
One issue I know happens in supply chains based on hearing stories is that the person responsible for open source software compliance may leave the company, take a new role, etc and the company does not backfill them. This is *so* true and a major reason to put a time limit on certification. armijn -- Armijn Hemel, MSc Tjaldur Software Governance Solutions
|
|
Mark Radcliffe
If the certification includes an identification of the person who is responsible (and I think that it should), I suggest that one requirement of certification is that they keep someone in that role during the period of certification.
From: openchain-bounces@... [mailto:openchain-bounces@...]
On Behalf Of Armijn Hemel - Tjaldur Software Governance Solutions
On 06-06-16 21:03, Michael Dolan wrote:
armijn
-- Armijn Hemel, MSc Tjaldur Software Governance SolutionsPlease consider the environment before printing this email. The information contained in this email may be confidential and/or legally privileged. It has been sent for the sole use of the intended recipient(s). If the reader of this message is not an intended recipient, you are hereby notified that any unauthorized review, use, disclosure, dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please reply to the sender and destroy all copies of the message. To contact us directly, send to postmaster@.... Thank you.
|
|
Dave Marr
These comments resonate with me as well. As an attempt to capture the two related but distinct discussions on this point so far I’m seeing proposals to:
· Build a pre-set, standard time duration for an entity’s OpenChain Certification. An annual duration was proposed. Additional justification for setting a duration is because over time the person(s) in the FOSS Compliance Role might transition from that role, whether leaving the entity or changing job responsibilities within the entity.
· Consider either a distinction for companies that have been purchased or provide a period (such as three to six months) for the certifying company to certify that the new “subsidiary” can be considered compliant.
On the second point, I’m attracted to the suggestion of making a distinction. Perhaps any OpenChain Certification should extend to the entity and its subsidiaries at the time of certification (a snapshot in time), without automatic application to new subs, until the next annual(?) certification?
Dave
From: openchain-bounces@... [mailto:openchain-bounces@...]
On Behalf Of Radcliffe, Mark
If the certification includes an identification of the person who is responsible (and I think that it should), I suggest that one requirement of certification is that they keep someone in that role during the period of certification.
From:
openchain-bounces@... [mailto:openchain-bounces@...]
On Behalf Of Armijn Hemel - Tjaldur Software Governance Solutions
On 06-06-16 21:03, Michael Dolan wrote:
armijn
-- Armijn Hemel, MSc Tjaldur Software Governance Solutions Please consider the environment before printing this email.
|
|
Yagi, Martin, Vodafone Group <martin.yagi@...>
Dear all,
In my experience 3-6 months is nowhere near enough time for a new (large, FOSS-immature) acquisition to become compliant to the FOSS policies and practices of the new parent….even 6-12 months may not be achievable. I think it’s better to have the subsidiary distinct until its compliant.
Best regards,
Martin.
From: openchain-bounces@...
[mailto:openchain-bounces@...] On Behalf Of Marr, David
These comments resonate with me as well. As an attempt to capture the two related but distinct discussions on this point so far I’m seeing proposals to:
· Build a pre-set, standard time duration for an entity’s OpenChain Certification. An annual duration was proposed. Additional justification for setting a duration is because over time the person(s) in the FOSS Compliance Role might transition from that role, whether leaving the entity or changing job responsibilities within the entity.
· Consider either a distinction for companies that have been purchased or provide a period (such as three to six months) for the certifying company to certify that the new “subsidiary” can be considered compliant.
On the second point, I’m attracted to the suggestion of making a distinction. Perhaps any OpenChain Certification should extend to the entity and its subsidiaries at the time of certification (a snapshot in time), without automatic application to new subs, until the next annual(?) certification?
Dave
From:
openchain-bounces@... [mailto:openchain-bounces@...]
On Behalf Of Radcliffe, Mark
If the certification includes an identification of the person who is responsible (and I think that it should), I suggest that one requirement of certification is that they keep someone in that role during the period of certification.
From:
openchain-bounces@... [mailto:openchain-bounces@...]
On Behalf Of Armijn Hemel - Tjaldur Software Governance Solutions
On 06-06-16 21:03, Michael Dolan wrote:
armijn
--
Armijn Hemel, MSc
Tjaldur Software Governance Solutions
Please consider the environment before printing this email.
|
|