Slides


Miriam Ballhausen <Ballhausen@...>
 

Hi everyone,

 

Kelly asked me to circulate the slides for today’s call. Please find them attached.

 

All the best,

Miriam

______________________________________________________________

Dr. Miriam Ballhausen

Rechtsanwältin

 

JBB Rechtsanwälte

Jaschinski Biere Brexl Partnerschaft mbB

Christinenstraße 18/19 | 10119 Berlin

Tel. +49.30.443 765 0  |  Fax +49.30.443 765 22

Sitz der Gesellschaft: Berlin | Registergericht AG Charlottenburg | PR 609 B

www.jbb.de

 

 


Sami Atabani
 

Hi Miriam,

 

We should also consider the frequency of the certification. Should it be annually renewed?

 

Thanks

 

Sami

 

From: openchain-bounces@... [mailto:openchain-bounces@...] On Behalf Of Miriam Ballhausen
Sent: 06 June 2016 17:06
To: openchain@...
Subject: [OpenChain] Slides

 

Hi everyone,

 

Kelly asked me to circulate the slides for today’s call. Please find them attached.

 

All the best,

Miriam

______________________________________________________________

Dr. Miriam Ballhausen

Rechtsanwältin

 

JBB Rechtsanwälte

Jaschinski Biere Brexl Partnerschaft mbB

Christinenstraße 18/19 | 10119 Berlin

Tel. +49.30.443 765 0  |  Fax +49.30.443 765 22

Sitz der Gesellschaft: Berlin | Registergericht AG Charlottenburg | PR 609 B

www.jbb.de

 

 

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.


Miriam Ballhausen <Ballhausen@...>
 

Hi Sami,

 

good point! My first impulse is to say yes. From my point of view it should’t be too much of a hassle for a company that has its processes in order, while it might increase the credibility and value of the certification/ assessment. But I’d like to get some feedback form other, especially those who deal with certification/ assessment in other cases. I’ll send out a summary of today’s call later this week and I’ll include your point

 

Best,

Miriam

______________________________________________________________

Dr. Miriam Ballhausen

Rechtsanwältin

 

JBB Rechtsanwälte

Jaschinski Biere Brexl Partnerschaft mbB

Christinenstraße 18/19 | 10119 Berlin

Tel. +49.30.443 765 0  |  Fax +49.30.443 765 22

Sitz der Gesellschaft: Berlin | Registergericht AG Charlottenburg | PR 609 B

www.jbb.de

 

 

 

Von: Sami Atabani [mailto:Sami.Atabani@...]
Gesendet: Montag, 6. Juni 2016 19:04
An: Miriam Ballhausen; ope
nchain@...
Betreff: RE: [OpenChain] Slides

 

Hi Miriam,

 

We should also consider the frequency of the certification. Should it be annually renewed?

 

Thanks

 

Sami

 

From: openchain-bounces@... [mailto:openchain-bounces@...] On Behalf Of Miriam Ballhausen
Sent: 06 June 2016 17:06
To: openchain@...
Subject: [OpenChain] Slides

 

Hi everyone,

 

Kelly asked me to circulate the slides for today’s call. Please find them attached.

 

All the best,

Miriam

______________________________________________________________

Dr. Miriam Ballhausen

Rechtsanwältin

 

JBB Rechtsanwälte

Jaschinski Biere Brexl Partnerschaft mbB

Christinenstraße 18/19 | 10119 Berlin

Tel. +49.30.443 765 0  |  Fax +49.30.443 765 22

Sitz der Gesellschaft: Berlin | Registergericht AG Charlottenburg | PR 609 B

www.jbb.de

 

 

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.


Mark Radcliffe
 

I think that it is a good idea.

 

If we are going to have certifications of large entities which may acquire other companies.  Does the certification apply to the new entity (for example when Dell bought EMC if Dell was certified would the certification apply to EMC?).  I think that we should consider either a distinction for companies that have been purchased or provide a period (three to six months) for the certifying company to certify that the new “subsidiary” can be considered compliant.  I am open to suggestions.

 

From: openchain-bounces@... [mailto:openchain-bounces@...] On Behalf Of Miriam Ballhausen
Sent: Monday, June 06, 2016 10:08 AM
To: 'Sami Atabani'; openchain@...
Subject: Re: [OpenChain] Slides

 

Hi Sami,

 

good point! My first impulse is to say yes. From my point of view it should’t be too much of a hassle for a company that has its processes in order, while it might increase the credibility and value of the certification/ assessment. But I’d like to get some feedback form other, especially those who deal with certification/ assessment in other cases. I’ll send out a summary of today’s call later this week and I’ll include your point

 

Best,

Miriam

______________________________________________________________

Dr. Miriam Ballhausen

Rechtsanwältin

 

JBB Rechtsanwälte

Jaschinski Biere Brexl Partnerschaft mbB

Christinenstraße 18/19 | 10119 Berlin

Tel. +49.30.443 765 0  |  Fax +49.30.443 765 22

Sitz der Gesellschaft: Berlin | Registergericht AG Charlottenburg | PR 609 B

www.jbb.de

 

 

 

Von: Sami Atabani [mailto:Sami.Atabani@...]
Gesendet: Montag, 6. Juni 2016 19:04
An: Miriam Ballhausen; openchain@...

Betreff: RE: [OpenChain] Slides

 

Hi Miriam,

 

We should also consider the frequency of the certification. Should it be annually renewed?

 

Thanks

 

Sami

 

From: openchain-bounces@... [mailto:openchain-bounces@...] On Behalf Of Miriam Ballhausen
Sent: 06 June 2016 17:06
To: openchain@...
Subject: [OpenChain] Slides

 

Hi everyone,

 

Kelly asked me to circulate the slides for today’s call. Please find them attached.

 

All the best,

Miriam

______________________________________________________________

Dr. Miriam Ballhausen

Rechtsanwältin

 

JBB Rechtsanwälte

Jaschinski Biere Brexl Partnerschaft mbB

Christinenstraße 18/19 | 10119 Berlin

Tel. +49.30.443 765 0  |  Fax +49.30.443 765 22

Sitz der Gesellschaft: Berlin | Registergericht AG Charlottenburg | PR 609 B

www.jbb.de

 

 

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

Please consider the environment before printing this email.

The information contained in this email may be confidential and/or legally privileged. It has been sent for the sole use of the intended recipient(s). If the reader of this message is not an intended recipient, you are hereby notified that any unauthorized review, use, disclosure, dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please reply to the sender and destroy all copies of the message. To contact us directly, send to postmaster@.... Thank you.


Michael Dolan <mdolan@...>
 

One issue I know happens in supply chains based on hearing stories is that the person responsible for open source software compliance may leave the company, take a new role, etc and the company does not backfill them. So when you're talking about a compliance standard that will also be used with smaller vendors, I think many companies will want the assurance that the people/processes that were there a year ago exist after some key resource left.


---
Mike Dolan
VP of Strategic Programs
The Linux Foundation
Office: +1.330.460.3250   Cell: +1.440.552.5322  Skype: michaelkdolan
mdolan@...
---


On Mon, Jun 6, 2016 at 2:56 PM, Radcliffe, Mark <Mark.Radcliffe@...> wrote:

I think that it is a good idea.

 

If we are going to have certifications of large entities which may acquire other companies.  Does the certification apply to the new entity (for example when Dell bought EMC if Dell was certified would the certification apply to EMC?).  I think that we should consider either a distinction for companies that have been purchased or provide a period (three to six months) for the certifying company to certify that the new “subsidiary” can be considered compliant.  I am open to suggestions.

 

From: openchain-bounces@... [mailto:openchain-bounces@...] On Behalf Of Miriam Ballhausen
Sent: Monday, June 06, 2016 10:08 AM
To: 'Sami Atabani'; openchain@...
Subject: Re: [OpenChain] Slides

 

Hi Sami,

 

good point! My first impulse is to say yes. From my point of view it should’t be too much of a hassle for a company that has its processes in order, while it might increase the credibility and value of the certification/ assessment. But I’d like to get some feedback form other, especially those who deal with certification/ assessment in other cases. I’ll send out a summary of today’s call later this week and I’ll include your point

 

Best,

Miriam

______________________________________________________________

Dr. Miriam Ballhausen

Rechtsanwältin

 

JBB Rechtsanwälte

Jaschinski Biere Brexl Partnerschaft mbB

Christinenstraße 18/19 | 10119 Berlin

Tel. +49.30.443 765 0  |  Fax +49.30.443 765 22

Sitz der Gesellschaft: Berlin | Registergericht AG Charlottenburg | PR 609 B

www.jbb.de

 

 

 

Von: Sami Atabani [mailto:Sami.Atabani@...]
Gesendet: Montag, 6. Juni 2016 19:04
An: Miriam Ballhausen; openchain@...

Betreff: RE: [OpenChain] Slides

 

Hi Miriam,

 

We should also consider the frequency of the certification. Should it be annually renewed?

 

Thanks

 

Sami

 

From: openchain-bounces@... [mailto:openchain-bounces@...] On Behalf Of Miriam Ballhausen
Sent: 06 June 2016 17:06
To: openchain@...
Subject: [OpenChain] Slides

 

Hi everyone,

 

Kelly asked me to circulate the slides for today’s call. Please find them attached.

 

All the best,

Miriam

______________________________________________________________

Dr. Miriam Ballhausen

Rechtsanwältin

 

JBB Rechtsanwälte

Jaschinski Biere Brexl Partnerschaft mbB

Christinenstraße 18/19 | 10119 Berlin

Tel. +49.30.443 765 0  |  Fax +49.30.443 765 22

Sitz der Gesellschaft: Berlin | Registergericht AG Charlottenburg | PR 609 B

www.jbb.de

 

 

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

Please consider the environment before printing this email.

The information contained in this email may be confidential and/or legally privileged. It has been sent for the sole use of the intended recipient(s). If the reader of this message is not an intended recipient, you are hereby notified that any unauthorized review, use, disclosure, dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please reply to the sender and destroy all copies of the message. To contact us directly, send to postmaster@.... Thank you.

_______________________________________________
OpenChain mailing list
OpenChain@...
https://lists.linuxfoundation.org/mailman/listinfo/openchain



Armijn Hemel - Tjaldur Software Governance Solutions
 

On 06-06-16 21:03, Michael Dolan wrote:
One issue I know happens in supply chains based on hearing stories is that the person responsible for open source software compliance may leave the company, take a new role, etc and the company does not backfill them.

This is *so* true and a major reason to put a time limit on certification.

armijn


-- 
Armijn Hemel, MSc
Tjaldur Software Governance Solutions


Mark Radcliffe
 

If the certification includes an identification of the person who is responsible (and I think that it should), I suggest that one requirement of certification is that they keep someone in that role during the period of certification.

 

From: openchain-bounces@... [mailto:openchain-bounces@...] On Behalf Of Armijn Hemel - Tjaldur Software Governance Solutions
Sent: Monday, June 06, 2016 12:14 PM
To: openchain@...
Subject: Re: [OpenChain] Slides

 

On 06-06-16 21:03, Michael Dolan wrote:

One issue I know happens in supply chains based on hearing stories is that the person responsible for open source software compliance may leave the company, take a new role, etc and the company does not backfill them.


This is *so* true and a major reason to put a time limit on certification.

armijn



-- 
Armijn Hemel, MSc
Tjaldur Software Governance Solutions
Please consider the environment before printing this email.

The information contained in this email may be confidential and/or legally privileged. It has been sent for the sole use of the intended recipient(s). If the reader of this message is not an intended recipient, you are hereby notified that any unauthorized review, use, disclosure, dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please reply to the sender and destroy all copies of the message. To contact us directly, send to postmaster@.... Thank you.


Dave Marr
 

These comments resonate with me as well.  As an attempt to capture the two related but distinct discussions on this point so far I’m seeing proposals to:

 

·         Build a pre-set, standard time duration for an entity’s OpenChain Certification.  An annual duration was proposed. Additional justification for setting a duration is because over time the person(s) in the FOSS Compliance Role might transition from that role, whether leaving the entity or changing job responsibilities within the entity.

 

·         Consider either a distinction for companies that have been purchased or provide a period (such as three to six months) for the certifying company to certify that the new “subsidiary” can be considered compliant.

 

On the second point, I’m attracted to the suggestion of making a distinction.  Perhaps any OpenChain Certification should extend to the entity and its subsidiaries at the time of certification (a snapshot in time), without automatic application to new subs, until the next annual(?) certification?

 

Dave

 

From: openchain-bounces@... [mailto:openchain-bounces@...] On Behalf Of Radcliffe, Mark
Sent: Monday, June 06, 2016 1:01 PM
To: Armijn Hemel - Tjaldur Software Governance Solutions <armijn@...>; openchain@...
Subject: Re: [OpenChain] Slides

 

If the certification includes an identification of the person who is responsible (and I think that it should), I suggest that one requirement of certification is that they keep someone in that role during the period of certification.

 

From: openchain-bounces@... [mailto:openchain-bounces@...] On Behalf Of Armijn Hemel - Tjaldur Software Governance Solutions
Sent: Monday, June 06, 2016 12:14 PM
To: openchain@...
Subject: Re: [OpenChain] Slides

 

On 06-06-16 21:03, Michael Dolan wrote:

One issue I know happens in supply chains based on hearing stories is that the person responsible for open source software compliance may leave the company, take a new role, etc and the company does not backfill them.


This is *so* true and a major reason to put a time limit on certification.

armijn

 

-- 
Armijn Hemel, MSc
Tjaldur Software Governance Solutions

Please consider the environment before printing this email.

The information contained in this email may be confidential and/or legally privileged. It has been sent for the sole use of the intended recipient(s). If the reader of this message is not an intended recipient, you are hereby notified that any unauthorized review, use, disclosure, dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please reply to the sender and destroy all copies of the message. To contact us directly, send to postmaster@.... Thank you.


Yagi, Martin, Vodafone Group <martin.yagi@...>
 

Dear all,

 

In my experience 3-6 months is nowhere near enough time for a new (large, FOSS-immature) acquisition to become compliant to the FOSS policies and practices of the new parent….even 6-12 months may not be achievable. I think it’s better to have the subsidiary distinct until its compliant.

 

Best regards,

 

Martin.

 

From: openchain-bounces@... [mailto:openchain-bounces@...] On Behalf Of Marr, David
Sent: 07 June 2016 00:03
To: Radcliffe, Mark; Armijn Hemel - Tjaldur Software Governance Solutions; openchain@...
Subject: Re: [OpenChain] Slides

 

These comments resonate with me as well.  As an attempt to capture the two related but distinct discussions on this point so far I’m seeing proposals to:

 

·         Build a pre-set, standard time duration for an entity’s OpenChain Certification.  An annual duration was proposed. Additional justification for setting a duration is because over time the person(s) in the FOSS Compliance Role might transition from that role, whether leaving the entity or changing job responsibilities within the entity.

 

·         Consider either a distinction for companies that have been purchased or provide a period (such as three to six months) for the certifying company to certify that the new “subsidiary” can be considered compliant.

 

On the second point, I’m attracted to the suggestion of making a distinction.  Perhaps any OpenChain Certification should extend to the entity and its subsidiaries at the time of certification (a snapshot in time), without automatic application to new subs, until the next annual(?) certification?

 

Dave

 

From: openchain-bounces@... [mailto:openchain-bounces@...] On Behalf Of Radcliffe, Mark
Sent: Monday, June 06, 2016 1:01 PM
To: Armijn Hemel - Tjaldur Software Governance Solutions <armijn@...>; openchain@...
Subject: Re: [OpenChain] Slides

 

If the certification includes an identification of the person who is responsible (and I think that it should), I suggest that one requirement of certification is that they keep someone in that role during the period of certification.

 

From: openchain-bounces@... [mailto:openchain-bounces@...] On Behalf Of Armijn Hemel - Tjaldur Software Governance Solutions
Sent: Monday, June 06, 2016 12:14 PM
To: openchain@...
Subject: Re: [OpenChain] Slides

 

On 06-06-16 21:03, Michael Dolan wrote:

One issue I know happens in supply chains based on hearing stories is that the person responsible for open source software compliance may leave the company, take a new role, etc and the company does not backfill them.


This is *so* true and a major reason to put a time limit on certification.

armijn

 

-- 
Armijn Hemel, MSc
Tjaldur Software Governance Solutions

Please consider the environment before printing this email.

The information contained in this email may be confidential and/or legally privileged. It has been sent for the sole use of the intended recipient(s). If the reader of this message is not an intended recipient, you are hereby notified that any unauthorized review, use, disclosure, dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please reply to the sender and destroy all copies of the message. To contact us directly, send to postmaster@.... Thank you.