Date   

Re: OpenChain Telco Work Group Meeting Today 2021-10-21 at 07:00 UTC / 08:00 BST / 09:00 CEST / 15:00 CST / 16:00 KST + JST

 

Heads up… our meeting starts now.

On Oct 21, 2021, at 8:33, Shane Coughlan <scoughlan@linuxfoundation.org> wrote:

OpenChain Telco Work Group Meeting Today 2021-10-21 at 07:00 UTC / 08:00 BST / 09:00 CEST / 15:00 CST / 16:00 KST + JST

Jimmy from Ericsson will host.
“We hope to continue our discussion started last time on Software Bill of Material and how we best can create alignment and a voluntary best practice "standard" we can adhere to so that whatever is supplied into, our out of the Telco ecosystem is easily digestible in a predictable manner.”

----( Zoom )----
https://zoom.us/j/4377592799


OpenChain Telco Work Group Meeting Today 2021-10-21 at 07:00 UTC / 08:00 BST / 09:00 CEST / 15:00 CST / 16:00 KST + JST

 

OpenChain Telco Work Group Meeting Today 2021-10-21 at 07:00 UTC / 08:00 BST / 09:00 CEST / 15:00 CST / 16:00 KST + JST

Jimmy from Ericsson will host.
“We hope to continue our discussion started last time on Software Bill of Material and how we best can create alignment and a voluntary best practice "standard" we can adhere to so that whatever is supplied into, our out of the Telco ecosystem is easily digestible in a predictable manner.”

----( Zoom )----
https://zoom.us/j/4377592799


Re: Case Study: Open Source Compliance Automation and Interoperability #3 - Video Now Live

 

Apologies. The link to the recording was down for a few minutes. It is back now:
https://www.openchainproject.org/featured/2021/10/15/automation-case-study-3

On Oct 19, 2021, at 17:12, Shane Coughlan <scoughlan@linuxfoundation.org> wrote:

Part #3 of our epic automation case study explores the Open Source Review Toolkit (ORT) both in the context of the GUI tool from TNG/Facebook and when used on its own.
https://www.openchainproject.org/featured/2021/10/15/automation-case-study-3
This marks the moment when we begin to expand on automation options across the ecosystem in more detail. There are various choices people make when selecting tooling that we hope to unpack here, shortly with TERN, and over time with everything from FOSSology to FOSSLight and beyond.

Coming Next:
• October 27th, we do a deep dive on using TERN via the tool + deep dive into TERN internals engineering.
• November 10th, we do a “how this tool can work with TERN, ORT and ScanOSS in the real-world.”
• November 24th, we do a “fake supply chain” showing code going through multiple scanners and maintaining SPDX Lite integrity.
• December 8th, Facebook Usage Case Study.
• December 16th, A recap of the whole open source tooling eco-system at Open Compliance Summit 2021.
Seen Previously:
• Part #1 explores a new graphical tool from Facebook/TNG to make open source tooling easier to use. Our demo shows ORT calling ScanCode in a clean, simple way. We also discuss how the graphical interface was designed.
• Part #2 explores the engineering behind the new graphical tool from Facebook/TNG that makes open source tooling easier to use.


The Eclipse Foundation Announces It Has Achieved OpenChain ISO 5230 Conformance

 

BRUSSELS – October 19, 2021 – The Eclipse Foundation AISBL, a global community fostering a mature, scalable, and business-friendly environment for software collaboration and innovation, has announced that it is the first open source software foundation to confirm that its open source development and license management processes are OpenChain ISO 5230 conformant.

Learn More:
https://www.openchainproject.org/featured/2021/10/19/eclipse-foundation-conformance


Case Study: Open Source Compliance Automation and Interoperability #3 - Video Now Live

 

Part #3 of our epic automation case study explores the Open Source Review Toolkit (ORT) both in the context of the GUI tool from TNG/Facebook and when used on its own.
https://www.openchainproject.org/featured/2021/10/15/automation-case-study-3 
This marks the moment when we begin to expand on automation options across the ecosystem in more detail. There are various choices people make when selecting tooling that we hope to unpack here, shortly with TERN, and over time with everything from FOSSology to FOSSLight and beyond.

Coming Next:
  • October 27th, we do a deep dive on using TERN via the tool + deep dive into TERN internals engineering.
  • November 10th, we do a “how this tool can work with TERN, ORT and ScanOSS in the real-world.”
  • November 24th, we do a “fake supply chain” showing code going through multiple scanners and maintaining SPDX Lite integrity.
  • December 8th, Facebook Usage Case Study.
  • December 16th, A recap of the whole open source tooling eco-system at Open Compliance Summit 2021.
Seen Previously:


OpenChain Webinar Today 2021-08-16 @ 14:00 UTC - Postponed due to scheduling change

 

Dear all

Today’s regular bi-weekly webinar is being postponed due to a scheduling conflict.

You are reminder that:

We hold a telco work group meeting this Thursday the 21st at 07:00 UTC.

and

Part #4 of our automation case study will take place on Wednesday the 27th at 14:00 UTC.

Our regular global work team call takes place next Monday the 25th at 14:00 UTC as usual.

All these events are in the global calendar and all are invited to attend without registration or restriction.

Regards

Shane


REMINDER: Case Study: Open Source Compliance Automation and Interoperability #3 - GUI + ORT Deep Dive 2021-10-13 08:00 UTC / 09:00 BST / 10:00 CEST / 16:00 CST / 17:00 KST + JST

 

Our third automation case study webinar is about to start. Join here:

It will be a pretty special event and include some technical deep-dives as well as examples of easy automation usage. Max will take lead on explaining simplicity in using a GUI to access the Open Source Review Toolkit. Sebastian and Thomas will take us on a deep-dive into the tool itself.

Not to be missed. Dial in details below and on our global calendar.

Case Study: Open Source Compliance Automation and Interoperability #3 - GUI + ORT Deep Dive 2021-10-13 08:00 UTC / 09:00 BST / 10:00 CEST / 16:00 CST / 17:00 KST + JST

Regards

Shane 

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:


REMINDER: Case Study: Open Source Compliance Automation and Interoperability #3 - GUI + ORT Deep Dive 2021-10-13 08:00 UTC / 09:00 BST / 10:00 CEST / 16:00 CST / 17:00 KST + JST

 

Dear all 

This is a reminder that our third automation case study webinar takes place today. It will be a pretty special event and include some technical deep-dives as well as examples of easy automation usage.

Max will take lead on explaining simplicity in using a GUI to access the Open Source Review Toolkit. Sebastian and Thomas will take us on a deep-dive into the tool itself.

Not to be missed. Dial in details below and on our global calendar.

Case Study: Open Source Compliance Automation and Interoperability #3 - GUI + ORT Deep Dive 2021-10-13 08:00 UTC / 09:00 BST / 10:00 CEST / 16:00 CST / 17:00 KST + JST

Regards

Shane 

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan


REMINDER: Case Study: Open Source Compliance Automation and Interoperability #3 - GUI + ORT Deep Dive 2021-10-13 08:00 UTC / 09:00 BST / 10:00 CEST / 16:00 CST / 17:00 KST + JST

 

Dear all 

This is a reminder that our third automation case study webinar takes place tomorrow. It will be a pretty special event and include some technical deep-dives as well as examples of easy automation usage.

Max will take lead on explaining simplicity in using a GUI to access the Open Source Review Toolkit. Sebastian and Thomas will take us on a deep-dive into the tool itself.

Not to be missed. Dial in details below and on our global calendar.

Case Study: Open Source Compliance Automation and Interoperability #3 - GUI + ORT Deep Dive 2021-10-13 08:00 UTC / 09:00 BST / 10:00 CEST / 16:00 CST / 17:00 KST + JST

Regards

Shane 

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan


RECORDING: Q3 2021 Mini-Summit - Focus: Security Assurance Reference Guide

 

Dear all

The recording of our recent mini-summit is now available. Huge thanks to Mark Gisi for leading the discussion with a focus on our Security Assurance Reference Guide.
https://youtu.be/KBVlcZt4T8c

Please note: this was a face-to-face event with dial-in support. We had some audio issues on the dial-in. The recording has been adjusted to remove sections of blank space and noise.

Regards

Shane


Shane Coughlan
General Manager, OpenChain
e: scoughlan@linuxfoundation.org
p: +81 (0) 80 4035 8083
w: www.linuxfoundation.org

Schedule a call:
https://meetings.hubspot.com/scoughlan


Shane away from computer October 2nd to October 10th

 

Dear all

I am taking a week of vacation and will be away from email, slack and our other social channels during this time.

Our bi-weekly webinar will take place as usual on Tuesday the 5th of October at 06:00 UTC. Jan Thielscher of EACG will be doing one of our periodic broader topics and covering “agile challenges.” I will host as usual.

I am working on the recording of our mini-summit. We had some issues with the dial-in audio quality. I will put together the best possible version for release on Monday the 11th of October. Kudos to Mark Gisi for hosting a terrific and productive summit in Seattle, and thanks to everyone who contributed and made it a resounding success.

Need me urgently? My cellphone is: +818040358083

See you all later!

Regards

Shane

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan


OpenChain Automation Case Study Part #1

 

We had a very big audience today. Thank you all for your attention and contributions.

Part #1 explores a new graphical tool from Facebook/TNG to make open source tooling easier to use. Our demo shows ORT calling ScanCode in a clean, simple way. We also discuss how the graphical interface was designed.

Please find the video covering all the key material here:
https://www.openchainproject.org/featured/2021/09/22/automation-case-study

The Q&A section was recorded and will be released shortly.


REMINDER: OpenChain automation case study at 12:00 UTC on Wednesday (today) - 13:00 UK - 14:00 CEST - 20:00 CST - 21:00 KST + JST

 

We launch *the* OpenChain automation case study… 🤦‍♂️

This is a must-see for those working in open source compliance.
12:00 UTC / 05:00 PST / 13:00 BST / 14:00 CEST / 17:30 IST / 20:00 CST / 21:00 KST + JST.
https://zoom.us/j/4377592799

No registration.

Regards

Shane

On Sep 22, 2021, at 19:08, Shane Coughlan via groups.io <scoughlan=linuxfoundation.org@groups.io> wrote:

We launch of the OpenChain automation case study about using open source tools for open source compliance at 12:00 UTC on Wednesday (today). This is a rolling case-study between September and December 2021. It will be the largest case study ever undertaken in this space. All welcome. No registration.
https://zoom.us/j/4377592799

September 22nd (today):
We explore a new graphical tool from Facebook/TNG to make open source tooling easier to use.
* Our real-world demo will show ORT calling ScanCode in a clean, simple way.
* We will have an interview about how the graphical interface was designed.
• September 29th, we will have an interview about how the tool internals was designed.
• October 13th, we do a deep dive on using ORT via the tool + deep dive into ORT internals engineering.
• October 27th, we do a deep dive on using TERN via the tool + deep dive into TERN internals engineering.
• November 10th, we do a “how this tool can work with TERN, ORT and ScanOSS in the real-world.”
• November 24th, we do a “fake supply chain” showing code going through multiple scanners and maintaining SPDX Lite integrity.
• December 8th, Facebook Usage Case Study.
• December 16th, A recap of the whole open source tooling eco-system at Open Compliance Summit 2021.
Need help with your timezone?
12:00 UTC / 05:00 PST / 13:00 BST / 14:00 CEST / 17:30 IST / 20:00 CST / 21:00 KST + JST.


REMINDER: OpenChain automation case study at 12:00 UTC on Wednesday (today) - 13:00 UK - 14:00 CEST - 20:00 CST - 21:00 KST + JST

 

We launch of the OpenChain automation case study about using open source tools for open source compliance at 12:00 UTC on Wednesday (today). This is a rolling case-study between September and December 2021. It will be the largest case study ever undertaken in this space. All welcome. No registration.

September 22nd (today):
We explore a new graphical tool from Facebook/TNG to make open source tooling easier to use. 
 * Our real-world demo will show ORT calling ScanCode in a clean, simple way.
 * We will have an interview about how the graphical interface was designed.
  • September 29th, we will have an interview about how the tool internals was designed.
  • October 13th, we do a deep dive on using ORT via the tool + deep dive into ORT internals engineering.
  • October 27th, we do a deep dive on using TERN via the tool + deep dive into TERN internals engineering.
  • November 10th, we do a “how this tool can work with TERN, ORT and ScanOSS in the real-world.”
  • November 24th, we do a “fake supply chain” showing code going through multiple scanners and maintaining SPDX Lite integrity.
  • December 8th, Facebook Usage Case Study.
  • December 16th, A recap of the whole open source tooling eco-system at Open Compliance Summit 2021.
Need help with your timezone?
12:00 UTC / 05:00 PST / 13:00 BST / 14:00 CEST / 17:30 IST / 20:00 CST / 21:00 KST + JST. 


OpenChain webinar - deferred to Wednesday 12:00 UTC / 05:00 PST / 13:00 BST / 14:00 CEST / 17:30 IST / 20:00 CST / 21:00 KST + JST

 

Dear all

Our regular bi-weekly webinar is being deferred from Monday to Wednesday at 12:00 UTC / 05:00 PST / 13:00 BST / 14:00 CEST / 17:30 IST / 20:00 CST / 21:00 KST + JST. This is to keep the focus this week on the launch of our automation case study that day. The case study will be launched with our virtual event and with a physical event in Germany at roughly the same time. We are laying the foundation for an exploration that will take us all the way to a simulated supply chain in November.

You will find all the details in our global calendar as usual. Dial in link:

https://zoom.us/j/4377592799


Regards

Shane 

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan


OpenChain UK Work Group Meeting 30th September 2021

 

The next OpenChain UK Work Group meeting takes place virtually via Zoom on Thursday 30 September from 14:00 – 15:30 BST.

A full agenda will be launched prior to the meeting, which will be an interactive session with plenty of opportunity to ask questions and discuss OpenChain adoption and best practice. There has been a huge amount going on in the world of OpenChain, with a raft of new, high-profile conformance announcements, new optional extensions to the standard covering security and community engagement, and increased emphasis on the ease of use of tooling.

OpenChain’s General Manager Shane Coughlan will be joining us, and bringing us up to speed on new initiatives intended to make existing compliance tools like FOSSology and ScanCode easier to use.

To reserve your free place on the virtual meeting, on 30 September 2021 from 14:00 – 15:30, please complete the online booking form:
https://ojimarketing.us19.list-manage.com/track/click?u=100dfa4f88cfb2baa11d391c2&id=e185a135d2&e=5d1e015448

To join the OpenChain UK Work Group visit https://lists.openchainproject.org/g/uk-wg and subscribe to the list to receive future details about the bi-monthly meetings and to sync and share information across all aspects of open source compliance.


OpenChain UK Work Group September Meeting

Marie Parkinson
 

The next meeting for the OpenChain UK Work Group will be held on Thursday 30 September 2021 from 14:00 - 15:30.

A full agenda will be launched prior to the meeting, which will be an interactive session with plenty of opportunity to ask questions and discuss OpenChain adoption and best practice.

There has been a huge amount going on in the world of OpenChain, with a raft of new, high-profile conformance announcements, new optional extensions to the standard covering security and community engagement, and increased emphasis on the ease of use of tooling.

Open Chain’s General Manager Shane Coughlan will be joining us, and bringing us up to speed on new initiatives intended to make existing compliance tools like FOSSology and ScanCode easier to use. 

To book your place and receive the Zoom login details, complete the Eventbrite booking form: https://ocukwgsep21.eventbrite.co.uk


CfP - Open Compliance Summit - December 16th 2021 - Deadline October 1st

 

Reminder about upcoming deadlines/dates to be aware of regarding the Open Compliance Summit CFP:

• CFP Closes: Friday, October 1
• CFP Notifications: Tuesday, October 19
• Schedule Announcement: Thursday, October 21

https://events.linuxfoundation.org/open-compliance-summit/program/cfp/#%E6%A6%82%E8%A6%81


Re: [india-wg] [openchain] Proposal - OpenChain Quality of Conformance Assessment Levels (including a sub-proposal for tooling quality assessment levels)

 

Thanks Matija. Glad it reads well to you!

Regards

Shane

On Aug 24, 2021, at 20:02, Matija Šuklje <matija@suklje.name> wrote:

Die 24. 08. 21 et hora 09:00 Shane Coughlan scripsit:
In broad strokes:
(1) we decided to make it *very* clear this was not about variants of
OpenChain ISO 5230 but rather about where companies can go next after
adoption
(2) we decided to pull back from “quality grading” by the project
and instead providing case studies and examples to help inspire companies
This sounds like a sane approach to me.

Check out the latest (and dramatically overhauled) edit here:
https://1drv.ms/p/s!AsXJVqby5kpnkShuUGG9M2Ki9MEc
After opening the slide deck today, I was wondering what the complaints were
against :)

The slides look OK to me at the time of this writing.


cheers,
Matija


Re: Proposal - OpenChain Quality of Conformance Assessment Levels (including a sub-proposal for tooling quality assessment levels)

 

Thanks for the great feedback Kate and Mark (on this list) and loads of other people (on our call).

In broad strokes:
(1) we decided to make it *very* clear this was not about variants of OpenChain ISO 5230 but rather about where companies can go next after adoption
(2) we decided to pull back from “quality grading” by the project and instead providing case studies and examples to help inspire companies

Check out the latest (and dramatically overhauled) edit here:
https://1drv.ms/p/s!AsXJVqby5kpnkShuUGG9M2Ki9MEc

On Aug 23, 2021, at 23:06, Mark Gisi <mark.gisi@windriver.com> wrote:

One of the core guiding principles for the OpenChain Specification is to focus on the what and why of compliance (and avoid the how and when). This is highlighted in the introduction of the spec. That is avoid being prescriptive.

It was always understood that the OpenChain Project would foster the creation of various materials around best practices to educate how other companies achieve conformance. That is - to describe the prescriptive ways of others. This has not been done with any formal structure yet within the project. The proposed levels approach is the first attempt to do this which I commend. What I disagree with is mixing the specification to tightly with prescriptive ways because it undermines a core principle and purpose of the specification.

I suggest we create a complimentary best practice program/guide that encourages companies to consider various prescriptive levels. That is, have Best Practice Levels (bronze, silver, gold, …) but DON’T confuse it with the spec (which is: about what and why, practice neutral, non-prescriptive, …). For instance, have a program with its own logo (for example - see attached)

best,

Mark Gisi
Director, Open Source Program Office
Empowering Customers to Prosper using Open Source
(510) 749-2016





-----Original Message-----
From: specification@lists.openchainproject.org <specification@lists.openchainproject.org> On Behalf Of Shane Coughlan
Sent: Monday, August 23, 2021 1:43 AM
To: OpenChain Main <main@lists.openchainproject.org>
Cc: OpenChain Japan <japan-wg@lists.openchainproject.org>; OpenChain Korea <korea-wg@lists.openchainproject.org>; OpenChain Germany <germany-wg@lists.openchainproject.org>; OpenChain India <india-wg@lists.openchainproject.org>; OpenChain UK <uk-wg@lists.openchainproject.org>; OpenChain Partners <partners@lists.openchainproject.org>; OpenChain Automotive <openchain-automotive-work-group@groups.io>; OpenChain Tooling <oss-based-compliance-tooling@groups.io>; OpenChain Specification <specification@lists.openchainproject.org>
Subject: [specification] Proposal - OpenChain Quality of Conformance Assessment Levels (including a sub-proposal for tooling quality assessment levels)

[Please note: This e-mail is from an EXTERNAL e-mail address]

Dear all

During a recent OpenChain Japan Planning meeting we discussed the challenge of “next steps” in OpenChain ISO 5230 conformance. Our initial goal of adoption in the supply chain is well underway. Our basic concept of “raising all the boats” is working. But now it is time to talk in more detail about “raising the boats to where?”

From its launch in October 2016 until today, the OpenChain Project has been based on the concept of continual improvement (or Kaizen). We can now provide a “map” to help guide companies in this process, and to help customer companies judge the sophistication of suppliers who have adopted OpenChain ISO 5230.

Attached is a slide-deck exploring how this can be done. We will be discussing this in the OpenChain bi-weekly global work team meeting today (Monday 23rd of August) at 14:00 UTC. All welcome. No registration.
https://zoom.us/j/4377592799

You can add comments to this document online:
https://1drv.ms/p/s!AsXJVqby5kpnkShuUGG9M2Ki9MEc

Regards

Shane












<ocbp-logo.jpg>

1 - 20 of 117