Date   

OpenChain Advent Calendar 2022 Now Out!

 

The annual OpenChain Advent Calendar is now out! It is the 4th year of our calendar and our 100th article will be published on Christmas Day, the 25th of December 2022. Following advent tradition, the articles will be revealed daily, and then it is time for us to take a break, eat nice food, and watch our favorite movies.

This calendar is maintained by our Japan Work Group and lead by Watanabe San from Hitachi Solutions with help from Fukuchi San of Sony and many more. You can access it at this link:
https://qiita.com/advent-calendar/2022/openchainjapanwg

Do you want to jump to the first article? Sure! It is from Shane Coughlan, OpenChain General Manager, and is available in both English and Japanese. Watanabe San created the Japanese translation:
https://qiita.com/AyumiWatanabe/items/832146867fde6560f2d1

OpenChain JWG Advent Calendar初日のShaneからの
メッセージは大変力強いものでした。
是非多くの方に読んで頂ければと思います。

アドベントカレンダー:
https://qiita.com/advent-calendar/2022/openchainjapanwg

Shaneのメッセージ:
https://qiita.com/AyumiWatanabe/items/832146867fde6560f2d1

「さまざまなオープンソースのプロセス管理の課題を
抱えるすべての組織が、コミュニティによってシェア
されたソリューションを見つけられるようにしたいと
考えています。
多くの参考資料のメンテナンスを継続し、ピアサポート
(仲間同士の助け合い)を提供するため、時にローカル
言語で運営される、大規模なグローバルコミュニティの
活動を継続していきます。」


Invitation: OpenChain Monthly Community Call - 09:00 PST (16:00 UTC) ... @ Monthly from 17:00 to 18:00 on the first Tuesday (CET) (uk-wg@lists.openchainproject.org)

 

OpenChain Monthly Community Call - 09:00 PST (16:00 UTC) on 1st Tuesday
This is the OpenChain Monthly Community Call - 09:00 PST (16:00 UTC) on 1st Tuesday. It is open to every individual and company regardless of their membership of Linux Foundation or the OpenChain Proj
 
This is the OpenChain Monthly Community Call - 09:00 PST (16:00 UTC) on 1st Tuesday. It is open to every individual and company regardless of their membership of Linux Foundation or the OpenChain Project. It provides a forum to bring together the various things the OpenChain community is doing around the world, from building our family of standard (licensing compliance and now security compliance), assisting with tooling, SBOMs and OSPOs, and facilitating industry specific discussions in areas like telco and automotive.

Agenda
  1. Introductions 
  2. Specification (process standards) news 
  3. SBOM news
  4. OSPO news
  5. Automation news 
  6. Community feedback and comments - issues for standards and core supporting material
  7. Community feedback and comments - issues for reference and supporting material
  8. Community feedback and comments - issues to support other projects
  9. Any other business
  10. Close of meeting

This meeting is held in the OpenChain Project Zoom room:
https://zoom.us/j/4377592799

Check your timezone:
PDT United States Pacific UTC-07:00
UTC Coordinated Universal Time UTC
CET Central European Time UTC+01:00
IST India Standard Time UTC+05:30
CST China Standard Time UTC+08:00
KST Korea Standard Time UTC+09:00
JST Japan Standard Time UTC+09:00

Compare timezones:
https://www.worldtimebuddy.com

Join via one tap mobile:
+86 10 8783 3177,,4377592799# Mainland China
+33 1 8699 5831,,4377592799# France
+49 69 7104 9922,,4377592799# Germany
+81 524 564 439,,4377592799# Japan
+82 2 3143 9612,,4377592799# Korea
+91 80 71 279 440,,4377592799# India
+886 (2) 7741 7473,,4377592799# Taiwan
+44 330 088 5830,,4377592799# UK
+13017158592,,4377592799# USA

Find your local country number:
https://zoom.us/u/awFnORNiA
Meeting ID: 437 759 2799

When

Monthly from 17:00 to 18:00 on the first Tuesday (Central European Time - Paris)
RSVP for uk-wg@... for all events in this series

Invitation from Google Calendar

You are receiving this email because you are an attendee on the event. To stop receiving future updates for this event, decline this event.

Forwarding this invitation could allow any recipient to send a response to the organizer, be added to the guest list, invite others regardless of their own invitation status, or modify your RSVP. Learn more


OpenChain Monthly Community Call - 09:00 PST (16:00 UTC) on 1st Tuesday

 

This is a reminder that our monthly call takes place today (November 1st) at 09:00 PST (16:00 UTC).

We will be:

Formally announcing Specification Work Group chairperson elections
Starting the process for editing Generation 3 of License Specification (ISO/IEC 5230)
Starting the process for editing Generation 2 of the Security Assurance Specification
Working on Education material, especially items like playbooks and supplier education

This is a call with live editing, so attending makes an immediate impact on how we promote trust in the supply chain.

Everyone can join here:
https://zoom.us/j/4377592799

== Formal Agenda ==

• Introductions
• Specification (process standards) news
• SBOM news
• OSPO news
• Automation news
• Community feedback and comments - issues for standards and core supporting material
• Community feedback and comments - issues for reference and supporting material
• Community feedback and comments - issues to support other projects
• Any other business
• Close of meeting

Regards

Shane


Shane Coughlan
General Manager, OpenChain
e: scoughlan@...
p: +81 (0) 80 4035 8083
w: www.linuxfoundation.org

Schedule a call:
https://meetings.hubspot.com/scoughlan


Re: Plans for the UK workgroup

 

Please do loop me into the call invite :)

Perhaps send to the list?

On Oct 25, 2022, at 15:52, Steve Kilbane <stephen.kilbane@...> wrote:

<!-- /* Font Definitions */ @font-face {font-family:"Cambria Math"; panose-1:2 4 5 3 5 4 6 3 2 4;} @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0cm; font-size:10.0pt; font-family:"Calibri",sans-serif;} a:link, span.MsoHyperlink {mso-style-priority:99; color:blue; text-decoration:underline;} span.EmailStyle19 {mso-style-type:personal-reply; font-family:"Calibri",sans-serif; color:windowtext;} .MsoChpDefault {mso-style-type:export-only; font-size:10.0pt;} @page WordSection1 {size:612.0pt 792.0pt; margin:72.0pt 72.0pt 72.0pt 72.0pt;} div.WordSection1 {page:WordSection1;} --> Hi Andrew,
Yes, a chat next week is a possibility.
steve
From: uk-wg@... <uk-wg@...> on behalf of Andrew K <andrew.katz@...>
Date: Tuesday, 25 October 2022 at 14:49
To: uk-wg@... <uk-wg@...>
Subject: Re: [uk-wg] Plans for the UK workgroup
[External]

Hi Shane

I concur completely.

@steve, it would be great to have a quick chat to co-ordinate ideas. How about a call next week? And then we can come back to the list with some slightly more structured thoughts and a plan. @shane (and indeed anyone else on the list) - let me know if you would like to participate in that initial chat.

(And apologies for top-posting. My mail client is still misbehaving).

All the best



Andrew



On 25/10/2022, 14:37, "uk-wg@... on behalf of Shane Coughlan" <uk-wg@... on behalf of scoughlan@...> wrote:

Hi Steve!

> On Oct 20, 2022, at 17:17, Steve Kilbane <stephen.kilbane@...> wrote:
> • At the OpenChain day at the Open Source Summit in Dublin, Andrew asked whether the community could provide reference implementations of compliance as examples. My garbled notes of the day were just a single line of text for this, but I’m interpreting it as (for example) simple projects on GitHub with the associated metadata or config files to tie in with tooling, and resulting outcomes. Or perhaps appropriate SPDX declarations in source files. I dunno – I figure “community could provide examples” is sufficient to warrant some discussion.

I think this is an excellent topic. The bridge between the ideas and standards versus seeing how to implement them is a real challenge. If we could and show projects with tooling integration or SPDX prep already done, it shows people how to get started on the topic of final upstream.

Perhaps this UK WG is where we could first display a case study or two, and discuss how relevant that can be for the supply chain?

> • Would it make sense to have a community-led project to improve the compliance stance of popular open-source projects? By this, I mean coordinating the submission of PRs to projects , where the PR (for example) adds SPDX-License identifiers, or makes the project conform to REUSE guidelines or adds configurations for OSS tooling for scanning, or whatever else makes sense that would make it easier to clear the project in a compliance toolchain later?

This is something sorely needed and underdeveloped throughout the market. If the UK WG could do a few items like this and explain how it was done, perhaps we could encourage other WGs and bodies around the world to lend a hand. I like it.

> • SBOM distribution methods – especially when the software distribution is embedded.
> I recognise that these are not UK-specific, but figure that need not be a barrier.

Some case studies here sound super useful.

Andrew, what do you think?

Regards

Shane












Re: Plans for the UK workgroup

Steve Kilbane
 

Hi Andrew,

 

Yes, a chat next week is a possibility.

 

steve

 

From: uk-wg@... <uk-wg@...> on behalf of Andrew K <andrew.katz@...>
Date: Tuesday, 25 October 2022 at 14:49
To: uk-wg@... <uk-wg@...>
Subject: Re: [uk-wg] Plans for the UK workgroup

[External]

Hi Shane

I concur completely.

@steve, it would be great to have a quick chat to co-ordinate ideas. How about a call next week? And then we can come back to the list with some slightly more structured thoughts and a plan. @shane (and indeed anyone else on the list) - let me know if you would like to participate in that initial chat.

(And apologies for top-posting. My mail client is still misbehaving).

All the best



Andrew



On 25/10/2022, 14:37, "uk-wg@... on behalf of Shane Coughlan" <uk-wg@... on behalf of scoughlan@...> wrote:

    Hi Steve!

    > On Oct 20, 2022, at 17:17, Steve Kilbane <stephen.kilbane@...> wrote:
    >     • At the OpenChain day at the Open Source Summit in Dublin, Andrew asked whether the community could provide reference implementations of compliance as examples. My garbled notes of the day were just a single line of text for this, but I’m interpreting it as (for example) simple projects on GitHub with the associated metadata or config files to tie in with tooling, and resulting outcomes. Or perhaps appropriate SPDX declarations in source files. I dunno – I figure “community could provide examples” is sufficient to warrant some discussion.

    I think this is an excellent topic. The bridge between the ideas and standards versus seeing how to implement them is a real challenge. If we could and show projects with tooling integration or SPDX prep already done, it shows people how to get started on the topic of final upstream.

    Perhaps this UK WG is where we could first display a case study or two, and discuss how relevant that can be for the supply chain?

    >     • Would it make sense to have a community-led project to improve the compliance stance of popular open-source projects? By this, I mean coordinating the submission of PRs to projects , where the PR (for example) adds SPDX-License identifiers, or makes the project conform to REUSE guidelines or adds configurations for OSS tooling for scanning, or whatever else makes sense that would make it easier to clear the project in a compliance toolchain later?

    This is something sorely needed and underdeveloped throughout the market. If the UK WG could do a few items like this and explain how it was done, perhaps we could encourage other WGs and bodies around the world to lend a hand. I like it.

    >     • SBOM distribution methods – especially when the software distribution is embedded.
    >  I recognise that these are not UK-specific, but figure that need not be a barrier.

    Some case studies here sound super useful.

    Andrew, what do you think?

    Regards

    Shane



   








Re: Plans for the UK workgroup

Andrew K
 

Hi Shane

I concur completely.

@steve, it would be great to have a quick chat to co-ordinate ideas. How about a call next week? And then we can come back to the list with some slightly more structured thoughts and a plan. @shane (and indeed anyone else on the list) - let me know if you would like to participate in that initial chat.

(And apologies for top-posting. My mail client is still misbehaving).

All the best



Andrew



On 25/10/2022, 14:37, "uk-wg@... on behalf of Shane Coughlan" <uk-wg@... on behalf of scoughlan@...> wrote:

Hi Steve!

> On Oct 20, 2022, at 17:17, Steve Kilbane <stephen.kilbane@...> wrote:
> • At the OpenChain day at the Open Source Summit in Dublin, Andrew asked whether the community could provide reference implementations of compliance as examples. My garbled notes of the day were just a single line of text for this, but I’m interpreting it as (for example) simple projects on GitHub with the associated metadata or config files to tie in with tooling, and resulting outcomes. Or perhaps appropriate SPDX declarations in source files. I dunno – I figure “community could provide examples” is sufficient to warrant some discussion.

I think this is an excellent topic. The bridge between the ideas and standards versus seeing how to implement them is a real challenge. If we could and show projects with tooling integration or SPDX prep already done, it shows people how to get started on the topic of final upstream.

Perhaps this UK WG is where we could first display a case study or two, and discuss how relevant that can be for the supply chain?

> • Would it make sense to have a community-led project to improve the compliance stance of popular open-source projects? By this, I mean coordinating the submission of PRs to projects , where the PR (for example) adds SPDX-License identifiers, or makes the project conform to REUSE guidelines or adds configurations for OSS tooling for scanning, or whatever else makes sense that would make it easier to clear the project in a compliance toolchain later?

This is something sorely needed and underdeveloped throughout the market. If the UK WG could do a few items like this and explain how it was done, perhaps we could encourage other WGs and bodies around the world to lend a hand. I like it.

> • SBOM distribution methods – especially when the software distribution is embedded.
> I recognise that these are not UK-specific, but figure that need not be a barrier.

Some case studies here sound super useful.

Andrew, what do you think?

Regards

Shane


Re: Plans for the UK workgroup

 

Hi Steve!

On Oct 20, 2022, at 17:17, Steve Kilbane <stephen.kilbane@...> wrote:
• At the OpenChain day at the Open Source Summit in Dublin, Andrew asked whether the community could provide reference implementations of compliance as examples. My garbled notes of the day were just a single line of text for this, but I’m interpreting it as (for example) simple projects on GitHub with the associated metadata or config files to tie in with tooling, and resulting outcomes. Or perhaps appropriate SPDX declarations in source files. I dunno – I figure “community could provide examples” is sufficient to warrant some discussion.
I think this is an excellent topic. The bridge between the ideas and standards versus seeing how to implement them is a real challenge. If we could and show projects with tooling integration or SPDX prep already done, it shows people how to get started on the topic of final upstream.

Perhaps this UK WG is where we could first display a case study or two, and discuss how relevant that can be for the supply chain?

• Would it make sense to have a community-led project to improve the compliance stance of popular open-source projects? By this, I mean coordinating the submission of PRs to projects , where the PR (for example) adds SPDX-License identifiers, or makes the project conform to REUSE guidelines or adds configurations for OSS tooling for scanning, or whatever else makes sense that would make it easier to clear the project in a compliance toolchain later?
This is something sorely needed and underdeveloped throughout the market. If the UK WG could do a few items like this and explain how it was done, perhaps we could encourage other WGs and bodies around the world to lend a hand. I like it.

• SBOM distribution methods – especially when the software distribution is embedded.
I recognise that these are not UK-specific, but figure that need not be a barrier.
Some case studies here sound super useful.

Andrew, what do you think?

Regards

Shane


Re: Plans for the UK workgroup

Steve Kilbane
 

So to seed the topic with some ideas….

 

  1. At the OpenChain day at the Open Source Summit in Dublin, Andrew asked whether the community could provide reference implementations of compliance as examples. My garbled notes of the day were just a single line of text for this, but I’m interpreting it as (for example) simple projects on GitHub with the associated metadata or config files to tie in with tooling, and resulting outcomes. Or perhaps appropriate SPDX declarations in source files. I dunno – I figure “community could provide examples” is sufficient to warrant some discussion.
  2. Would it make sense to have a community-led project to improve the compliance stance of popular open-source projects? By this, I mean coordinating the submission of PRs to projects , where the PR (for example) adds SPDX-License identifiers, or makes the project conform to REUSE guidelines or adds configurations for OSS tooling for scanning, or whatever else makes sense that would make it easier to clear the project in a compliance toolchain later?
  3. SBOM distribution methods – especially when the software distribution is embedded.

 

I recognise that these are not UK-specific, but figure that need not be a barrier.

 

*runs away again*

 

steve

 

From: uk-wg@... <uk-wg@...> on behalf of Shane Coughlan <scoughlan@...>
Date: Wednesday, 19 October 2022 at 16:12
To: OpenChain UK <uk-wg@...>
Subject: Re: [uk-wg] Plans for the UK workgroup

[External]

Hi Steve

> On Oct 19, 2022, at 14:16, Steve Kilbane <stephen.kilbane@...> wrote:
> The UK OpenChain workgroup had a meeting last week, and there was a lot of great info passed on about what’s been going on in the OpenChain project worldwide over the past few months. There was also some fascinating and thoughtful commentary on the current landscape from Andrew. Perhaps it was the format of the Zoom session, but it seemed to be very much a one-directional session, and it made me wonder what the UK workgroup is up to, right now. Are there specific activities in progress? Are there UK-specific issues under consideration, or that orgs are running into, of which the UK workgroup is aware?
> With the publication of OpenChain as an ISO/IEC standard, there’s been a lot of adoption over the past couple of years, so it’s possible that there are people who are new to the UK mailing list too. If so, like me, they might benefit from a better understanding of what the UK workgroup is up to, presently.
> I think that, towards the end of the session, Andrew and Sami were asking for suggested topics to address, and presumably this mailing list would be the place to make suggestions.

Thank you for you this!

I think fostering a round-table discussion format would be an excellent evolution, and the sharing of knowledge from the UK market - and ensuring it goes outward - could be really useful.

How about at the next meeting with focus on having a couple of specific items for workshopping, designed explicitly for interactive discussion?

Regards

Shane




Re: Plans for the UK workgroup

Andrew K
 



On 19 Oct 2022, at 15:12, Shane Coughlan <scoughlan@...> wrote:

Hi Steve

On Oct 19, 2022, at 14:16, Steve Kilbane <stephen.kilbane@...> wrote:
The UK OpenChain workgroup had a meeting last week, and there was a lot of great info passed on about what’s been going on in the OpenChain project worldwide over the past few months. There was also some fascinating and thoughtful commentary on the current landscape from Andrew. Perhaps it was the format of the Zoom session, but it seemed to be very much a one-directional session, and it made me wonder what the UK workgroup is up to, right now. Are there specific activities in progress? Are there UK-specific issues under consideration, or that orgs are running into, of which the UK workgroup is aware?
With the publication of OpenChain as an ISO/IEC standard, there’s been a lot of adoption over the past couple of years, so it’s possible that there are people who are new to the UK mailing list too. If so, like me, they might benefit from a better understanding of what the UK workgroup is up to, presently.
I think that, towards the end of the session, Andrew and Sami were asking for suggested topics to address, and presumably this mailing list would be the place to make suggestions.

Thank you for you this!

I think fostering a round-table discussion format would be an excellent evolution, and the sharing of knowledge from the UK market - and ensuring it goes outward - could be really useful.

How about at the next meeting with focus on having a couple of specific items for workshopping, designed explicitly for interactive discussion?

Regards

Shane


Yes, let’s do this!


- Andrew







Re: Plans for the UK workgroup

 

Hi Steve

On Oct 19, 2022, at 14:16, Steve Kilbane <stephen.kilbane@...> wrote:
The UK OpenChain workgroup had a meeting last week, and there was a lot of great info passed on about what’s been going on in the OpenChain project worldwide over the past few months. There was also some fascinating and thoughtful commentary on the current landscape from Andrew. Perhaps it was the format of the Zoom session, but it seemed to be very much a one-directional session, and it made me wonder what the UK workgroup is up to, right now. Are there specific activities in progress? Are there UK-specific issues under consideration, or that orgs are running into, of which the UK workgroup is aware?
With the publication of OpenChain as an ISO/IEC standard, there’s been a lot of adoption over the past couple of years, so it’s possible that there are people who are new to the UK mailing list too. If so, like me, they might benefit from a better understanding of what the UK workgroup is up to, presently.
I think that, towards the end of the session, Andrew and Sami were asking for suggested topics to address, and presumably this mailing list would be the place to make suggestions.
Thank you for you this!

I think fostering a round-table discussion format would be an excellent evolution, and the sharing of knowledge from the UK market - and ensuring it goes outward - could be really useful.

How about at the next meeting with focus on having a couple of specific items for workshopping, designed explicitly for interactive discussion?

Regards

Shane


Plans for the UK workgroup

Steve Kilbane
 

Hi all,

 

The UK OpenChain workgroup had a meeting last week, and there was a lot of great info passed on about what’s been going on in the OpenChain project worldwide over the past few months. There was also some fascinating and thoughtful commentary on the current landscape from Andrew. Perhaps it was the format of the Zoom session, but it seemed to be very much a one-directional session, and it made me wonder what the UK workgroup is up to, right now. Are there specific activities in progress? Are there UK-specific issues under consideration, or that orgs are running into, of which the UK workgroup is aware?

 

With the publication of OpenChain as an ISO/IEC standard, there’s been a lot of adoption over the past couple of years, so it’s possible that there are people who are new to the UK mailing list too. If so, like me, they might benefit from a better understanding of what the UK workgroup is up to, presently.

 

I think that, towards the end of the session, Andrew and Sami were asking for suggested topics to address, and presumably this mailing list would be the place to make suggestions.

 

Thanks,

 

steve

 


Call to action for UK WG: provide feedback for next generation of license compliance and security assurance standards

 

The OpenChain Project is ready to start accepting feedback to improve our license compliance and security standards. The next generation of our license compliance standard will update ISO/IEC 5230.

Learn more:
https://www.openchainproject.org/featured/2022/10/18/improve-our-standards

Some notes:

(1) Our security assurance standard (generation 1) is scheduled to become an ISO/IEC standard in mid-2023. The update to generation 2 will trigger an update to the new ISO/IEC standard for late 2023~mid-2024.

(2) You will find extensive feedback on our standards already exists on GitHub and you can easily review that before submitting a suggestion for improvement.

Pre-existing submissions for the security assurance standard:
https://github.com/OpenChain-Project/Security-Assurance-Specification/issues

Pre-existing submissions for the license compliance standard:
https://github.com/OpenChain-Project/License-Compliance-Specification/issues


Re: [openchain] OpenChain UK Work Group Meeting – 2022-10-13 in London

Steve Kilbane
 

Now received, thanks!

 

From: uk-wg@... <uk-wg@...> on behalf of Shane Coughlan <scoughlan@...>
Date: Thursday, 13 October 2022 at 11:12
To: OpenChain UK <uk-wg@...>
Cc: Marie Parkinson <marie.parkinson@...>
Subject: Re: [uk-wg] [openchain] OpenChain UK Work Group Meeting – 2022-10-13 in London

[External]

No worries, hooking you up with the Moorcrofts staff now.

> On Oct 13, 2022, at 12:02, Steve Kilbane <stephen.kilbane@...> wrote:
>
> Hi all,

> Did the dial-in details for this call get sent out? I can find the dial-in details for the September event, but not for the October one.

> steve

> From: main@... <main@...> on behalf of Shane Coughlan <scoughlan@...>
> Date: Thursday, 29 September 2022 at 09:19
> To: OpenChain Main <main@...>
> Cc: OpenChain UK <uk-wg@...>
> Subject: [openchain] OpenChain UK Work Group Meeting – 2022-10-13 in London
>
> [External]
>
> OpenChain, Moorcrofts and Orcro will host the next OpenChain UK Work Group meeting on the 13th of October 2022 in London. All welcome. Learn more here:
> https://urldefense.com/v3/__https://www.openchainproject.org/news/2022/09/29/uk-work-2022-10-13__;!!A3Ni8CS0y2Y!87Fi4QEvze2hB7IV-MDNQtMyECKzbd6PnXiX6fcpuI-KEWKMomj8XJ-QLMXj2mz-xoqpm-bt2yRNWq_G2FzHIqMNOyMb7fA$ 
>
>
>
>
>






Re: [openchain] OpenChain UK Work Group Meeting – 2022-10-13 in London

 

No worries, hooking you up with the Moorcrofts staff now.

On Oct 13, 2022, at 12:02, Steve Kilbane <stephen.kilbane@...> wrote:

Hi all,

Did the dial-in details for this call get sent out? I can find the dial-in details for the September event, but not for the October one.

steve

From: main@... <main@...> on behalf of Shane Coughlan <scoughlan@...>
Date: Thursday, 29 September 2022 at 09:19
To: OpenChain Main <main@...>
Cc: OpenChain UK <uk-wg@...>
Subject: [openchain] OpenChain UK Work Group Meeting – 2022-10-13 in London

[External]

OpenChain, Moorcrofts and Orcro will host the next OpenChain UK Work Group meeting on the 13th of October 2022 in London. All welcome. Learn more here:
https://urldefense.com/v3/__https://www.openchainproject.org/news/2022/09/29/uk-work-2022-10-13__;!!A3Ni8CS0y2Y!87Fi4QEvze2hB7IV-MDNQtMyECKzbd6PnXiX6fcpuI-KEWKMomj8XJ-QLMXj2mz-xoqpm-bt2yRNWq_G2FzHIqMNOyMb7fA$





Re: [openchain] OpenChain UK Work Group Meeting – 2022-10-13 in London

Steve Kilbane
 

Hi all,

 

Did the dial-in details for this call get sent out? I can find the dial-in details for the September event, but not for the October one.

 

steve

 

From: main@... <main@...> on behalf of Shane Coughlan <scoughlan@...>
Date: Thursday, 29 September 2022 at 09:19
To: OpenChain Main <main@...>
Cc: OpenChain UK <uk-wg@...>
Subject: [openchain] OpenChain UK Work Group Meeting – 2022-10-13 in London

[External]

OpenChain, Moorcrofts and Orcro will host the next OpenChain UK Work Group meeting on the 13th of October 2022 in London. All welcome. Learn more here:
https://urldefense.com/v3/__https://www.openchainproject.org/news/2022/09/29/uk-work-2022-10-13__;!!A3Ni8CS0y2Y!87Fi4QEvze2hB7IV-MDNQtMyECKzbd6PnXiX6fcpuI-KEWKMomj8XJ-QLMXj2mz-xoqpm-bt2yRNWq_G2FzHIqMNOyMb7fA$ 




REMINDER: OpenChain UK work group meeting 13th October 11:00 to 13:00 BST

 

Register here for free and attend in person (London) or virtually:
As usual, Moorcrofts and Orcro host. I’ll be there in person to talk through our latest global news. It will be good to see some of you face to face for the first time in years.

Regards

Shane 

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan


IMPORTANT REMINDER: Telco Work Group meeting today - Telco SBOM Spec in Drafting

 

Dear all

The OpenChain Telco Work Group has a meeting today at 17:00 CEST (15:00 UTC).

This meeting will be of special interest to anyone working on matters related to SBOMs, as the work group is currently drafting a telco spec related to this topic:
https://github.com/OpenChain-Project/telco/blob/main/OpenChain%20Telco%20SBOM%20Specification.md

Absent other pressing agenda items, the call today will focus on collecting feedback for this specification via issues submitted live on the call (by the chair) or offline (by you directly).

Join us:
https://zoom.us/j/4377592799

Regards

Shane


Shane Coughlan
General Manager, OpenChain
e: scoughlan@...
p: +81 (0) 80 4035 8083
w: www.linuxfoundation.org

Schedule a call:
https://meetings.hubspot.com/scoughlan


REMINDER: OpenChain Monthly Community Call - 09:00 PST (16:00 UTC) on 1st Tuesday (Tomorrow)

 

Dear all

Tomorrow we have our Monthly Community Call.

We will be:

Looking at the new security specification and covering its ISO/IEC submission

Working on Our Path to Conformance

Reviewing our FAQ

And more…

Full Agenda
1. Introductions
2. Specification (process standards) news
3. SBOM news
4. OSPO news
5. Automation news
6. Community feedback and comments - issues for standards and core supporting material
7. Community feedback and comments - issues for reference and supporting material
8. Community feedback and comments - issues to support other projects
9. Any other business
10. Close of meeting

This meeting is held in the OpenChain Project Zoom room:
https://zoom.us/j/4377592799

Check your timezone:
PDT United States Pacific UTC-07:00
UTC Coordinated Universal Time UTC
CET Central European Time UTC+01:00
IST India Standard Time UTC+05:30
CST China Standard Time UTC+08:00
KST Korea Standard Time UTC+09:00
JST Japan Standard Time UTC+09:00

Compare timezones:
https://www.worldtimebuddy.com

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan


Re: October's Ospology.live - OSPO Workshop:Stockholm, Sweden

Sean McIlroy (LF, PM)
 

Dear all

October's Ospology.live will be hosted by OSPO at Ericsson (Stockholm, Sweden) and co-organized with TODO, OpenChain, SPDX, CHAOSS and OpenSSF projects.
Join the first in-person Workshop to help organizations effectively implement Open Source Program Offices (OSPOs) based on specific region needs in Europe. 
If you have any questions, please contact the event Organizer - Ana Jimenez (ana@todogroup.org)

Regards

Sean Mcilroy

Program Manager - Linux Foundation
C2PA | GSF | OpenChain | Open19
Timezone: GMT 


Invitation: OpenChain UK Work Group Meeting @ Thu Oct 13, 2022 12:00 - 14:00 (CEST) (uk-wg@lists.openchainproject.org)

 

OpenChain UK Work Group Meeting
Moorcrofts LLP and its sister compliance company Orcro Limited, as OpenChain partners invite you to join us at the next meeting of the OpenChain UK Work Group, taking place both virtually and physical
 
Moorcrofts LLP and its sister compliance company Orcro Limited, as OpenChain partners invite you to join us at the next meeting of the OpenChain UK Work Group, taking place both virtually and physically (Beck Greener, London) on Thursday 13 October, 11:00 - 13:00.

The keynote speaker for the event will be Liz Rice, Chief Open Source Officer with eBPF specialists, creators of the Cilium cloud native networking, security and observability project.

Liz is a member of the Open UK Board and was chair of the CNCF's Technical Oversight Committee 2019-2022, and co-chaired the KubeCon / CloudNativeCon 2018 events in Copenhagen, Shanghai and Seattle. She is also the author of Container Security, published by O'Reilly.

She has a wealth of software development, team, and product management experience from working on network protocols and distributed systems, and in digital technology sectors such as VOD, music, and VoIP. When not writing code, or talking about it, Liz loves riding bikes in places with better weather than her native London, competing in virtual races on Zwift, and making music under the pseudonym Insider Nine.

Agenda

11:00: Welcome and introduction by Andrew Katz (Orcro) & Sami Atabani (Arm)

11:10: News and Updates by Shane Coughlan (Linux Foundation)

11:25: OpenChain UK Work Group: Plans by Andrew Katz (Orcro) & Sami Atabani (Arm)

11:45: Liz Rice Key Note

12:45: AOB

13:00: Thank you and goodbye!

OpenChain, a project of the Linux Foundation, brings established governance principles to the software supply chain. It adopts best-practice from other compliance areas and maps them to software procurement, giving businesses a clear path to minimising infringement risk in procuring, developing and deploying software, with particular emphasis on use and re-use of free and open source software ("FOSS") components. The result is that open source licence compliance becomes more predictable, understandable and efficient for all participants in the software supply chain.

Why Join?
With a stellar roster of international businesses adopting the OpenChain framework for Open Source compliance and seeing the benefits of adopting best-practice – helping business teams work together towards a common goal, making Free and Open-Source Software (FOSS) more accessible to developers and reducing overall compliance effort, saving time, legal and engineering resources, it makes sense to unify and freely share this work, and help to embed it into the UK's software development culture.

With this in mind, the OpenChain UK Work Group was born. It is free to join, and open to anyone (whether in the UK or otherwise) interested in finding out more about why companies as diverse as Arm, Google, Scania, Hitachi Data Systems, Toyota, Facebook, Uber and Microsoft are embracing OpenChain, as well as smaller companies like B2M Solutions and NewRoCo. The group also aims to help developers' and organisations' journey through open source compliance by providing a practical and accessible platform for anyone in the UK to quickly sync, share information and save time across all aspects of open source compliance.

Book Now
To reserve your free place at either the physical or virtual meeting, on 13 October from 11:00 – 13:00, please complete the online booking form:

https://ojimarketing.us19.list-manage.com/track/click?u=100dfa4f88cfb2baa11d391c2&id=7e2a04c8e7&e=5d1e015448

When

Thursday Oct 13, 2022 ⋅ 12:00 – 14:00 (Central European Time - Paris)
Reply for uk-wg@...

Invitation from Google Calendar

You are receiving this email because you are an attendee on the event. To stop receiving future updates for this event, decline this event.

Forwarding this invitation could allow any recipient to send a response to the organizer, be added to the guest list, invite others regardless of their own invitation status, or modify your RSVP. Learn more

1 - 20 of 269