|
Re: Plans for the UK workgroup
Hi Steve
On Oct 19, 2022, at 14:16, Steve Kilbane <stephen.kilbane@...> wrote:Thank you for you this! I think fostering a round-table discussion format would be an excellent evolution, and the sharing of knowledge from the UK market - and ensuring it goes outward - could be really useful. How about at the next meeting with focus on having a couple of specific items for workshopping, designed explicitly for interactive discussion? Regards Shane
|
||||||||||
|
|
||||||||||
|
Plans for the UK workgroup
Hi all,
The UK OpenChain workgroup had a meeting last week, and there was a lot of great info passed on about what’s been going on in the OpenChain project worldwide over the past few months. There was also some fascinating and thoughtful commentary on the current landscape from Andrew. Perhaps it was the format of the Zoom session, but it seemed to be very much a one-directional session, and it made me wonder what the UK workgroup is up to, right now. Are there specific activities in progress? Are there UK-specific issues under consideration, or that orgs are running into, of which the UK workgroup is aware?
With the publication of OpenChain as an ISO/IEC standard, there’s been a lot of adoption over the past couple of years, so it’s possible that there are people who are new to the UK mailing list too. If so, like me, they might benefit from a better understanding of what the UK workgroup is up to, presently.
I think that, towards the end of the session, Andrew and Sami were asking for suggested topics to address, and presumably this mailing list would be the place to make suggestions.
Thanks,
steve
|
||||||||||
|
|
||||||||||
|
Call to action for UK WG: provide feedback for next generation of license compliance and security assurance standards
The OpenChain Project is ready to start accepting feedback to improve our license compliance and security standards. The next generation of our license compliance standard will update ISO/IEC 5230.
Learn more: https://www.openchainproject.org/featured/2022/10/18/improve-our-standards Some notes: (1) Our security assurance standard (generation 1) is scheduled to become an ISO/IEC standard in mid-2023. The update to generation 2 will trigger an update to the new ISO/IEC standard for late 2023~mid-2024. (2) You will find extensive feedback on our standards already exists on GitHub and you can easily review that before submitting a suggestion for improvement. Pre-existing submissions for the security assurance standard: https://github.com/OpenChain-Project/Security-Assurance-Specification/issues Pre-existing submissions for the license compliance standard: https://github.com/OpenChain-Project/License-Compliance-Specification/issues
|
||||||||||
|
|
||||||||||
|
Re: [openchain] OpenChain UK Work Group Meeting – 2022-10-13 in London
Now received, thanks!
From:
uk-wg@... <uk-wg@...> on behalf of Shane Coughlan <scoughlan@...> [External]
|
||||||||||
|
|
||||||||||
|
Re: [openchain] OpenChain UK Work Group Meeting – 2022-10-13 in London
No worries, hooking you up with the Moorcrofts staff now.
toggle quoted messageShow quoted text
On Oct 13, 2022, at 12:02, Steve Kilbane <stephen.kilbane@...> wrote:
|
||||||||||
|
|
||||||||||
|
Re: [openchain] OpenChain UK Work Group Meeting – 2022-10-13 in London
Hi all,
Did the dial-in details for this call get sent out? I can find the dial-in details for the September event, but not for the October one.
steve
From:
main@... <main@...> on behalf of Shane Coughlan <scoughlan@...> [External]
|
||||||||||
|
|
||||||||||
|
REMINDER: OpenChain UK work group meeting 13th October 11:00 to 13:00 BST
Register here for free and attend in person (London) or virtually:
As usual, Moorcrofts and Orcro host. I’ll be there in person to talk through our latest global news. It will be good to see some of you face to face for the first time in years. Regards Shane Shane Coughlan OpenChain General Manager +818040358083 Book a meeting: https://meetings.hubspot.com/scoughlan
|
||||||||||
|
|
||||||||||
|
IMPORTANT REMINDER: Telco Work Group meeting today - Telco SBOM Spec in Drafting
Dear all
The OpenChain Telco Work Group has a meeting today at 17:00 CEST (15:00 UTC). This meeting will be of special interest to anyone working on matters related to SBOMs, as the work group is currently drafting a telco spec related to this topic: https://github.com/OpenChain-Project/telco/blob/main/OpenChain%20Telco%20SBOM%20Specification.md Absent other pressing agenda items, the call today will focus on collecting feedback for this specification via issues submitted live on the call (by the chair) or offline (by you directly). Join us: https://zoom.us/j/4377592799 Regards Shane — Shane Coughlan General Manager, OpenChain e: scoughlan@... p: +81 (0) 80 4035 8083 w: www.linuxfoundation.org Schedule a call: https://meetings.hubspot.com/scoughlan
|
||||||||||
|
|
||||||||||
|
REMINDER: OpenChain Monthly Community Call - 09:00 PST (16:00 UTC) on 1st Tuesday (Tomorrow)
Dear all
Tomorrow we have our Monthly Community Call. We will be: Looking at the new security specification and covering its ISO/IEC submission Working on Our Path to Conformance Reviewing our FAQ And more… Full Agenda 1. Introductions 2. Specification (process standards) news 3. SBOM news 4. OSPO news 5. Automation news 6. Community feedback and comments - issues for standards and core supporting material 7. Community feedback and comments - issues for reference and supporting material 8. Community feedback and comments - issues to support other projects 9. Any other business 10. Close of meeting This meeting is held in the OpenChain Project Zoom room: https://zoom.us/j/4377592799 Check your timezone: PDT United States Pacific UTC-07:00 UTC Coordinated Universal Time UTC CET Central European Time UTC+01:00 IST India Standard Time UTC+05:30 CST China Standard Time UTC+08:00 KST Korea Standard Time UTC+09:00 JST Japan Standard Time UTC+09:00 Compare timezones: https://www.worldtimebuddy.com Shane Coughlan OpenChain General Manager +818040358083 Book a meeting: https://meetings.hubspot.com/scoughlan
|
||||||||||
|
|
||||||||||
|
Re: October's Ospology.live - OSPO Workshop:Stockholm, Sweden
Sean McIlroy (LF, PM) <smcilroy@...>
Dear all October's Ospology.live will be hosted by OSPO at Ericsson (Stockholm, Sweden) and co-organized with TODO, OpenChain, SPDX, CHAOSS and OpenSSF projects. Join the first in-person Workshop to help organizations effectively implement Open Source Program Offices (OSPOs) based on specific region needs in Europe.
If you have any questions, please contact the event Organizer - Ana Jimenez (ana@todogroup.org)
|
||||||||||
|
|
||||||||||
|
Invitation: OpenChain UK Work Group Meeting @ Thu Oct 13, 2022 12:00 - 14:00 (CEST) (uk-wg@lists.openchainproject.org)
|
||||||||||
|
|
||||||||||
|
OpenChain UK Work Group Meeting – 2022-10-13 in London
OpenChain, Moorcrofts and Orcro will host the next OpenChain UK Work Group meeting on the 13th of October 2022 in London. All welcome. Learn more here:
https://www.openchainproject.org/news/2022/09/29/uk-work-2022-10-13
|
||||||||||
|
|
||||||||||
|
REMINDER: SPECIAL CALL: ISO/IEC WG suggestions for Security Specification today at 08:00 UTC (2022-09-27)
tl;dr: we have an important specification call in just under an hour.
ISO/IEC WG/SC27 (security) has provided some feedback on the OpenChain Security Assurance Specification 1.0 for our review. Our review cycle runs from now until October 4th and you can get started on checking their comments via our issue tracker here: https://github.com/OpenChain-Project/Security-Assurance-Specification/issues We will hold a special call to discuss their comments on Tuesday the 27th of September 2022 at 08:00 UTC to review their comments. We are providing some guidance on the review of these comments and suggestions. (1) Our specification was completed after a multi-month process in March 2022, and it was ratified by our board for ISO/IEC JTC-1 PAS submission on the 14th of September 2022 (2) Therefore OpenChain Security Assurance Specification 1.0 is functionally complete (3) We should review the ISO/IEC WG comments with this perspective (4) We are looking for editorial adjusts for clarity and errors (5) We are not looking to change the scope or function of OpenChain Security Assurance Specification 1.0 or any immediate clarity / error adjusted successor (6) This is because we want to proceed with our JTC-1 PAS submission as approved by the OpenChain Governing Board (7) But we can place any comments for scope and function adjustment into a deferred status (8) And we will return to them for discussion around inclusion in OpenChain Security Assurance Specification 2.0 This meeting is held in the OpenChain Project Zoom room: https://zoom.us/j/4377592799 Check your timezone: PDT United States Pacific UTC-07:00 UTC Coordinated Universal Time UTC CET Central European Time UTC+01:00 IST India Standard Time UTC+05:30 CST China Standard Time UTC+08:00 KST Korea Standard Time UTC+09:00 JST Japan Standard Time UTC+09:00 Compare timezones: https://www.worldtimebuddy.com Join via one tap mobile: +86 10 8783 3177,,4377592799# Mainland China +33 1 8699 5831,,4377592799# France +49 69 7104 9922,,4377592799# Germany +81 524 564 439,,4377592799# Japan +82 2 3143 9612,,4377592799# Korea +91 80 71 279 440,,4377592799# India +886 (2) 7741 7473,,4377592799# Taiwan +44 330 088 5830,,4377592799# UK +13017158592,,4377592799# USA Find your local country number: https://zoom.us/u/awFnORNiA Meeting ID: 437 759 2799 Shane Coughlan OpenChain General Manager +818040358083 Book a meeting: https://meetings.hubspot.com/scoughlan
|
||||||||||
|
|
||||||||||
|
October's Ospology.live - OSPO Workshop:Stockholm, Sweden
Sean McIlroy (LF, PM) <smcilroy@...>
Dear all October's Ospology.live will be hosted by OSPO at Ericsson (Stockholm, Sweden) and co-organized with TODO, OpenChain, SPDX, CHAOSS and OpenSSF projects. Join the first in-person Workshop to help organizations effectively implement Open Source Program Offices (OSPOs) based on specific region needs in Europe.
If you have any questions, please contact the event Organizer - Ana Jimenez (asantamaria@...)
|
||||||||||
|
|
||||||||||
|
Invitation: SPECIAL CALL TO ACTION: ISO/IEC WG suggestions for OpenCh... @ Tue Sep 27, 2022 09:00 - 10:00 (WEST) (uk-wg@lists.openchainproject.org)
|
||||||||||
|
|
||||||||||
|
Invitation: OpenChain Monthly Community Call - 09:00 CST (01:00 UTC) ... @ Monthly from 02:00 to 03:00 on the third Tuesday (WEST) (uk-wg@lists.openchainproject.org)
|
||||||||||
|
|
||||||||||
|
Invitation: OpenChain Monthly Community Call - 09:00 PST (16:00 UTC) ... @ Monthly from 17:00 to 18:00 on the first Tuesday (WEST) (uk-wg@lists.openchainproject.org)
|
||||||||||
|
|
||||||||||
|
IMPORTANT: New OpenChain Monthly Community Call - 09:00 PST (16:00 UTC) on 1st Tuesday / 09:00 CST (01:00 UTC) on 3rd Tuesday
Dear all
We have been experimenting with various structures for our calls for a couple of months (time and topic defined calls to action etc.). After collecting community feedback, I would like to announce a new Monthly Community Call Schedule where: (1) Once per month for primary timezones we will hold a structured one hour meeting (2) This meeting will have a repeating core agenda so you always know what you are getting (3) We will be giving plenty of space for our work groups to ensure they share core news with you in a timely manner (4) You can provide direct feedback on aspects of community work, management and future planning This new structure is important to help us bring together the various things the OpenChain community is doing around the world, from building our family of standard (licensing compliance and now security compliance), assisting with tooling, SBOMs and OSPOs, and facilitating industry specific discussions in areas like telco and automotive. The calendar invitations for our new meeting schedule will go out shortly. We will start in October and continue on this schedule to end-2023 before any further adjustments, allowing plenty of predictability in your calendars. Regards Shane — Shane Coughlan General Manager, OpenChain e: scoughlan@... p: +81 (0) 80 4035 8083 w: www.linuxfoundation.org Schedule a call: https://meetings.hubspot.com/scoughlan
|
||||||||||
|
|
||||||||||
|
OpenChain Summit 2022 – Full Recording
The OpenChain Project held its annual an all-day summit adjacent to Open Source Summit Europe (OSS EU) on the 14th of September. This event featured news from our latest board meeting (including the decision to launch our new security specification), a deep dive into a significant new automation landscape to assist with license, security and export control compliance, SBOM discussions and more.
Check out the full recording at the link below alongside copies of our excellent keynote presentation from Andrew Katz of Orcro and the automation landscape capability map presentation delivered by Jan Thielscher of EACG on behalf of the OpenChain Reference Tooling Work Group. Here are the key takeaways: • The OpenChain Project now maintains a family of specifications to build trust in the supply chain. We started with license compliance and now we have a sister standard for security. • Open source automation for open source license, security and export control compliance is getting a clear capability map to guide investment of resources and save time. • Software Bill of Materials (SBOM) has seen great progress in the last year or two, and the OpenChain Telco Work Group is working on very practical items related to market adoption. • Open source licensing discussions have become somewhat stale and there is scope for considering the future of open source licensing approaches. https://www.openchainproject.org/news/2022/09/23/openchain-summit-2022-full-recording
|
||||||||||
|
|
||||||||||
|
OpenChain Security Assurance Specification 1.0 Now Available
The OpenChain Security Assurance Specification 1.0 is now available. This is the result of over one year of work throughout the global OpenChain community. Access the specification and lend a hand with next steps here:
https://www.openchainproject.org/featured/2022/09/22/openchain-security-assurance-specification-1-0-now-available Next Steps We will proceed to ISO/IEC JTC-1 PAS submission with an estimated completion date of circa mid-2023. In the meantime, our security assurance specification is ready for market adoption as a de facto standard. Prior to the ISO/IEC JTC-1 PAS submission, we have some time for sanity-checks and minor adjustments. We begin that process today and will complete it on October 4th 2022 (2022-10-04). There are two tasks for the community ahead of that date: • Check our Security Assurance Specification 1.0 against the Security Assurance Reference Guide 2.0 (Release Candidate 1) to ensure Sections 1, 2 and 3 match. You can find the Security Assurance Reference Guide 2.0 (Release Candidate 1) here: https://github.com/OpenChain-Project/Security-Assurance-Specification/tree/main/Security-Assurance-Guide-Depreciated/2.0 • Check the OpenChain Security Assurance Specification 1.0 for any typographical errors that have snuck through our existing editing process. You can find the document linked at the start of this email or here: https://github.com/OpenChain-Project/Security-Assurance-Specification/blob/main/Security-Assurance-Specification/1.0/en/openchain-security-specification-1.0.md You can submit issues highlighting areas you would like review on our GitHub respository. Please note, due to this being a specification, we will only accept issues for discussion. We will not accept pull requests or remixes of any sort. In the coming days we will have broader distribution of the specification launch, including on social media and via blog posts. However, you can begin sharing it immediately with your teams and peers.
|
||||||||||
|
|