OpenChain UK Workgroup Meeting - 26th January 2023


Andrew K
 

Hi All 

 

Happy New Year!

 

We’re delighted to announce that the next meeting of the OpenChain UK workgroup will take place on 26th January 2023 at 3pm at the offices of Analog Devices in Hayes, West London (near Heathrow) at the Old Vinyl Factory, 5 Pressing Lane, Hayes, UB3 1EP. Many thanks to Steve Kilbane for making the space available for us at his company’s offices. The meeting will also be available to join virtually.  We have scheduled 2 hours from 3pm to 5pm. 

 

We’re planning on launching an exciting new initiative. Since meeting at the OpenSource Summit in Dublin back in September last year, it's becoming clear that it would be helpful to the OpenChain community at large to produce some end-to-end reference materials showing how example real world projects can be developed, built and distributed in a compliant way, and how compliance artefacts can be generated for the project which ensure that on deployment, all the relevant materials are made available.

 

The idea is to move away from abstract questions to concrete examples of a project, covering the tooling actually used, the compliance artifacts actually generated, and how they are actually made available to recipients of the code.

 

Ideally, we’d like to create a reference for a number of projects, distributed in the following different ways:

  • Standard app-on-a-desktop-or-server
  • Distribution through an app store
  • Distribution in a container
  • Distribution in an embedded system
  • Distribution through a third party (e.g. supplier provides software to a customer as a binary, which is then embedded into a device and distributed to the end user, requiring different compliance artifacts). 

We will use this as an opportunity to demonstrate good practice (or best practice), so compliance artifacts should be machine readable, for example, and, where appropriate, comply with SPDX standards (https://spdx.dev/), and repos which are made available could also, where appropriate, comply with REUSE standards https://reuse.software/). 

 

This is a pretty ambitious task, so we suggest that we start with a reasonably straightforward project (distribution of a standard desktop app: the list above is in a rough order of complexity, easiest first). We can also, as mini-projects with easily attainable goals, take a simple repo, and issue pull requests with the aim of bringing it into compliance.

 

We’ve already started working on this behind the scenes and want to present our thoughts at the meeting. 

 

As a project which is complementary to this, Yogesh Despande from ARM will demonstrate how ARM has have been working alongside Google in increasing transparency in the compliance process for firmware development. 

 

In addition, Martin Yagi has been working on some great training materials including bitesize training videos and you can see an example of his work here:

https://drive.google.com/file/d/1Px8Ffs_sTmNWKWvCAObRDJ_VL1Tl43yN/view?usp=sharing

 

He will provide some more information on the history of this initiative, his plans for the future, and how the OpenChain UK community could get involved. 

 

We can also give you news about the next meeting to follow later in the year.  David Buckhurst from the BBC who has been kind enough to offer us space for our second meeting of the year at the BBC at Media City in Salford. This one is provisionally set for 28th March, and further details will follow. 

 

As you can see, we have some great activity going on, the launch of some excellent initiatives and exciting potential for 2023!

 

We’ll be sending more information shortly about the meeting on 26th January, together with an Eventbrite invitation so that we can gauge numbers (virtually and in person). Save the date!

 

All the best

 

 

 

Andrew



Andrew Katz

Orcro Limited

+44 1628 470003

+44 7970 835001

orcro.co.uk

 

83-85 Baker Street, Marylebone, London W1U 6AG
Thames House, Mere Park, Dedmere Road, Marlow, Bucks SL7 1PB (registered office)

Orcro Limited is a limited company registered in England and Wales under Number 11173406. VAT number: GB 289 7831 32. Orcro Limited is not regulated as a law firm and does not provide legal advice, but has a relationship with Moorcrofts LLP. We are happy to work with either Moorcrofts LLP or your own chosen legal advisers. Individuals’ qualifications are as set out in their bio page. Reference to an individual as a lawyer, solicitor or paralegal does not mean that they are acting in that capacity as an Orcro staff member.

 

Data protection: we process your personal data to keep in touch with you, to carry out work for you or your organisation, for internal administration (including employment) for regulatory purposes and for limited marketing purposes (for which you can require us to stop at any time). For more information see https://orcro.co.uk/privacy-summary/ or contact team@...