Hi,
Uh-oh, for some reason I do not see these meetings in the calendar [1]. Can you please advise how to get an invite?
Thanks,
Gergely
[1]:
https://lists.openchainproject.org/g/telco/calendar
From: telco@... <telco@...>
On Behalf Of Jimmy Ahlberg via lists.openchainproject.org
Sent: Wednesday, February 2, 2022 11:00 PM
To: telco@...
Subject: [telco] Tomorrows Telco Group meeting
Dear Telco group subscribers, welcome all to tomorrows Telco Group meeting.
I would like to share with you a bit of the thinking that currently exists around the Telco Group as well as our tentative agenda for tomorrow.
In the meetings we ran last year we exchanged experiences and best practices around open source in the telco field, my sincere thanks to everyone who so freely shared of their experiences and wisdom to the group. I for
one learned a lot and have a lot more to learn still. Going forward we will have our meetings regularly at the first Thursday of each month, one meeting in the morning (for those of us based in Europe) and one in the afternoon so that we ensure that everyone
has a chance to participate regardless of time zone. We can change this cadence later and have ad hoc meetings as needed but this way we have a standing appointment in the calendar. At least initially we will run the meetings with identical agendas, so no
one should feel obliged to join both meetings, even if you are welcome to do so if you want to.
Last year we also discussed in our meetings and in emails some concrete things we could do in the telco sector to simplify open source management in our industry. The conclusion was that it seems that documenting harmonizing
best practices for SBoM management was a low hanging fruit we could reach for. There exists great tools already such as SPDX, Cyclone DX, the OpenChain specification itself, the idea is not to reinvent these wheels but rather to see what we can build on top
of that that would be of use to our industry. The group and this list remains a place to exchange experiences and best practices,
we should not lose track of that. At the same time, we are from the telco industry, standardization, harmonization, and interoperability is part of our DNA so I think this more actionable work is a natural expression
of this.
With this in mind I would like to propose the following agenda for our meeting tomorrow.
- Welcome & “round the table” introduction of who is who.
- Agree on cornerstone principles for our work on “Telco Standard SBoM” going forward. (below are my proposals, if you would like to add further suggestion feel free
to do so during the meeting or over email).
- We do not aim to change the OpenChain specification or fork it.
- To implement the “Telco standard for SBoM” you need not be OpenChain conformant.
- The solution in its entirety needs to adhere to the US federal requirements.
- Is there a need for a formal Terms Of Reference style document?
- Work items: The suggestion is that we discuss some of the major points that was brought up during our brainstorming sessions.
- SBoM Dataformat: Suggestions so far include that the “Telco standard for SBoM” should mandate SPDX in its latest version, SPDX in its ISO format, Cyclone DX (no
version suggested), or that we remain agnostic to the issue of dataformat.
- File format (What should we use for the machine readable SBoM, one format or many? What format should we use for the human readable version?) Do we want to support
that these on a voluntary basis are transactable separately from the binary/source?
- Timing, when should the SBoM be delivered?
- Template contract clauses to reference our “Telco Standard for SBoM”/playbooks.
- Any other additions to the above?
- AoB.
- Close of the meeting.
Feel free to suggest alterations to this agenda if you think there are other things that are more urgent to discuss.
Looking forward to seeing you all virtually at any of the meetings tomorrow.
Best Regards Jimmy Ahlberg

Jimmy Ahlberg
LL.M
Director Open Source Policy
Group Function Technology Standards & Industry Initiatives
Phone: +46107198055
Mobile: +46725838055
jimmy.ahlberg@...
Ericsson
Lindholmspiren 11
417 56, Göteborg
Sweden
ericsson.com

Our commitment to
Technology for Good and
Diversity and Inclusion contributes to positive change.
Follow us on:
Facebook
LinkedIn
Twitter
Legal entity:ERICSSON AB registration number
556056-6258, registered office in
Stockholm.
This communication is confidential. Our email terms:
www.ericsson.com/en/legal/privacy/email-disclaimer