On Feb 3, 2022, at 16:28, Gergely Csatari <gergely.csatari@...> wrote:



Hi,

 

Uh-oh, for some reason I do not see these meetings in the calendar [1]. Can you please advise how to get an invite?

 

Thanks,

Gergely

 

[1]: https://lists.openchainproject.org/g/telco/calendar

 

From: telco@... <telco@...> On Behalf Of Jimmy Ahlberg via lists.openchainproject.org
Sent: Wednesday, February 2, 2022 11:00 PM
To: telco@...
Subject: [telco] Tomorrows Telco Group meeting

 

Dear Telco group subscribers, welcome all to tomorrows Telco Group meeting.

 

I would like to share with you a bit of the thinking that currently exists around the Telco Group as well as our tentative agenda for tomorrow.

 

In the meetings we ran last year we exchanged experiences and best practices around open source in the telco field, my sincere thanks to everyone who so freely shared of their experiences and wisdom to the group. I for one learned a lot and have a lot more to learn still. Going forward we will have our meetings regularly at the first Thursday of each month, one meeting in the morning (for those of us based in Europe) and one in the afternoon so that we ensure that everyone has a chance to participate regardless of time zone. We can change this cadence later and have ad hoc meetings as needed but this way we have a standing appointment in the calendar. At least initially we will run the meetings with identical agendas, so no one should feel obliged to join both meetings, even if you are welcome to do so if you want to.

 

Last year we also discussed in our meetings and in emails some concrete things we could do in the telco sector to simplify open source management in our industry. The conclusion was that it seems that documenting harmonizing best practices for SBoM management was a low hanging fruit we could reach for. There exists great tools already such as SPDX, Cyclone DX, the OpenChain specification itself, the idea is not to reinvent these wheels but rather to see what we can build on top of that that would be of use to our industry. The group and this list remains a place to exchange experiences and best practices,

we should not lose track of that. At the same time, we are from the telco industry, standardization, harmonization, and interoperability is part of our DNA so I think this more actionable work is a natural expression of this.

 

With this in mind I would like to propose the following agenda for our meeting tomorrow.

 

1. Welcome & “round the table” introduction of who is who.
2. Agree on cornerstone principles for our work on “Telco Standard SBoM” going forward. (below are my proposals, if  you would like to add further suggestion feel free to do so during the meeting or over email).
1. We do not aim to change the OpenChain specification or fork it.
2. To implement the “Telco standard for SBoM” you need not be OpenChain conformant.
3. The solution in its entirety needs to adhere to the US federal requirements.
3. Is there a need for a formal Terms Of Reference style document?
4. Work items: The suggestion is that we discuss some of the major points that was brought up during our brainstorming sessions.
1. SBoM Dataformat: Suggestions so far include that the “Telco standard for SBoM” should mandate SPDX in its latest version, SPDX in its ISO format, Cyclone DX (no version suggested), or that we remain agnostic to the issue of dataformat.
2. File format (What should we use for the machine readable SBoM, one format or many? What format should we use for the human readable version?) Do we want to support that these on a voluntary basis are transactable separately from the binary/source?
3. Timing, when should the SBoM be delivered?
4. Template contract clauses to reference our “Telco Standard for SBoM”/playbooks.
5. Any other additions to the above?
5. AoB.
6. Close of the meeting.

 

Feel free to suggest alterations to this agenda if you think there are other things that are more urgent to discuss.

 

Looking forward to seeing you all virtually at any of the meetings tomorrow.

 

Best Regards Jimmy Ahlberg

 

 

Jimmy Ahlberg LL.M

Director Open Source Policy

 

Group Function Technology Standards & Industry Initiatives

 

Phone: +46107198055

Mobile: +46725838055

jimmy.ahlberg@...

 

Ericsson

Lindholmspiren 11

417 56, Göteborg

Sweden

ericsson.com

 

 

Our commitment to Technology for Good and Diversity and Inclusion contributes to positive change.
Follow us on: Facebook LinkedIn Twitter

Legal entity:ERICSSON AB registration number 556056-6258, registered office in Stockholm.
This communication is confidential. Our email terms: www.ericsson.com/en/legal/privacy/email-disclaimer