OpenChain Project is delighted to announce that we have received tooling overview slides from Software Compliance Academy in Germany. This contribution provides a high level overview and more specific explanations of how and where tooling can contribute to increased efficiency in open source compliance. The goal is not to provide specific recommendations but rather to frame the discussion to allow organizations to make informed and use-case specific decisions to support their inbound, internal and outbound software management process. As with all reference material provided by the OpenChain Project these slides are licensed under CC-0 (effectively public domain).
The Software Compliance Academy will host a FOSS Compliance Seminar on June 14th to 15th in Berlin. This seminar will feature the OpenChain Specification and reference material, providing a great starting point for organizations in Germany, Switzerland or Austria to begin their engagement with the project. More information is available in German below and on the Software Compliance Academy website.
Die Bedeutung der Open Source-Lizenzen und die Frage der Open Source Compliance hat in den vergangenen Jahren vor allem in der IT-Wirtschaft an Bedeutung gewonnen. Aber auch andere Industriezweige sehen sich zunehmend mit Fragen rund um den Einsatz von Open Source-Software konfrontiert:
- Welche juristischen Vorgaben gilt es beim Einsatz von Open Source-Software im Unternehmen und vor allem in kommerziellen Produkten zu beachten?
- Welche Anforderungen sind an das Lizenzmanagement zu stellen und welchen Beitrag kann ein standardisierter Lizenzmanagement Prozess (OpenChain) leisten?
- Welche Möglichkeiten (und welche Grenzen) bieten technische Ansätze im Bereich Lizenzmanagement?
Sofern diese Fragen auch für Sie oder Ihre Kooperationspartner bzw. Ihr Netzwerk von Interesse sind, möchte ich Sie gerne auf unser kommendes zweitägiges Open Source Compliance Seminar in Berlin am 14. und 15. Juni 2018 hinweisen. Neben den Referenten der Software Compliance Academy wird auch Shane Coughlan, Leiter des OpenChain Projektes bei der Linux Foundation, einen Teil des Seminars übernehmen und die aktuellen Entwicklungen des OpenChain Projektes vorstellen.
- Das detaillierte Programm finden Sie unter http://www.scompliance.com/files/uploads/seminare/FOSSCompliance14.u.15.06.2018.pdf
- Die Online-Anmeldung finden Sie unter http://www.scompliance.com/seminar.html
The OpenChain Project has received a contribution of localized onboarding slides from Bird & Bird in Germany. This short deck is designed to help organizations without prior knowledge of OpenChain understand the reasoning and key benefits behind the project. This marks another milestone in the on-going internationalization of OpenChain-related material to support both OpenChain Conformance and broader open source compliance activities in organizations of all sizes. As with all OpenChain contributions, these slides are licensed under CC-0.
“Germany sees increasing interest in building trust that supplied software conforms to applicable open source licenses” says Dr. Miriam Ballhausen, Senior Associate at Bird & Bird. “OpenChain can already serve to demonstrate that such trust is justified. On many occasions, though, organizations in Germany have tackled building trust in their supply chains on their own accord. They have regularly defined requirements for quality compliance programs that considerably overlap with the OpenChain specification. But it still shows that OpenChain has not been sufficiently furthered with English language onboarding material. The German translation aims to fill this gap and support outreach in German speaking countries.”
Today features the second OpenChain Workshop in Taipei. This event builds on a compliance workshop held during April and marks another step towards the Legal Track that OpenChain will help organize at the COSCUP conference on August 11th and 12th.
From the organizer’s website:
“延續上次對OpenChain規範書及依該規範書產出的「自由開源軟體授權管理訓練課程」，最多參與者的反饋，是如何在正確運用這些知識的前提下，簡要並正確的利用相關工具，實作開源授權管理分析與基礎紀錄。此次，我們將在這樣的反饋下，說明 SPDX 開源套件授權資訊紀錄格式，並配合 FOSSology 這套本身即為開源專案的自由開源授權分析工具，選擇 5 – 10 個講者過往協助過的分析案例，在實作說明下，引導參與者善用這些工具，來了解實際開源合規（法遵）的解析程序為何。
Lucien CH Lin, who has a knowledge background in science and technology law, worked at Academia Sinica in public research in 2005-16. The research results in recent years include: Author of the Taiwan Special Chapter of the Free and Open Source Software Legal Reference Book. , and assist participants from all walks of life to clarify issues such as Open Source, Open Data, CC Licensing, and intellectual property rights and public licensing applications. At present, he has been transferred to a non-governmental firm, and he has served as an advisor to the Open Culture Foundation as a legal advisor. He has allocated time and energy to build an open source legal network (Open Source Legal Network, Taiwan).”
- View the event details here: https://dmfli.kktix.cc/events/openchain2
- Check out the slides here: https://www.dropbox.com/s/nfqo28re8z0bag9/20180514-OpenChain%E9%96%8B%E6%BA%90%E7%AE%A1%E7%90%86-2-SPDX%E8%88%87FOSSology%E5%AF%A6%E9%9A%9B%E6%87%89%E7%94%A8.pdf?dl=0
Toyota has built strong ties into the global open source development community and into areas related to open source patent non-aggression and copyright compliance. During the Legal & Licensing Workshop in Barcelona during April 2018 Endo San from the Toyota legal team explained their approach and the benefits it brings.
View the presentation here:
The OpenChain Project is delighted to announce the immediate availability of a Conformance and Compliance Checklist to assist with quick, easy and effective adoption of key requirements for quality open source compliance programs.
This document is targeted to support direct conformance activities. It frames the key requirements for conformance in a simple yes/no format that can rapidly contextualize progress in an organization.
This material was kindly contributed by id Law Partners in Spain and – as with all reference material provided by the OpenChain Project – is available under a Creative Commons 0 license (effectively public domain). You can use, study, share and improve it without restriction.
Get the Checklist
- Get this guide and many more documents in the OpenChain Reference Library: https://github.com/OpenChain-Project/Reference-Material
The OpenChain Specification Version 1.2 is now available in Japanese. You can get it here in PDF format.
Version 1.2 is the result of the contributions of more than 150 people over the past three years. Congratulations and a big thanks to all those who contributed! Each and every contribution, whether or not it resulted in an addition, modification or debate, led to a better specification.
Huge thanks are due to the Linux Foundation Japan volunteer translation team for localizing our newest release so quickly. Special thanks is due to Taniguchi San for driving this process.
The OpenChain Japan Work Group will hold its fourth meeting at Toyota’s Midland Square offices on the 13th of June. This event builds on the recent meeting held at Panasonic’s facilities in Osaka with representatives from 15 companies in attendance, and will be a great chance to obtain practical case studies, reference material and to network.
The meeting will be held in Japanese. If you want to attend please reach out to <email@example.com>.
Details in Japanese
Newsletter – Issue 12 – April 2018
OpenChain has reached several important milestones during the last month. The first is a new release of the Specification (see below) but no less important are the strides being seen in adoption, reference material contributions, case studies and local work teams or workshops. It provides a strong start to our quarter with thanks, as always, due to our vibrant community.
The OpenChain Specification version 1.2 was released on the 19th of April at the Legal and Licensing Workshop in Barcelona. This document presents a refined, easier to understand and easier to translate format. Our goal is to open our community to wider participation and adoption.
Specification version 1.2 is the result of contributions of more than 150 people over the past three years. Congratulations and a big thanks to all those who contributed! Each and every contribution, whether or not it resulted in an addition, modification or debate, led to a better specification.
- Download a copy of the specification here: https://wiki.linuxfoundation.org/_media/openchain/openchainspec-1.2.pdf
- Learn more about it here: https://www.openchainproject.org/spec
- Self-certify here: https://www.openchainproject.org/conformance
Feel a little out of your depth? You can get a better understanding of how the specification was developed and what its goals are right here:
The OpenChain Project is delighted to welcome NodeWeaver as the latest organization with an OpenChain conformant program. NodeWeaver is a zero-management hyperconverged infrastructure – that integrates storage, networking and virtualization in a single system. It is built using the same principles of large scale systems used by Google and Amazon, making them available to small and medium enterprises.
Great feedback was provided on their experience with our project:
“With more than 80% of our code being open source, Open Source license compliance is an essential aspect for us” says Carlo Daffara, NodeWeaver’s CEO. “OpenChain helped us in making the process streamlined, repeatable and consistent, and substantially lowered our compliance cost while increasing visibility into all aspect of our production process.”
Learn more here:
But there is more! As mentioned in our last newsletter, we have been working with the British National Health Service and their partners on both conformance and case studies. We are honored to be able to formally announce the first fruits of this collaboration.
We have welcomed AB EHR as an organization with an OpenChain Conformant program, an important step towards practical adoption by NHS providers charged with running technical projects, in this case the Code4Health initiative.
Martin of Source Code Control, the key liaison in this collaboration provided a quote to summarise the value seen:
“We have been supporting Code4Health for a number of years to manage their open source supply chain. The OpenChain Specification has enabled us to validate the processes meet industry best practice and that the solutions being promoted to NHS are best of breed and this can be transparently demonstrated.” Martin Callinan, Director Source Code Control Ltd.
Learn more here:
OpenChain Case Studies
The OpenChain Project is delighted to announce the release of our first case study, a collaboration with NHS England, NHS Digital and AB EHR. This case study offers an insight into how and why the British National Health Service has decided to use the OpenChain Specification as a baseline for effective compliance across its digital projects.
Our first case study is centered around adoption by the service provider AB EHR for the code4health project. This marks the first step in a broader deployment plan across multiple projects and providers in the coming months and years.
You can download the case study here:
OpenChain @ Events
The OpenChain Project was featured at numerous events across the globe in late March and throughout April.
- The first event was in partnership with Moorcrofts in the UK with an OpenChain session at a BCS event in London on the 22nd of March.
- On the same day Software Compliance Academy highlighted the OpenChain Project, curriculum, training and specification at an event hosted on the 22nd March by ZVEI, one of the most important manufacturers’ associations in Germany.
- We were then featured in a keynote on OpenChain at Linaro Connect in Hong Kong (also on the 22nd March!).
- The OpenChain Project was featured at the first Asian Legal Network meeting of 2018 in Tokyo on the 6th of April.
- This was followed by an Asian Legal Network event in Seoul on the 12th of April.
- We had a substantial presence at the Legal and Licensing Workshop Barcelona between the 18th and 20th of April.
- Which overlapped with a simultaneous third meeting of the OpenChain Japan Work Group at the Panasonic headquarters in Osaka on the 19th of April, attended by representatives from 15 companies.
Keep track of all our events here:
Internationalization efforts are being prepared to translate the new OpenChain Specification into our key target languages (Japanese, Chinese, Korean and German). Activity is also underway to provide outcomes from the Japan Work Group sessions to the wider community. Of particular note are several case studies from companies like Panasonic to discuss their experiences and reasons for engagement.
You can expect additional announcements regarding conformant organizations, reference materials and translations in the coming month. The process for developing the OpenChain Specification 1.3 will also get underway. All contributions, suggestions and comments are always welcome.
License and Trademarks
The third meeting of the OpenChain Japan Work Group took place at the Panasonic headquarters in Osaka. This event was attended by around 30 people representing 15 organizations. Topics on the agenda included real world application of the specification to solve supply chain challenges and the collection of case studies from a diverse range of Japanese stakeholders.
The outcomes of the event will be shared in more detail in the coming weeks. As with all Japan Work Group meetings, this event was held in Japanese, and kindly self-organized by our excellent local community.