Category

News

OpenChain Specification 2.0 Available In Russian

By Featured, News

The official reference translation of the OpenChain Specification 2.0 is now available in Russian thanks to Denis Dorotenko (Yandex) and Pavel Lugovoy (independent counsel). This marks another important milestone for our project, providing greatly increased geographic coverage for our work, and helping to support engagement in a country with a long history of technology leadership.

Get OpenChain 2.0 In Russian (PDF)

Help With Translation Into Other Languages

OpenChain Virtual Meeting Support – Open to All

By Featured, News

The OpenChain Project has a global community of organizations working together to make open source compliance faster, easier and more effective. We have local work teams in China, Japan, Korea, Taiwan, India and Germany, as well as international work teams covering automotive, reference tooling and education.

With physical meetings on pause due to COVID-19 we are providing enhanced support for remote meetings to our work teams, to organizations and to people who want to make use of remote conferencing. Our Zoom room provides you with video chat for up to 100 people, screen sharing and other features to run meetings, webinars and round tables. There is no cost and there are no restrictions to use as long as the topic is open source compliance.

You can book a meeting at the link below. Each meeting slot is 1 hour. Priority is for OpenChain meetings, so other compliance discussion bookings may be adjusted if there is overlap. We do not envision this happening often.

Schedule a Meeting

Please note: the organizer or host should schedule a meeting on our system and then invite their attendees separately. Our booking system is just for letting organizers know which slots are available. All meetings take place without passwords or entry codes. All meetings have video and audio recorded by our system for potential later review.

The OpenChain Webinars: Bi-Weekly Connections Across The World

By Featured, News

Over the last three years the OpenChain Project has held bi-weekly calls on the First Monday (9am Pacific) and Third Monday (5pm Pacific) of each month. These calls have driven forward our standard for open source compliance and a large corpus of supportive reference material. Today we are at an inflection point and we have an opportunity to enhance our service to the global community.

With less emphasis right now on editing our standard (the forthcoming ISO version is fully baked) and our reference material largely produced via local work teams, there is an opportunity to launch an on-going series of webinars that provide access to people and knowledge that we would otherwise obtain at events.

We kick off on Monday the 6th of April at 9am Pacific with two guest speakers.

Dr. Nikolay Harutyunyan will speak about ‘Corporate Open Source Governance of Software Supply Chains’, a talk based on recently published research constituting material from a literature review of 87 publications, a qualitative survey of 20 primary materials and 21 expert interviews at 15 companies. This bridged into a 2.5-year longitudinal study into a company that was just getting started with open source governance and following their evolution.

Armijn Hemel, MSc will speak about Docker container compliance. He has an extensive background as an internationally recognized expert in the field of GPL license compliance engineering with a particular focus on practical solutions to real-world product and service challenges. While best known for his work in embedded technology, Armijn has been exploring the topic of container compliance in recent years, and has been at the forefront of defining best practices in this space.

Each talk will run for 10~15 minutes and there will be plenty of time for questions, comments and suggestions. As with all OpenChain Project activities, our goal is to facilitate knowledge-sharing between peers.

Everyone is invited to join this free webinar via zoom. It will also be recorded and made available later on our website. Additionally, our Third Monday April webinar schedule will be announced soon. Watch this space.

Join Our Zoom Meeting

One Tap Telephone (no screensharing)

  • +358 9 4245 1488,,9990120120# Finland
  • +33 7 5678 4048,,9990120120# France
  • +49 69 7104 9922,,9990120120# Germany
  • +852 5808 6088,,9990120120# Hong Kong
  • +39 069 480 6488,,9990120120# Italy
  • +353 6 163 9031,,9990120120# Ireland
  • +81 524 564 439,,9990120120# Japan
  • +82 2 6105 4111,,9990120120# Korea
  • +34 917 873 431,,9990120120# Spain
  • +46 850 539 728,,9990120120# Sweden
  • +41 43 210 71 08,,9990120120# Switzerland
  • +44 330 088 5830,,9990120120# UK
  • +16699006833,,9990120120# US (San Jose)
  • +12532158782,,9990120120# US

Find your local number: https://zoom.us/u/abeUqy3kYQ
Not all countries have available numbers.

After dialing the local number enter 9990120120#

OpenChain in Q2 – Continuing Leadership, Continuing Support

By Featured, News

The global lockdown due to the spread of COVID-19 is a unique historical moment. We are seeing both great success and great challenges in addressing this disease, and at all times there is an awareness that it can impact our close friends and families. To a large extent the OpenChain community is fortunate. Many of our companies allow us to work from home. Many of us are near excellent health services. We are well-positioned to weather this storm.

That said, COVID-19 has disrupted all of our supply chains and it has created a situation where face-to-face meetings have been completely supplemented by remote services. Different companies are at different stages in using such systems and we inevitably face a combination of adjusted priorities and delays in this situation. Open source license compliance is just one component among thousands as we collectively try to maintain services and to bring products to market in a changed world.

During Q1 our community has continued to function effectively. We launched our German Work Group. Our Asian work groups (China, Japan, Korea, Taiwan and India) either proceeded entirely remotely or deferred certain activities while continuing core work remotely. Our global automotive and reference tooling work groups continue to bring people together and – in the case of tooling – edge ever closer to describing fully-formed methods for companies to deploy open source tooling for open source compliance automation. Most importantly, our work in bringing OpenChain through the ISO process has continued, and we remain on track for deployment as an official ISO standard in 1H 2020. 

Looking forward I would highlight three activities that can help drive us forward and address immediate market requirements.

  1. We keep pushing our ISO work. This will be a critical development for assisting sales and procurement departments in their understanding, adoption and deployment of our industry standard.
  2. We work to bridge the physical divide that our community faces due to the pandemic. To make this happen I am going to pivot our bi-weekly calls. With less emphasis on editing our standard (the forthcoming ISO version is fully baked) and our reference material largely produced via local work teams, there is an opportunity to launch an on-going series of webinars to provide access to people and knowledge that we would otherwise obtain at events. The timing schedule remains the same (first Monday, third Monday). Full announcement later today.
  3. We seek to address the growing market demand for clarity on automation via our Reference Tooling Work Group. Today I am putting out a request to our tooling work group to accelerate activity around one or more turn-key reference implementations of open source tooling for open source compliance. I believe this will provide both the opportunity to guide more companies onto automation in compliance and – just as importantly – it will provide a clear understanding of gaps in existing tools. The latter point will allow us to provide “shopping lists” to activities like ACT, which is a funding umbrella for a growing number of open source tooling projects.

You fit into every part of this

  • Join our webinars as part of the audience or as presenters. Ask questions and provide answers. Bridge the knowledge gaps that we all benefit from closing. 
  • Participate in our local work groups (virtually for now), helping to create reference material in multiple languages that takes companies forward in their desire to deploy the key requirements of quality open source compliance programs.
  • Take part in our global work groups (reference tooling, automotive, education) and help to tie together whole-sector understanding and responses. 

You can get started right away.

Over the last 34 months we have redefined how open source compliance is approached. We have built an industry standard that is seeing accelerating adoption. We have produced over 400 documents of reference material to support this standard. Our educational material has become a new baseline for how companies approach the training of their staff. Above all, as a virtual-first community, we are positioned to provide a pillar that visibly, effectively guides the global expanse of companies adopting, developing and deploying open source in products and services.

OpenChain is an ambitious project that has experienced exceptional success in defining what constitutes a quality open source compliance program. We are equally successful in fostering exceptional local and global communities that redefine how organizations collaborate on shared solutions. In our space, and in the wider open source community, there has never been a better time to help reduce friction and help people work together.

Let’s take this forward.

OpenChain Taiwan Work Group Launches New Website!

By Featured, News

Access the most comprehensive OpenChain information in Traditional Chinese here.

OpenChain 臺灣網站正式上線!

https://openchain-project.github.io/OpenChain-TWG/

OpenChain提供一致性方案可以涵蓋單個產品線或整個組織,在開源裡建立信任以構建軟體解決方案。

臺灣網站旨在提供繁體中文的OpenChain相關內容以及活動資訊.

若對網站內容有任何指教, 歡迎各位先進提交修改

https://github.com/OpenChain-Project/OpenChain-TWG

Telegram 討論頻道

https://t.me/joinchat/O6BDhVXYm17Bm8_4s-aZIg

訂閱臺灣 OpenChain 官方社群 Mailing List

https://lists.openchainproject.org/g/taiwan-wg

OpenChain Reference Tooling Work Group – Next Meeting April 8th at 9am UTC+2

By News

Proposed Agenda

1. Continue on best practices for container compliance  

Join The Call

To enjoy the best possible experience while working with Circuit on your desktop computer, try Circuit Desktop App, Chrome or Firefox.

  • To participate in a voice-only conference, dial one of the below numbers and enter this code: 6784 3507 96 #
  • Your microphone will be muted. Press *3 to unmute it.

Frequently used dial-in numbers:

Canada (English): +19292704096
  tel:+19292704096,,6784350796#

China, Peoples Republic (中文): 4008198763
  tel:4008198763,,6784350796#

Germany (Deutsch): +498923128020
  tel:+498923128020,,6784350796#

Spain (Español): +34912158038
  tel:+34912158038,,6784350796#

United Kingdom (English): +442076606076
  tel:+442076606076,,6784350796#

United States (English): +19292704096
  tel:+19292704096,,6784350796#

All dial-in numbers:

Argentina (Español): +541159842552
  tel:+541159842552,,6784350796#

Australia (English): +61282784325
  tel:+61282784325,,6784350796#

Austria (Deutsch): +4313602774621
  tel:+4313602774621,,6784350796#

Belgium (English): +3226200317
  tel:+3226200317,,6784350796#

Brazil (English): +551138788268
  tel:+551138788268,,6784350796#

Bulgaria (English): +35929358238
  tel:+35929358238,,6784350796#

Canada (Français): +18887768707
  tel:+18887768707,,6784350796#

Canada (English): +18887768708
  tel:+18887768708,,6784350796#

Canada (English): +19292704096
  tel:+19292704096,,6784350796#

Canada (Français): +15148412132
  tel:+15148412132,,6784350796#

Chile (Español): +56226188362
  tel:+56226188362,,6784350796#

China, Peoples Republic (中文): 4008198763
  tel:4008198763,,6784350796#

Colombia (Español): +5714864866
  tel:+5714864866,,6784350796#

Costa Rica (Español): +50625397362
  tel:+50625397362,,6784350796#

Croatia (English): +38517776197
  tel:+38517776197,,6784350796#

Czech Republic (English): +420225382900
  tel:+420225382900,,6784350796#

Denmark (English): +4535158116
  tel:+4535158116,,6784350796#

Dominican Republic (Español): +18299566315
  tel:+18299566315,,6784350796#

Ecuador (Español): +1800000742
  tel:+1800000742,,6784350796#

El Salvador (Español): +50321367565
  tel:+50321367565,,6784350796#

Estonia (English): +3726868885
  tel:+3726868885,,6784350796#

Finland (English): +358981710072
  tel:+358981710072,,6784350796#

France (Français): +33185148486
  tel:+33185148486,,6784350796#

Germany (Deutsch): +498923128020
  tel:+498923128020,,6784350796#

Greece (English): +302111809487
  tel:+302111809487,,6784350796#

Guatemala (Español): +50223661200
  tel:+50223661200,,6784350796#

Hungary (English): +3614292267
  tel:+3614292267,,6784350796#

Indonesia (English): +622150851722
  tel:+622150851722,,6784350796#

Ireland (English): +35315339866
  tel:+35315339866,,6784350796#

Israel (English): +97237207564
  tel:+97237207564,,6784350796#

Italy (Italiano): +390699748020
  tel:+390699748020,,6784350796#

Japan (English): +81366344738
  tel:+81366344738,,6784350796#

Kazakhstan (English): +77273122918
  tel:+77273122918,,6784350796#

Korea South (English): +82264108576
  tel:+82264108576,,6784350796#

Latvia (English): +37166163137
  tel:+37166163137,,6784350796#

Lithuania (English): +37052141723
  tel:+37052141723,,6784350796#

Luxembourg (Français): +35227300013
  tel:+35227300013,,6784350796#

Malaysia (English): +60320535108
  tel:+60320535108,,6784350796#

Mexico (Español): +525550912420
  tel:+525550912420,,6784350796#

Morocco (English): +212520480311
  tel:+212520480311,,6784350796#

Netherlands (English): +31207219093
  tel:+31207219093,,6784350796#

Norway (English): +4723500290
  tel:+4723500290,,6784350796#

Oman (English): +96880074490
  tel:+96880074490,,6784350796#

Oman (English): 80074490
  tel:80074490,,6784350796#

Pakistan (English): +92518108858
  tel:+92518108858,,6784350796#

Peru (Español): +5117087113
  tel:+5117087113,,6784350796#

Philippines (English): +63283953534
  tel:+63283953534,,6784350796#

Poland (English): +48225048376
  tel:+48225048376,,6784350796#

Portugal (English): +351210608117
  tel:+351210608117,,6784350796#

Romania (English): +40311305020
  tel:+40311305020,,6784350796#

Russian Federation (Русский): +73433511796
  tel:+73433511796,,6784350796#

Russian Federation (Русский): +74232492964
  tel:+74232492964,,6784350796#

Russian Federation (Русский): +74957459864
  tel:+74957459864,,6784350796#

Russian Federation (Русский): +78127186937
  tel:+78127186937,,6784350796#

Singapore (English): +6563131571
  tel:+6563131571,,6784350796#

Slovakia (English): +421250112159
  tel:+421250112159,,6784350796#

Slovenia (English): +38616002736
  tel:+38616002736,,6784350796#

South Africa (English): +27118446101
  tel:+27118446101,,6784350796#

Spain (Español): +34912158038
  tel:+34912158038,,6784350796#

Sweden (English): +46851992037
  tel:+46851992037,,6784350796#

Switzerland (English): +41225675325
  tel:+41225675325,,6784350796#

Thailand (English): +6621040793
  tel:+6621040793,,6784350796#

Turkey (English): +902123755830
  tel:+902123755830,,6784350796#

United Arab Emirates (English): 800035704335
  tel:800035704335,,6784350796#

United Kingdom (English): +442076606076
  tel:+442076606076,,6784350796#

United States (English): +19292704096
  tel:+19292704096,,6784350796#

Uruguay (Español): +59829028657
  tel:+59829028657,,6784350796#

Venezuela (Español): +582123358895
  tel:+582123358895,,6784350796#

Vietnam (English): +842844581451
  tel:+842844581451,,6784350796#

OpenChain Reference Tooling Work Group – Minutes of the March 25th Meeting

By News

1. News
Oliver informed all that Haksung created an overview about sw360 in Korean language.
Further Oliver created a new branch “containers” in our Github repo and provided there the material shown in the last meetings. The idea is to collect all material about containers and license compliance in the directory “Container-License-Compliance”, once having good content available Oliver wants to reach out to Shane and ask him whether is would be possible to generate an official OpenChain “container compliance leaflet”.

Alexios shared that the development of SPDX-3.0 has started. SPDX-3.0 will support different profiles which will implement different use cases. Now there is a good opportunity to introduce changes to the SPDX standard, which break backward compatibility, since the version 3.0 will not be backward compatible with the previous versions. He also said if there are requirements towards the specification from our side, we are warmly welcome to contribute them. The new version will contain examples how it shall be used.
The Github repos of SPDX specification can be found here: https://github.com/spdx/spdx-spec

2. License compliant containers:
Oliver presented the content of the branch and the directory https://github.com/zvr/Sharing-creates-value/tree/containers/Container-License-Compliance . There was the comment that we shall also provide a “Q&A” on which tools shall be used in order to achieve the best practices. Further is was suggested to provide also a description of the desired results  and provide concrete examples.

3. New features in sw360
Michael presented the new features implemented in sw360. There will be changelog functionality in order to verify who changed what. Sw360 is able to “read” SPDX Boms and to generate the corresponding data. He asked for support in further testing this feature because there are many different scenarios, which have to be covered. The integration of sw360 with FOSSology via REST API is improved and FOSSology scans can be triggered automatically.
There was the question whether sw360 is able to generate the “OSS disclosure document” – yes it is possible to generate the OSS disclosure document with sw360. There are two options available to do that – either via REST API or via GUI. The same applies to the generation of the source code bundle.

4. Next steps:
Next meeting will be at 8th of April the invitation was sent to the mailing list
Proposed Agenda Item: continue on best practices for container compliance

Review The Slides Presented

https://www.slideshare.net/ShaneCoughlan3/12th-meeting-openchain-reference-tooling-work-group-25th-march-slides 

OpenChain Korea Work Group Meeting # 5 – Video Minutes – 19th March

By News

The full video minutes of our most recent OpenChain Korea Work Group meeting are now available. This was a virtual meeting due to the COVID-19 situation. Great thanks to all involved in hosting the event and preparing this video! Special thanks to Haksung Jang @ SK Telecom and Seo Yeon Lee @ LINE for getting these post event reports together.

Keep Up With The Korean Work Group

Join The Korean Mailing List

ようこそOpenChain Japan WGへ!

By Featured, News

はじめに

こんにちは。あるいは、はじめまして。
OpenChain Japan WGのアドベントカレンダーへようこそ!
私たちOpenChain Japan WGは、OSS(Open Source Software)のコンプライアンスに関する活動をしている日本のコミュニティです。
これから25日間にわたって、コミュニティのみんなでたくさんのことをお伝えしていきたいと思います。このアドベントカレンダーを通して、私たちの活動やOSSコンプライアンスの重要性について知っていただくとともに、コミュニティのメンバーについても知っていただき、参加したいなと思っていただけるようになれば幸いです。
どうぞよろしくお願いします。

自己紹介

アドベントカレンダーのトップバッターを務めさせていただきます渡邊歩です。OSSの活用に関するコンサルテーションを生業としています。
好きなライセンスは、Beerware Licenseです。
OSSコンプライアンスについては8年ほどのキャリアになりますが、OSS管理のベストなやり方を提案し、お客様と一緒にOSS管理のプロセスを作りあげていくお仕事をしています。

OpenChainについて

OpenChainは、Linux Foundationの公式プロジェクトのひとつで、OSSのライセンスコンプライアンスプログラムを組織が構築するための指針を整備しているプロジェクトです。OpenChainは、ソフトウェアのサプライチェーンの中で活動する人々が各組織内に確立すべきコンプライアンスプログラムの要件を、OpenChain仕様として定義し、各組織がそれらを確立するための支援を行っています。

Japan WGについて

OpenChain Japan WGは、日本で活動するOpenChainのワーキンググループで、日本企業ならではの課題や解決策について議論や情報交換を行っています。Japan WGの中には更にPlannning, Tooling, Promotion, FAQ, リーフレット, 教育資料, ライセンス情報など、たくさんのサブワークグループがあり、それぞれが活発に活動しています。このアドベントカレンダーでは、それぞれのサブワークグループのリーダーによる活動報告もありますのでお楽しみに!

我々のまとめ役、Shaneさん

OpenChainのゼネラルマネージャーのShane Coughlanさんは、我々のまとめ役として、我々の活動をいつも、温かく応援してくれています。
Shaneさんからのコメントを紹介します!

The OpenChain Project defines the industry standard for open source compliance. It identifies the inflection points where a process, or a policy, or a training program should exist. At a high level, it takes the knowledge of thousands of people from hundreds of companies in this space, and it condenses it into clear, unambiguous definitions that any company in any market can adopt.

The OpenChain industry standard does not dictate the content of each process, policy or training program because it needs to be applicable to companies of all sizes in all markets. However, we have a super active and supportive community. There is reference material of all sorts – including entire reference training programs or multi-industry policy options – accessible via our website.

Indeed, the community of the OpenChain Project is our most valuable asset. We have local work groups in China, India, Japan, Korea and Taiwan. We have global mailing lists for the project as a whole, for automated tooling, for automotive. There is an incredible amount of energy and passion around collaboration in this space. We are all learning, and improving, due to this.

The OpenChain Japan Work Group holds a special place in my heart. It was our first local work group and it is our largest, most successful local community activity. People from so many companies and situations join together, share their thoughts, and collaborate to make things better. It captures the heart of open source. I hope that you can experience some of this during our 25 day advent calendar.

(日本語訳)
OpenChainプロジェクトは、オープンソースコンプライアンスを実施するために必要な業界標準を定義しています。この業界標準は、組織にオープンソースコンプライアンスが定着することを、プロセス、ポリシー、トレーニングプログラムが存在することと定義しています。高いレベルで、この分野の数百の企業の数千の人々の知識を、明確で不明瞭さのない定義へと凝縮させています。このため、この定義はあらゆる市場の企業に適用できるものになっています。

OpenChain業界標準は、すべての市場のあらゆる規模の企業に適用できる必要があるため、プロセス、ポリシー、トレーニングプログラムの具体的な内容には触れません。しかしながら、我々には非常に活発で協力的なコミュニティがあり、有益な情報を相互に共有することができます。あらゆる種類の参考資料(網羅的なトレーニングプログラムや複数業種に適用できるポリシーなど)を、我々のWebサイトから入手することができます。

OpenChainプロジェクトのコミュニティは、まさに我々の最も貴重な財産とも言えるものでしょう。中国、インド、日本、韓国、台湾などにローカルワークグループがあります。また、OpenChain全体(グローバル)のメーリングリスト(ML)にも、プロジェクト全体のML、コンプライアンスの自動化ツールのML、自動車分野のMLが存在しています。各地域のワーキンググループや各トピックのメーリングリストを通じて行われるコラボレーションには、信じられないほどのエネルギーと情熱があります。このような「熱い」コラボレーションにより、私たちは皆、これにより新たな気付きを得、自ら改善することができるのです。

OpenChain Japan WGは私にとって特別なものです。我々OpenChainにとって初のローカルワークグループであり、かつ最も大きくかつ成功しているローカルコミュニティでもあります。多様な企業、異なる状況にあるメンバーが一緒に活動し、意見を交換しながらより良いものを目指して協力しています。これはオープンソースの精神そのものであると思います。このアドベントカレンダーの読者の方が25日間を通して我々の活動を体感していただければ嬉しく思います。

明日のテーマは・・・

明日のテーマは「Planningサブワークグループの紹介」です。
担当は、いつもワーキングの色々なタスクを率先してやって下さる、とっても優しい今田さんです。
では明日の記事をお楽しみに!!

来週:

OpenChain プロジェクトおよび OpenChain Japan WG のご紹介

OpenChain Reference Tooling Work Group – Activity Epics

By Featured, News

Legal Assessor Epic

A legal assessor might be a lawyer or a special trained person who cares about licenses which apply to applications that include OSS and/or other third party software.

Explore Their Epic

Software Architect Epic

This epic describes briefly the role, responsibilities, tasks and how the software architect interacts with the toolchain in order to accomplish his tasks in an efficient way.

Explore Their Epic

Software Developer Epic

This epic describes briefly the role, responsibilities, tasks and how the software developer interacts with the toolchain in order to accomplish his tasks in an efficient way.

Explore Their Epic

Compliance Assistant Epic

This epic describes briefly the role, responsibilities, tasks and how the compliance assistant interacts with the toolchain in order to accomplish his tasks in an efficient way.

Explore Their Epic

ECC Expert Epic

A ECC expert (export control and customs) might be a lawyer or a special trained person in export control regulations who cares about all export control classifications for applications which are delivered that include OSS and/or other third party software.

Explore Their Epic

Explore More Epics

The Work Group has created a range of further epics or use cases. These are living documents and your contribution is welcome alongside your use.