This webinar covers a proposal from the Okinawa Open Labs in Japan to help “label” items in the supply chain to increase trust. Our topic was the Trusted Network Introduction – Eco-system based Open Trust Chaining over existing value-chain and supply-chain, and the presenter was MASANORI TSUJIKAWA (辻川公章) from Alaxala.
This webinar features an update on ClearlyDefined by Nick Vidal at the Open Source Initiative (OSI). A lot has happened since we last covered this project for open source metadata, including the move to a new home at OSI.
About The Project
ClearlyDefined and its parent organization, the Open Source Initiative, are on a mission to help FOSS projects thrive by being clearly defined. Lack of clarity around licenses and security vulnerabilities reduces engagement – that means fewer users, fewer contributors and a smaller community.
As such, the goals of the project are to:
Raise awareness about this challenge within FOSS project teams
Automatically harvest data from projects
Make it easy for anyone to contribute missing information
Crowd-source the curation of these contributions
Feed curated contributions back to the original projects
This webinar features Alexios Zavras, Chief Open Source Compliance Officer at Intel Corporation and a long-term friend and collaborator around the OpenChain Project. This time the topic was SPDX 3.0, a significant generational update to SPDX, a sister standard to OpenChain ISO/IEC 5230 and OpenChain ISO/IEC DIS 18974.
SPDX is a Software Bill of Materials (SBOM) specification, so it operates one layer down from the fundamental processes outlined by OpenChain’s standards, and it provides an excellent way to meet our requirements for an SBOM to be used by companies. The second generation of SPDX has been an ISO/IEC standard for two years as ISO/IEC 5962. The third generation shows interesting promise as a way to manage license compliance, security and more.
This OpenChain Webinar featured a FOSDEM recap by Philippe Ombredanne of NexB for everyone who did not attend the event in Belgium at the start of 2023. In 2023 FOSDEM had over 8,000 participants and 771 presentations, making it one of the largest open source events in the world by a large margin. This webinar will be of particular interest to people exploring open source tooling for open source compliance or security.
This OpenChain Webinar features an overview of GPLv2 licensing fragmentation based on research initiated by Philippe Ombredanne of NexB and continued by Armijn Hemel of Tjaldur Software Governance Solutions. The key takeaway is that a significant number of variations exist (40 “vanilla” copies from the FSF or GNU website, 12 with the Linux kernel linking exception in the Linux kernel), but the impact of these variations is nuanced. The requirements do not change but the variability may throw errors for automation and review. Process awareness is required.
This OpenChain Webinar features OSSelot, an open source curation database recently launched by OSADL in Germany. This project addresses one of the most requested features around open source automation for open source compliance: an open, public database supporting SBOM (via SPDX ISO/IEC 5962) for common software packages. This could be a game-changer.
This OpenChain webinar was released as a recording adjacent to the Open Compliance Summit keynotes here in Yokohama, Japan. This time we are having ‘A WebAssembly Fireside Chat with Armijn Hemel,’ unpacking work being done around WebAssembly, compliance and the questions lawyers can usefully ask.
Get the full report Armijn prepared for Linux Foundation here:
This webinar covers The Eclipse Software Defined Vehicle (SDV) Project. SDV is a Working Group within the Eclipse Foundation that facilitates open source development of automotive software. The aim is to provide a forum for individuals and organizations to build and promote open source solutions for worldwide automotive industry markets. Using a “code first” approach, SDV-related projects focus on building the industry’s first open source software stacks and associated tooling for the core functionality of a new class of automobile.
This webinar covers a new project by Heather Meeker to capture the voices of people behind the open source community and its growth to dominate the software industry as a whole.