The minutes are below. The slides discussed during the meeting are also below for reference.
Oliver gave an overview about “what happened since last meeting”
Two new user stories are available in the Github repo:
Initial user story – Software-Developer-Epic.md https://github.com/Open-Source-Compliance/Sharing-creates-value/blob/master/User-Stories/Software-Developer-User-Stories/Software-Developer-Epic.md
Initial user story – Compliance-Assistant-Epic.md https://github.com/Open-Source-Compliance/Sharing-creates-value/blob/master/User-Stories/Compliance-Assistant-User-Stories/Compliance-Assistant-Epic.md
A new version of the one pager slide was circulated on the mailing list. The objective is to have the first release next week.
Oliver presented an overview of the interesting session from an OSS compliance perspective at Eclipsecon.
Alexios asked about an overview of the interesting sessions at OSS Summit Europe. Michael J. sent an email with interesting talks at the OSS Summit Europe to the mailing list.
Lars gave an overview about their work concerning automation and integration of the OSS compliance tools in the CI/CD workflow. He introduced two use cases (please see attached slides):
1. Automatic management of 3rd party dependencies
This use case applies to “normal” software development, where the OSS component approval is triggered by the integration of the component.
2. Upfront dependency approval
This use case applies to software development in regulated environments like safety critical systems, where the OSS components which will be integrated must be known upfront. If an unknown component is detected this will cause a policy violation.
Aaron added that this use case is also common in the financial sector.
Lars mentioned that for having an overview about the licensing situation scancode is used and for the curation, approval and release FOSSology is used.
He gave a nice live demo showing the working implementation of use case 1. Oliver mentioned that this demo covers the following functional blocks of the big picture:
Source package downloader
License & Copyright Scanner
Component & application inventory
FOSS Compliance Bundle generator
The documentation of use case 1 is available on https://eclipse.github.io/antenna/1.0.0-SNAPSHOT
3. Next Steps
Kate mentioned that there is no user story covering the recipients of the compliance artifacts – the persons/organizations receiving the results of the process and results produced by the toolchain. Oliver said that such a user story will be added.
The next regular Wednesday meeting will be on 6th of Nov. On 10th of Oct there is the face to face meeting in Darmstadt