The OpenChain Reference Tooling Work Group held a series of meetings adjacent to the FOSDEM conference in Brussels. Here are the outcomes and minutes as provided by Oliver Fendt.
It would be good to have information about “who is using which open source tool to do OSS compliance work” to create an overview that might help during internal discussions about appropriate tooling. We did not find an exact solution for this but there was consensus to work on enhancing a planned TODO Group survey with concrete questions about OSS based compliance tool usage. The survey is scheduled to be launched in June 2020.
It would help if we could create a detailed description of the functional building blocks (e.g. license & copyright scanner) available and which tool(s) implement the desired functionality or part thereof. A similar concept is also an outcome of the “requirements” session, see below.
To produce practical glue code a concrete use case is necessary. If you have a concrete use case and the tools intended to address this use case it is easy to identify the glue code required for implementation. This also provides the possibility to address whether the APIs of the tools support the implementation of the use case. When a tool does not support the needed API it is then practical and possible to file a targeted issue for that specific tool.
We intend to create a place where one can share information about different integration scenarios or proof of concepts different person are currently working on, in order to avoid duplicated efforts and to be able to connect to others addressing the same concerns. Two examples: Martin is willing to share the information about his company’s Yocto proof-of-concept and Arun will share information about work in his company.
* Oliver Fendt has taken an action item to create a place (directory) in our Github repo that this and other information can be shared and coordinated.
There is also the possibility that existing tools have integration scenarios with on their roadmap and that for these scenarios glue code is unnecessary. Coordination is key.
There was consensus that documentation is needed to describe the progress from user stories (what do I want/need to do) to capabilities of the functional building blocks that make up the big picture (e.g. License & copyright scanner). It is important to provide concrete instances of tools which implement the necessary capabilities. This will also be a good base to identify needed glue code and/or APIs to be implemented in the concrete tools.
* Oliver Fendt has taken an action item to create an issue about this in our Github repo @ https://github.com/Open-Source-Compliance/Sharing-creates-value/issues/74
If you want to contribute to realize our targeted results you are highly welcome. Jump in and comment on the issues we will create based on these outcomes.
Let’s work together to make this happen
- Mailing list subscription page: https://groups.io/g/oss-based-compliance-tooling
- Our Github repo is https://github.com/Open-Source-Compliance/Sharing-creates-value