OpenChain Work Team Call Agenda 03-18-2019

1. 03-18-2019
OpenChain Workgroup - The Linux Foundation
All materials are made available under the Creative Commons CC0 1.0 Universal license.

2. Antitrust Policy Notice
› Linux Foundation meetings involve participation by industry competitors, and it is the
intention of the Linux Foundation to conduct all of its activities in accordance with applicable
antitrust and competition laws. It is therefore extremely important that attendees adhere to
meeting agendas, and be aware of, and not participate in, any activities that are prohibited
under applicable US state, federal or foreign antitrust and competition laws.
› Examples of types of actions that are prohibited at Linux Foundation meetings and in
connection with Linux Foundation activities are described in the Linux Foundation Antitrust
Policy available at http://www.linuxfoundation.org/antitrust-policy. If you have questions
about these matters, please contact your company counsel, or if you are a member of the
Linux Foundation, feel free to contact Andrew Updegrove of the firm of Gesmer Updegrove
LLP, which provides legal counsel to the Linux Foundation.
2

3. Agenda • Roll call
• Project Update
• In-Toto - An Example of Open Source Tooling
• Onboarding Work Team
• Specification Work Team
3

4. Project Update
• Fujitsu has been announced as the latest Platinum Member.
• We had a great workshop at the Leadership Summit on March 13th:
tl;dr: OpenChain is going to ISO - Mark Gisi is finalizing the ISO spec (2.0)
• Our new conformance web app is now live in English and Japanese:
https://certification.openchainproject.org/
• OpenChain will co-host an event in Shenzhen on March 22nd.
4

5. In-Toto - a New York University Project
• Over to our guest speaker, Justin Cappos
• What is In-Toto?
• How can In-Toto support OpenChain Conformance?
5

6. Onboarding Work Team
• Finalizing the Path to Conformance, a document that will become a page on the
website.
• This document is nearly ready and will be featured front and center on the
website:
https://docs.google.com/document/d/1ySsqu-XoivV5FrNQOEVdpgfI7Q_ltrkBrD
ncayMoy4o/edit
6

7. Onboarding Work Team
• For the Path to Conformance, I think we are ready to go forward with the
content I have. We are light in a few areas, but once the page is up it will be
easier to solicit new content.
• We are making a final call to review content for Level 1... content to help
understand and assess open source risks. Even links to third party content
would be helpful.
• Note that I also added a step 5, basically asking once someone has conformed
to OpenChain, then what? We should have some resources to help our
community members bring their supply chain partners on board as well.
7

8. Specification Work Team
• The latest draft of the next version of OpenChain Specification can be found
here:
https://wiki.linuxfoundation.org/_media/openchain/openchainspec-2.0.draft.p
df
• A marked up version can be found here:
https://wiki.linuxfoundation.org/_media/openchain/OpenChainSpec-2.0.draft.
MarkUp.pdf
• Recent updates can be found in yellow and blue highlights.
8

9. Specification Work Team
Remaining Steps:
• Continue to discuss recently received feedback and work through
remaining outstanding issues listed on the spec’s github account:
https://github.com/OpenChain-Project/Specification/issues
• The wider public comments stage has commenced and will concluded
on March 22nd
• The draft freeze period will begin on March 23rd
9

10. Thoughts?
Questions?
2017OpenChain Workgroup - The Linux Foundation 10