2019-07-31 OSR WG Meeting Notes

Owned by Aaron Williamson
Last updated: Aug 20, 2019
2 min read

Table of Contents

7/31/2019 10AM EST

Attendees

NameOrganizationGithub ID
Michael StolzSiemens
Andrew AitkenWipro
Mas NakachiAxoni
Rich HeironimusFreddie Mac 
Sally EllardDeutsche Bank
Simon HoltJP Morgan
Gabriel SmadiAxoni
Aaron WilliamsonFINOS
Rob Underwood (Deactivated)FINOSbrooklynrob
Aitana MyohlFINOSaitana16
Mark HoareDeutsche Bank

Agenda

TimeItemWhoNotes from the Meeting
5 minConvene & roll call

Aaron Williamson


40 minOpen Source Compliance ToolingMichael C. Jaeger (Siemens)

Abstract

Michael C. Jaeger is one of the maintainers for Linux Foundation's FOSSology and Eclipse SW360 projects, both available on Github and both in the area of OSS handling w.r.t. license compliance and component management. He will present an overview of both of these projects, as well as the Linux Foundation's efforts to create a common open source compliance workflow and tooling via its ACT project.

At Siemens Corporate Technology in Munich, Germany, Michael works in several roles as project lead, software architect, trainer and consultant for distributed systems, server applications and their development with open source software.

Slides

Notes from talk

  • About Michael:
    • OSS handling. Provide different Siemens offices with license disclosure documents. Decided we should be using license compliance tools should that were open source as well.
    • FOSSology maintainer
  • What is FOSSology: originally Linux Foundation collaboration. It's a linux server application. 
  • FOSSology: in order to run, you need to have a license statement inside. FOSSology is not able to identify information from binaries. It scans for natural language written in whatever file you upload to the FOSSology server. Scans exclusively for licenses. 
  • Why is FOSSology special?
    • Overview: you may have very large OS packages and if you want to understand the licensing situation you'll find different subfolders with different licenses. FOSSology gives you a hierarchy, allows the OS compliance expert to navigate this archive of different OS components, which is not a trivial task.
    • Recursive unpacking of files
    • Highlights: not only scans files, but is specialized in reviewing what has been found, highlighting relevant content.
  • Question: more context about the compliance piece. 
    • The reason we created FOSSology was to determine the exact license terms. Because: (1) you'd like to ensure you have the necessary rights, (2) you may have obligations, too and you need to know what they actually say. 
    • FOSSology comes with a database of 500 licenses. can identify licenses, can maintain a list of obligations that need to be fulfilled under particular licenses
    • also able to import external licenses
  • Automation
  • SW360: REST API: checks approved components. Automatically uploads SPDX to components. Synchronizes component catalogue with other tools
5 minAny other business & adjournment



Decisions Made

N/A

Action Items

  •  


Need help? Email help@finos.org we'll get back to you.

Content on this page is licensed under the CC BY 4.0 license.
Code on this page is licensed under the Apache 2.0 license.