Michael Stolz

Siemens

Andrew Aitken

Wipro

Mas Nakachi

Axoni

Rich Heironimus

Freddie Mac 

Sally Ellard

Deutsche Bank

Simon Holt

JP Morgan

Gabriel Smadi

Axoni

@Aaron Williamson

FINOS

@Rob Underwood (Deactivated)

FINOS

brooklynrob

@Aitana Myohl

FINOS

aitana16

Mark Hoare

Deutsche Bank

5 min

Convene & roll call

@Aaron Williamson

40 min

Open Source Compliance Tooling

Michael C. Jaeger (Siemens)

Abstract

Michael C. Jaeger is one of the maintainers for Linux Foundation's FOSSology and Eclipse SW360 projects, both available on Github and both in the area of OSS handling w.r.t. license compliance and component management. He will present an overview of both of these projects, as well as the Linux Foundation's efforts to create a common open source compliance workflow and tooling via its ACT project.

At Siemens Corporate Technology in Munich, Germany, Michael works in several roles as project lead, software architect, trainer and consultant for distributed systems, server applications and their development with open source software.

Slides

Open

Notes from talk

• About Michael:

  • OSS handling. Provide different Siemens offices with license disclosure documents. Decided we should be using license compliance tools should that were open source as well.

  • FOSSology maintainer

• What is FOSSology: originally Linux Foundation collaboration. It's a linux server application. 

• FOSSology: in order to run, you need to have a license statement inside. FOSSology is not able to identify information from binaries. It scans for natural language written in whatever file you upload to the FOSSology server. Scans exclusively for licenses. 

• Why is FOSSology special?

  • Overview: you may have very large OS packages and if you want to understand the licensing situation you'll find different subfolders with different licenses. FOSSology gives you a hierarchy, allows the OS compliance expert to navigate this archive of different OS components, which is not a trivial task.

  • Recursive unpacking of files

  • Highlights: not only scans files, but is specialized in reviewing what has been found, highlighting relevant content.

• Question: more context about the compliance piece. 

  • The reason we created FOSSology was to determine the exact license terms. Because: (1) you'd like to ensure you have the necessary rights, (2) you may have obligations, too and you need to know what they actually say. 

  • FOSSology comes with a database of 500 licenses. can identify licenses, can maintain a list of obligations that need to be fulfilled under particular licenses

  • also able to import external licenses

• Automation

• SW360: REST API: checks approved components. Automatically uploads SPDX to components. Synchronizes component catalogue with other tools

5 min

Any other business & adjournment