2019-01-30 OSR WG Meeting Notes
Table of Contents
Date/Time
1/30/2019
Attendees
Name | Organisation |
---|---|
FINOS | |
GitHub | |
AQR | |
Morgan Stanley | |
Sally Ellard | Deutsche Bank |
GreenKey | |
Erica Sivak | GitHub |
Nathan Herald | GitHub |
FINOS | |
ScottLogic |
Agenda
Time | Item | Who | Notes from the Meeting |
---|---|---|---|
5 min | Convene & roll call | ||
25 min | Draft License Compliance Guide Discussion of the privately-circulated open source license compliance guide being produced by the FINOS OSR program. | Aaron Williamson | Aaron introduced the license compliance handbook that had been circulated to participants before the meeting. He discussed the purpose an limitations of the guide and demonstrated its "source" and display formats. He then walked through one example to show out the guide should be read and answered questions about it. Several participants pointed out that the abbreviations for different compliance use cases were undefined and Aaron took an action to add that and other information to the display formats. |
20 min | Data Sovereignty & Location Discussion of member needs, policies, and concerns regarding location of data hosted by external service providers. | Jamie Jones | Erika Sivak from GitHub asked the members what concerns their firms have around data sovereignty and the location of hosted data. Most participants had not dealt with data sovereignty or location issues in developing their open source processes and were not involved in policy issues regarding their firms' cloud transition. One vendor representative said that their institutional bank customers were primarily concerned with ISO 27001 and ITIL compliance. Aaron Williamson said that, for their open source processes, FINOS institutional bank members' primary concern was with surveillance of communications. One participant said that their bank's compliance department performed a review of their GitHub interactions to determine requirements for compliance with electronic communications policies, and found that the data should be classed as IT system infrastructure data and subject only to a retention requirement (rather than the surveillance requirements applicable to communications). Ms. Sivak asked what GitHub components participants were unable to access. One said that gist.github.com was blocked, but this was largely a legacy of an older, more restrictive policy, and their firm now has more nuanced proxy rules in place for GitHub. |
5 min | Any other business & adjournment |
Decisions Made
Action Items
- Aaron Williamson add definitions of use case abbreviations to the display version of the compliance guide.
Need help? Email help@finos.org
we'll get back to you.
Content on this page is licensed under the CC BY 4.0 license.
Code on this page is licensed under the Apache 2.0 license.