2019-01-30 OSR WG Meeting Notes

Table of Contents

Date/Time

1/30/2019

Attendees

NameOrganisation
FINOS
GitHub
AQR
Morgan Stanley
Sally EllardDeutsche Bank
GreenKey
Erica SivakGitHub
Nathan HeraldGitHub
FINOS
ScottLogic


Agenda

TimeItemWhoNotes from the Meeting
5 minConvene & roll call
25 min

Draft License Compliance Guide

Discussion of the privately-circulated open source license compliance guide being produced by the FINOS OSR program.

Aaron Williamson

Aaron introduced the license compliance handbook that had been circulated to participants before the meeting. He discussed the purpose an limitations of the guide and demonstrated its "source" and display formats. He then walked through one example to show out the guide should be read and answered questions about it.

Several participants pointed out that the abbreviations for different compliance use cases were undefined and Aaron took an action to add that and other information to the display formats.

20 min

Data Sovereignty & Location

Discussion of member needs, policies, and concerns regarding location of data hosted by external service providers.

Jamie Jones

Erika Sivak from GitHub asked the members what concerns their firms have around data sovereignty and the location of hosted data. Most participants had not dealt with data sovereignty or location issues in developing their open source processes and were not involved in policy issues regarding their firms' cloud transition.

One vendor representative said that their institutional bank customers were primarily concerned with ISO 27001 and ITIL compliance. Aaron Williamson said that, for their open source processes, FINOS institutional bank members' primary concern was with surveillance of communications.

One participant said that their bank's compliance department performed a review of their GitHub interactions to determine requirements for compliance with electronic communications policies, and found that the data should be classed as IT system infrastructure data and subject only to a retention requirement (rather than the surveillance requirements applicable to communications).

Ms. Sivak asked what GitHub components participants were unable to access. One said that gist.github.com was blocked, but this was largely a legacy of an older, more restrictive policy, and their firm now has more nuanced proxy rules in place for GitHub.

5 minAny other business & adjournment



Decisions Made

Action Items

  • Aaron Williamson add definitions of use case abbreviations to the display version of the compliance guide.

Need help? Email help@finos.org we'll get back to you.

Content on this page is licensed under the CC BY 4.0 license.
Code on this page is licensed under the Apache 2.0 license.