OpenChain
OpenChain upfront: OpenHarmony was born this way
Legal compliance and Openchain conformance for a new operating system. Challenges and lessons
OpenHarmony is a new operating system stewarded by Huawei's Open Source Technology Center, with Array as advisor.
Having prioritized compliance, governance and transparency, OpenChain was the natural backdrop for it.
Rather than embracing open source only to exploit it, having transparency and compliance as a last minute afterthought, OSTC has made them central pillars from the very beginning.
We seek the opportunity to present you how the goal of OpenChain conformance helped.
Born as an internal project, since its conception OpenHarmony's future has been to live in an independent, respected foundation that will receive all the tool for keeping it a truly community-driven operating system. The tools that Will be donated do include a compliance toolchain with source code scanning, compliance policy documents and roles, a Bill of Material for the initial release and many other artifacts to make it sure compliance is not a one-off exercise, but an ongoing commitment for the entire life of the project. Full conformance with Openchain is projected in a short-term future and it is surely a motivation to start with the right steps and making the right choice off the very beginning of the project.
Additional information
| Type | devroom |
|---|
More sessions
| 2/6/21 |
A short overview of the OpenChain project, its purpose, goals and the current state
|
| 2/6/21 |
Openchain is a comprehensive set of requirements allowing to cope with the open source compliance challenge. Recently it even has been accepted as ISO standard. However, compliance in todays world is not possible without tool support. To get a grip on the different tools, understand what they can do and where their limitations are, the OC tooling workgroup decided to develop a capability model. This model outlines all required capabilities to cope with the open source challenge and allows to map ...
|
| 2/6/21 |
Open Compliance Reference Tooling in action. The talk will show the most important building blocks of a working automated Open Source Management pipeline based on Open Source Tools as well as the necessary processes and workflows around the tooling to leverage open component metadata from the community.
|
| 2/6/21 |
Why is it so hard to detect the licensing and copyright information of source code? Because it is a tedious and often confusing task for developers to provide this information. The REUSE project changes that! With three simple steps, it makes adding and reading licensing and copyright information easy for both humans and machines. This presentation will guide you through the REUSE best practices and presents how to make clear licensing simple.
|
| 2/6/21 |
In this talk, James Curtis, lead developer at OpusVL, will explain the complex compliance challenge faced when working on a variety of projects for different customers, each having overlapping and separate areas of Open Source code. He will explain the approach taken to automating the process by connecting up the software release pipeline through Continuous Integration (CI) tooling to deliver OpenChain compliance reporting. This will cover the path from developer and version control through ...
|
