Lyra Infosystems – OpenChain 2.0 conformant had hosted the second meet-up of “OpenChain Project’s India Work Group” on December 21st,2019 at Lyra Infosystems’s Bangalore office.
This meetup was attended by OpenSource & OpenChain enthusiasts, folks working in enterprise tech companies like Intel, Infosys, Cognizant, Open Inventions Network, Pegasystems & Mishi Choudhary and Associates building or using products on open source and entities interested in learning more on Open Source Compliance.
OpenChain Meetup Insights:
- Discussion on AGPL and GPL V2/V3 licenses.
- Open Source Components lists which are permissible to use and which are not – License types, licenses mapped to components, blacklisting and whitelisting code etc.
- Folks present in the meetup made suggestions to organize more OpenChain Workgroup meetings outside Bangalore namely Pune and Gurgaon in particular.
- Discussion to schedule an OpenChain Workgroup meeting every quarter based on availability either last week of Feb or 1st week of March. Next meeting would most likely be held in IIM or IIIT Bangalore. Suggestions to include more startups and developers as well in the next meeting.
- Open-Ended discussion on Software Dependencies the levels of checking for dependencies required during an OSS compliance Audit. Would investigating only first level dependencies suffice or should there be a deep dive into transitive dependencies as well?
- Open-Ended discussion on the Open Source obligations which applies when an application is deployed as a SAAS solution?
- Obligations for different scenarios:
- Scenario 1 – A vendor who builds an application & distributes it to a customer who then hosts the solution on a cloud for end user consumption.
- Scenario 2 – A vendor who builds an application and hosts the solution on his own network for their customers usage.
If you are unaware of what OpenChain is – here is some info on it. OpenChain Project is one of the Linux Foundation Projects, which identifies key recommended processes for effective open source management. It is centred on managing enterprise compliance in open source supply chains.
The OpenChain specification identifies the key requirements of a quality open source compliance program. OpenChain conformance allows organizations to adhere to compliance requirements. The OpenChain curriculum supports this process by providing extensive reference material for effective open source training and management. The result is that license compliance becomes more predictable, understandable and efficient for all participants in the software supply chain. The project is described as “a community effort to establish best practices for effective management of open source software compliance.
OpenChain Conformance allows companies of all sizes and in all sectors to meet the OpenChain Specification. This builds trust between organizations in the supply chain. It makes procurement easier for purchasers and preferred status easier for suppliers.
Want to be part of this or If you would like to attend future meetings please join the OpenChain India mailing list here.
Your participation will be valued! See you soon!