openchain:spec-2016-h1-public-comments
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
openchain:spec-2016-h1-public-comments [2016/08/26 17:17] mgisi |
openchain:spec-2016-h1-public-comments [2016/10/05 00:03] (current) mgisi |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== Public Comments for Specification Version 2106-H1 ====== | + | ====== Public Comments for Specification Version 1.0 ====== |
| - | The final release candidate of the OpenChain 2016-H1 specification can be found here: | + | The final release candidate of the OpenChain 1.0 specification can be found here: |
| - | {{:openchain:openchainspec-2016-05-16-1.pdf| OpenChain Compliance 2016-H1 Specification}} | + | {{:openchain:openchainspec-1.0.pdf| OpenChain Compliance Specification version 1.0}} |
| - | The development of the 2016-H1 version of the spec functioned like an open source project by obtaining input from dozens of companies and organizations that have experiences preparing for and/or exchanging software in the software supply chain. There were no specific requirements for participating. Once we had a stable release candidate we solicited for public comments which are listed below. During this last phase of the specification release we will try to accommodate feedback that does not result in a material or semantic change (for example avoid changing a definition, adding or materially changing a requirement, and so forth). Any feedback not accommodated in the 2016-H1 version will be carried over and be given priority consideration in the next release of the spec. | + | The development of the version 1.0 of the spec functioned like an open source project by obtaining input from dozens of companies and organizations that have experiences preparing for and/or exchanging software in the software supply chain. There were no specific requirements for participating. Once we had a stable release candidate we solicited for public comments which are listed below. During this last phase of the specification release we will try to accommodate feedback that does not result in a material or semantic change (for example avoid changing a definition, adding or materially changing a requirement, and so forth). Any feedback not accommodated in version 1.0 will be carried over and be given priority consideration in the next release of the spec. |
| Line 33: | Line 33: | ||
| ---- | ---- | ||
| - | ==== 3) Suggested removing historical view from Introduction ==== | + | ==== *3) Suggested removing historical view from Introduction ==== |
| Submitted By: Martin Yagi | Submitted By: Martin Yagi | ||
| Line 74: | Line 74: | ||
| ---- | ---- | ||
| - | ==== 7) Request to Add text stating value of compliance in generally has value ==== | + | ==== *7) Request to Add text stating value of compliance in generally has value ==== |
| Submitted By: Karen Sandler | Submitted By: Karen Sandler | ||
| Line 117: | Line 117: | ||
| - | ==== 11) Suggest including: "scripts used to control compilation and installation" ==== | + | ==== *11) Suggest including: "scripts used to control compilation and installation" ==== |
| Submitted By: Karen Sandler | Submitted By: Karen Sandler | ||
| Line 211: | Line 211: | ||
| ---- | ---- | ||
| - | ==== 18) G5 - Should cover code that the organization provides as open source ==== | + | ==== *18) G5 - Should cover code that the organization provides as open source ==== |
| Submitted By: Jilayne Lovejoy | Submitted By: Jilayne Lovejoy | ||
| Line 229: | Line 229: | ||
| === Response: === | === Response: === | ||
| - | The Supplied Software definition was discussed. It was decided to keep the definition as is (more genera). | + | The Supplied Software definition was discussed. It was decided to keep the definition as is (more general). |
| ---- | ---- | ||
| Line 243: | Line 243: | ||
| ---- | ---- | ||
| - | ==== 21) Suggest: Adding - identify the license conditions of the applicable licenses ==== | + | ==== *21) Suggest: Adding - identify the license conditions of the applicable licenses ==== |
| Submitted By: Till Jaeger | Submitted By: Till Jaeger | ||
| Line 253: | Line 253: | ||
| This could be a subsection of "Review and Approve FOSS Content" or an own main section ("Knowing License Conditions"). | This could be a subsection of "Review and Approve FOSS Content" or an own main section ("Knowing License Conditions"). | ||
| + | |||
| + | ---- | ||
| + | |||
| + | === Response: === | ||
| + | Although the first version of the specification has been finalized (August 2016), your feedback is still timely in that we are embarking on the next revision round in September. I added your comments to the issues list for consideration. | ||
| + | |||
| + | ==== *22) Suggest: Defining a Remediation Path ==== | ||
| + | Submitted By: Mark Gisi | ||
| + | |||
| + | Currently no requirement to ensure an organization has a remediation and/or escalation path. | ||
| ---- | ---- | ||
openchain/spec-2016-h1-public-comments.1472231861.txt.gz · Last modified: 2016/08/26 17:17 by mgisi
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
