User Tools

Site Tools


openchain:specification-questions-and-answers

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revision Both sides next revision
openchain:specification-questions-and-answers [2019/11/11 15:07]
mgisi [What are the Specification Guiding Principles?]
openchain:specification-questions-and-answers [2019/11/14 15:58]
mgisi [Is a third party audit required to declare an Open Source Compliance program to be OpenChain Conforming?]
Line 50: Line 50:
   - Understand Open Source Community Engagement   - Understand Open Source Community Engagement
 A number of references that document the history of the specs development include: A number of references that document the history of the specs development include:
-  * {{https://​lists.linuxfoundation.org/mailman/listinfo/​openchain-specification | specification mailing list}}+  * {{ https://​lists.openchainproject.org/g/​specification | specification mailing list}}
   * {{ https://​github.com/​OpenChain-Project/​Specification/​issues |  github issue tracking}}   * {{ https://​github.com/​OpenChain-Project/​Specification/​issues |  github issue tracking}}
   * This FAQs   * This FAQs
Line 56: Line 56:
 ====Is a third party audit required to declare an Open Source Compliance program to be OpenChain Conforming?​==== ====Is a third party audit required to declare an Open Source Compliance program to be OpenChain Conforming?​====
  
-No. The [[https://​wiki.linuxfoundation.org/​_media/​openchain/​openchainspec-1.2.pdf|OpenChain 1.2 specification]] is simply structured ​to provide a list of requirements where each requirement maintains a set of acceptance criteria (Verification Materials). Each requirement is a description of an important quality ​Open Source Compliance program must satisfy. The Verification Materials for a requirement represent a list of tangible ​evidence that must exist in order for one to determine the specific requirement has been met. Although evidence must exist, one is not required to make them public. The key goal of the specification is to foster trust around Open Source compliance between two parties exchanging software. A partner or customer may ask for evidence of the Verification Materials as a condition for doing business (e.g., under an Non-Disclosure agreement). That is, the obligation to provide evidence of the existence of the materials, and the willingness to do so, is determined by the relationship entered into by two parties. ​+No. The specification ​was designed ​to provide a list of requirements where each requirement maintains a set of acceptance criteria (Verification Materials). Each requirement is a description of an important quality ​an Open Source Compliance program must satisfy. The Verification Materials for a requirement represent a collection ​of evidence that must exist in order for one to determine the specific requirement has been met. Although evidence must exist, one is not required to make them public. The key goal of the specification is to foster trust around Open Source compliance between two parties exchanging software. A partner or customer may ask for evidence of the Verification Materials as a condition for doing business (e.g., under an Non-Disclosure agreement). That is, the obligation to provide evidence of the existence of the materials, and the willingness to do so, is determined by the relationship entered into by two parties. ​
  
 ====Does the specification describe how to comply with the most popular Open Source licenses?​==== ====Does the specification describe how to comply with the most popular Open Source licenses?​====
openchain/specification-questions-and-answers.txt ยท Last modified: 2019/11/17 19:12 by mgisi