/
2025-03-04-OSPO-EG

2025-03-04-OSPO-EG

Owned by Masanori Itoh
Last updated: Mar 04, 2025
2 min read

Date/Time

Mar. 4, 2025, 1:00pm (UTC) / 10:00pm(JST) via Zoom

Attendees

  • Masanori Itoh (Toyota)

  • Hiroyuki Ishii (Panasonic)

  • Masato Endo (Toyota)

  • Walt (Linux Foundation)

  • Jan-Simon (Linux Foundation)

Discussion Materials

  • Presentation deck under review: https://docs.google.com/presentation/d/1xOR1PVTob6HcsxVgw6_DID2x3-dEvgHT/edit

Next Meeting

Next scheduled meeting is Mar. 18 during the LF Member Summit in Napa. Better to cancel Mar. 18 call?

Agenda/Minutes

  1. Recap of Recent Events

    1. AGL AMM Spring

      1. Two in-person meetings regarding OSPO-EG (Feb. 25 before SC, Feb. 26 OSPO-EG Updates session), and we got several important comments / questions and discussion.

        1. What is the most important among OSPO activities (Strategy, Compliance, Contribution)?

        2. (Quantitative) KPI of OSPO activities

    2. OpenChain JapanWG Community Day Recall

      1. Mar. 3-4

        1. Panel Discussion

          • “Your OSPO is not my OSPO“

          • Some companies started OSPO formation from SBOM handling.

          • Renesas case was interesting because their contribution activity was driven/promoted by marketing team not engineering team.

        2. Day2 panel

          • Lots of companies are still handling SBOM using Excel. We have to support those companies/people and ease their pains by offering .

          • Q. What is the use case of SBOM files?

            • (1) License Compliance, (2) Security Assurance, …

            • Some people mentioned configuration management too. E.g., Dependency management

            • Now, there is no clear standard/guideline for SBOM quality. Some organizations/documents mention SBOM quality, but not clear. For example, what kind of information an SBOM file contain? Supplier name, package name, version, etc. Fluctuations in abbreviation. This causes difficulties to handle SBOMs.

            • Q. Linux kernel case?

            • D. Yocto kernel, Renesas kernel…

  2. Executive Deck Review Status

    • English Expression Improvement → Reflected comments from Philipp

    • Section 1.3 wording: “Consumption” instead of “Usage“  → “Usage”

    • Chapter 2 cover slide wording: “Opportunities” or “Benefits” --> “Opportunities”

    • “Usage or Contribution” per each slide

      • Section 1.3 “Usage and Contribution” is not described/mentioned later chapters, especiially Chapter 2(“Opportunities”) and Chapter 3(“Management” to control “Risks”).

      • Discussion to put badge(s) (“Usage“ or/and “Contribution“ ) in the title line of each slide. But, many slides have both aspects. Endo-san will update slides.

    • “2.1 Ecosystem“

      • Ecosystem has 2 sides. One is to be the leader of leaders as a winner of competition, the other is sharing a set of software components as a kind of common property to be maintained/improved collectively. Philipp’s statement (already reflected) covers both (IMHO). Endo-san has another idea.

    • Consider to add (example) KPIs

Related content