/
2025-04-01-OSPO-EG

2025-04-01-OSPO-EG

Owned by Masanori Itoh
Last updated: yesterday at 6:02 am
3 min read

Date/Time

Apr. 1, 2025, 12:00am (UTC) / 09:00pm(JST) via Zoom

Attendees

  • Masanori Itoh (Toyota)

  • Hiroyuki Ishii (Panasonic)

  • Masato Endo (Toyota)

  • Walt (Linux Foundation)

Discussion Materials

  • Presentation deck under review: https://docs.google.com/presentation/d/1xOR1PVTob6HcsxVgw6_DID2x3-dEvgHT/edit

    • Snapshot of the above deck under review on Mar. 25, 2025 10:50am(JST)/01:50am(UTC)

    • Snapshot of the above deck under review on Apr. 1, 2025 6:00pm(JST)/9:00am(UTC)

Next Meeting

Apr. 15, 2025

Agenda/Minutes

  1. Executive Presentation Deck v1 Finalize

    1. Completed to reflect comments to the final draft

    2. Need help for English check and artwork improvement

      1. Fixed some uncompleted issues.

    3. Publish v1.0 (initial release) after the above check and improvement ASAP

      1. Walt checks the release procedure in AGL/LF.

  2. Discussion of Next Actions (Brainstorming)

  3. x

Discussion

  1. Some additional materials for the (Executive) Presentation deck

    • Matrix of ways to use the presentation depending on the target and company’s maturity level

      • How to spread out this document (promotion strategy) is important. It’s important to improve this document or create variations of this document based on 'real' opinions (feedbacks). (Endo)

  2. Consultation/support for establishing OSPO for companies (meeting base)

    • Explanation story depending on company’s maturity level

    • Actual operations of OSPO after its launch

    • Japan team already began a trial under LF Anti Trust Policy

Brainstorming Seeds

  1. How to accelerate contributions to AGL UCB (priority: highest)

    1. Not only AGL

    2. How to set KPI of contribution

  2. Creating a FAQ for front line engineers

    1. How to handle Corporate CLA

  3. Hands-on of Contribution (Improve technical skills)

  4. Concrete activities of 'Contribution' (Improve Understanding what todo)

    1. In preparation of an explanation deck of ‘Illusion and Reality of Contribution’

  5. Why it’s hard to make contributions (from Japanese?) companies/automotive industry?

    1. company side

      1. system/rule/…

    2. engineers side

      1. x

  6. OSPO-EG as the OSPO of AGL?

  7. AGL UCB SBOM improvement [priority: medium?, direction: different from OSPO-EG focus? (Endo)]

    1. Collaboration with CI-EG?

      1. Scarthgap uses SPDX 2.2(2.3?), master uses SPDX 3.

        1. Need discussion.

      2. Coverage/Correctness

        1. Tooling topic : commercial products do not support SPDX 3.x yet.

        2. During EW, there was a discussion of tooling improvement.

      3. discussion

        1. In the context of ELISA, they are interested in SPDX safety profile. When will we move to SPDX 3.0?

        2. 1 year later when Yocto LTS moves to SPDX 3.0.

  8. How to drive upstream based development?

  9. Other issues/pain points

  • How to proceed these works?

    • Create sub taskforce?

    •  

 

From Mar. 4 meeting

  1. Recap of Recent Events

    1. AGL AMM Spring

      1. Two in-person meetings regarding OSPO-EG (Feb. 25 before SC, Feb. 26 OSPO-EG Updates session), and we got several important comments / questions and discussion.

        1. What is the most important among OSPO activities (Strategy, Compliance, Contribution)?

        2. (Quantitative) KPI of OSPO activities

    2. OpenChain JapanWG Community Day Recall

      1. Mar. 3-4

        1. Panel Discussion

          • “Your OSPO is not my OSPO“

          • Some companies started OSPO formation from SBOM handling.

          • Renesas case was interesting because their contribution activity was driven/promoted by marketing team not engineering team.

        2. Day2 panel

          • Lots of companies are still handling SBOM using Excel. We have to support those companies/people and ease their pains by offering .

          • Q. What is the use case of SBOM files?

            • (1) License Compliance, (2) Security Assurance, …

            • Some people mentioned configuration management too. E.g., Dependency management

            • Now, there is no clear standard/guideline for SBOM quality. Some organizations/documents mention SBOM quality, but not clear. For example, what kind of information an SBOM file contain? Supplier name, package name, version, etc. Fluctuations in abbreviation. This causes difficulties to handle SBOMs.

            • Q. Linux kernel case?

            • D. Yocto kernel, Renesas kernel…

  2. Executive Deck Review Status

    • English Expression Improvement → Reflected comments from Philipp

    • Section 1.3 wording: “Consumption” instead of “Usage“  → “Usage”

    • Chapter 2 cover slide wording: “Opportunities” or “Benefits” --> “Opportunities”

    • “Usage or Contribution” per each slide

      • Section 1.3 “Usage and Contribution” is not described/mentioned later chapters, especiially Chapter 2(“Opportunities”) and Chapter 3(“Management” to control “Risks”).

      • Discussion to put badge(s) (“Usage“ or/and “Contribution“ ) in the title line of each slide. But, many slides have both aspects. Endo-san will update slides.

    • “2.1 Ecosystem“

      • Ecosystem has 2 sides. One is to be the leader of leaders as a winner of competition, the other is sharing a set of software components as a kind of common property to be maintained/improved collectively. Philipp’s statement (already reflected) covers both (IMHO). Endo-san has another idea.

    • Consider to add (example) KPIs

Related content