Linux News Today: Linux Foundation Wants to Standardize Common Best Practices for Open Software Compliance
During the LinuxCon Europe and Embedded Linux Conference Europe events that took place earlier this week in Dublin, Ireland, between October 5 and 7, the non-profit organization The Linux Foundation announced the standardization of the future of the Software Supply Chain by creating the OpenChain Workgroup.
Designed from the ground up to reduce the duplication of efforts and costs, as well as conflicts in the software supply chain, The Linux Foundation’s OpenChain Workgroup is a community effort with the ultimate goal of standardizing the common best practices for open software compliance. Some of the industry’s biggest names can be seen on OpenChain Workgroup’s founding members board, including ARM, Samsung, SanDisk, Qualcomm, and Wind River.
“Because nearly every new technology today is built using Linux and open source software, today’s software supply chain is the open source software supply chain,” says Jim Zemlin, executive director at The Linux Foundation. “This means we need to revisit the way we standardize processes and compliance for checking code and ensure the cost and efficiency benefits of open source are sustained for decades to come. This is a long-term commitment to open compliance and one we take very seriously.”
Standardizing the future of the software supply chain
It is imperative to know that, in order to ensure the benefits of open source software and the entire Linux ecosystem, including freedom in innovation, speed of development, and costs, we must first understand the nature and security of all of the open source software components that are included in the packages delivered via the supply chain. As such, the OpenChain Workgroup’s main goal is to provide a customizable baseline process for developers and companies around the globe.
Those of you interesting in participating in early discussions, as well as to learn everything there is know about the OpenChain Workgroup can visit the dedicated Wiki page on the The Linux Foundation’s website. There, you will find a collection of guidelines meant to offer the basis for developing and monitor compliance programs. At the moment, OpenChain supports all the formats that are compatible with the Software Package Data Exchange (SPDX) system, as well as some of the Linux ecosystem’s best practices.