Presentation is loading. Please wait.

Presentation is loading. Please wait.

Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel

Similar presentations


Presentation on theme: "Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel"— Presentation transcript:

1 Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel 22-July-2010

2 agenda

3 intro “the big picture” things that make a difference lots of time for discussion

4 IANAL, TINLA, personal intro

5 the SW world is not flat…

6 … the SW world is systolic

7 in a systolic economy, vendors provide direct, immediate value-add

8 and pass through to the next stage

9 the product cycle is continuous

10 pipelines are deep

11 development is highly parallel

12 Each processing node runs on its own pulse

13 as “wavefronts” of code flow through

14 lub dub

15 The beat goes on.

16 The enemy of a systolic world is friction.

17 proprietary standards, undocumented HW, restricted software cause friction

18 Open standards, documented HW, open source reduce friction

19 open source is not zero friction

20 it is not public domain

21 open source has rules

22 not following the rules is a mistake

23 mistakes can clog your pipeline

24 mistakes can even land you in court

25 don’t make mistakes

26 to avoid mistakes

27 it is in your interest to pass good information downstream

28 information loss is friction

29 friction is bad

30 getting good information from upstream can be hard

31 be clear with your downstream you need all their information

32 (and a “no open source at all” policy from your vendors is so 1995)

33 You need confidence in your vendor’s information

34 you need to know where SW came from and how it is licensed

35 you need downstream info in an understandable format

36 and you need to document what you add in an understandable format

37 pass on all your vendors’ information plus your information

38 you will be asked for the info at some point

39 if you can’t find the info, it’s a fire drill. fire drills are bad

40 recap

41 think systolically

42 know exactly what you take in

43 know exactly what you add

44 always pass your information through; destroying information causes friction

45 things that can help (1): have a GPL policy

46 GPL is a high friction open source license

47 not a criticism

48 just a fact

49 GPL is long

50 it has never been litigated in the US

51 there are two incompatible versions

52 smart people disagree about what GPL means

53 (But a “no-GPL” policy is so 1995)

54 so you need a GPL policy

55 define what is acceptable, what is not

56 for example, LKMs: will you accept binary kernel modules?

57 another example: how do you want source code packages?

58 give it your best shot

59 there is no “perfect”

60 there is only “good enough”

61 a GPL policy is good enough if

62 you can articulate it crisply

63 you can defend it

64 and you can deliver on it

65 documented and communicated upstream; downstream; and to your developers.

66 things that can help (2): tools

67 source code scanning

68 binary code scanning

69 standardized SW bill of materials (SPDX or other)

70 things that can help (3): always use boilerplate

71 standard clauses in your contracts saying what you expect

72 example: “we need rights to publish a GPL Linux driver” for HW

73 example: “we must have a complete software Bill of Materials in this format”

74 example: “we must have the complete GPL sources as tarballs and instructions to compile them”

75 rewind

76 Think systolic Low friction Preserve information Have a GPL policy Use tools Use boilerplate

77 discussion

78 Thank you!

79 links to systolic systems, natural and artificial: en.wikipedia.org/wiki/Systolic_array system/MM00636

80 links for tools:

81 legal disclaimers Linux is a registered trademark of Linus Torvalds Intel is a registered trademark of Intel Corp. Other trademarks are property of their holders. Nothing in this presentation is intended as legal advice.


Download ppt "Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel"

Similar presentations


Ads by Google