Licensing Champions #433
Replies: 3 comments 4 replies
-
|
Thanks for bringing up this topic @stephenkilbaneadi! 🙂 I have a few comments on your notes:
The 'Matrix of Experts' concept (AKA Ambassadors, Champions, etc.) has been referenced in TODO in some articles and initiatives. See this extract from the TODO blog's article "Learnings from the OSPO expert-led panel" for reference:
Maybe we can put more emphasis on this message through the OSPO Book and/ or make it more clear in the OSPO Definition since this cross-functional nature is at the heart of the OSPO to integrate open source in all areas of the organization and strategy. If you'd like to dive deeper into this idea with general members and the broader community to hear other perspectives, I'd suggest including a 5-minute presentation during our next Europe Touchpoint call (this Thursday, February 22nd) if you're able to join us. 👍 What do you think? |
Beta Was this translation helpful? Give feedback.
-
|
Thanks, Ana. I think I'll be able to join. Will see how tomorrow goes. :-) |
Beta Was this translation helpful? Give feedback.
-
|
Yes, I can attend (but right now, I can't access Google docs. Bleagh.) |
Beta Was this translation helpful? Give feedback.
-
|
Awesome! I'm looking forward to seeing you tomorrow! btw, We have also mirrored the agenda as a new discussion in this forum 👍 #434 |
Beta Was this translation helpful? Give feedback.
-
|
@anajsana it could be interesting to make an "OSPO Champion" style certification or "OSPO Professional" or "OSPO Practitioner" We could use the new FINOS course as a base https://trainingportal.linuxfoundation.org/learn/course/finos-financial-services-open-source-developer-beta-exam-fsosd-beta |
Beta Was this translation helpful? Give feedback.
-
|
Interesting thought. It would certainly be good for this role to have some level of certification, though that would require some standardisation first. I'd been thinking that developer-centric training wouldn't be appropriate, but I suppose it depends on what your org does, mostly. In our case, the majority of activity is consumption, so the Champions are geared to that role, and contribution is handled directly within the OSPO. But other orgs might flip that. |
Beta Was this translation helpful? Give feedback.
-
|
Thank you for sharing, @stephenkilbaneadi. FWIW, here's another term for the role: in most parts of my organisation we been calling this role "Open Source Partner"... |
Beta Was this translation helpful? Give feedback.
-
Hi all,
At the LF Open Source Summit in Bilbao last year, Mary Wang and Nithya Ruff gave a presentation. As part of that session, they noted that both Amazon and Volvo supplement their OSPO with other individuals around the organisation, who provide localised expertise. I think Mary used the term "Ambassadors". My recollection is that ARM do something similar, too. I've been working on deploying this role at ADI, too, and I've been drafting a role definition, so that it's scoped. I'd like to share a generalised version, for wider discussion in the community, and TODO seemed like the place. My org uses "Licensing Champions" for this role, and I've kept that name here, partially for my convenience, but mostly because TODO already uses "OSPO Ambassadors" to mean something else...
If this seems like a promising thing, I'm happy to contribute the text to whichever repo seems appropriate.
Introduction
Several companies and organisations use an "expanded OSPO" model, where the OSPO provides a core service, supplemented by "regional" experts in other parts of the organisation. In order to promote discussion and best practices among OSPOs, the following text is a generic version of this role, abstracted from the Analog Devices version, with internal details removed. This text is intended for public consumption.
License and Copyright
Copyright (c) 2024 Analog Devices, Inc.
Licensed under CC-BY-4.0.
Introduction to the Role
Some OSPOs cover a large organisation, with a lot of software developers producing a lot of software products. Each software product needs to go through the OSPO's license-compliance process before it can be released, but there's a lot of ground to cover, and the OSPO is typically insufficiently resourced. Moreover, while the OSPO can provide the expertise in open source and software license compliance, the OSPO members may lack crucial understanding of how products within some parts of the organisation are managed or constructed. Hence the concept of Licensing Champions.
Licensing Champions are people outside the main OSPO group, but who have a significant amount of experience in handling software releases. They may be in a similar time-zone or a "nearby" point of contact to whom development teams can go for advice, when first getting started, and for when unusual situations crop up. The Champions may be able to give quicker feedback than the OSPO, as they are more familiar with the structure of products being developed. By being located in a similar geographic region, Champions can advise development teams in the same/similar timezone, rather than someone having early/late calls when conversing with the central OSPO. The Champions should be able to help software development teams with their first few product submissions and general software licensing questions and familiarisation.
This document outlines the role of a Licensing Champion, along with the training requirements.
Other terms for this role:
Role
A Licensing Champion's role is to provide the benefit of experience. Many developers feel that the need to have proper open source license compliance in place is make-work, an apparently-pointless exercise that simply serves to hold up releases. A Licensing Champion can provide the development team with the necessary context to understand why the review and approval is necessary.
A Licensing Champion will have had experience interacting with the OSPO, and will know the kind of questions the team will be looking to answer. The Licensing Champion can guide the development team to submit material that aims to address such questions pre-emptively, to reduce the number of exchanges between the development team and the OSPO.
A Licensing Champion will have experience of filling in the necessary information when releasing a product, and so will be able to advise on implications and what the questions actually mean - particularly in the context of the development team's particular product.
Scope
Legal
The Licensing Champion is not required or expected to answer any legal questions. General knowledge is expected, e.g. "No, you can't link GPL-2.0 code with proprietary code", but the details of interpretation should be passed onto the OSPO, e.g. "But what if I do this?" is something that would typically be answered with "Well, my guess is that won't work because of , but let's check with the OSPO."
Software Release
The Licensing Champion should be generally familiar with the processes of releasing software products, and so able to give the development team an overview of the process, as well as setting expectations. The Licensing Champion should help the development team avoid surprises and common pitfalls (such as advising them to address licensing concerns as soon as possible, rather than waiting until release is imminent). Ideally, the Licensing Champion would be generally aware of:
where "generally aware" means "this is what the process is, this is who you talk to, this is how long it'll take," rather than the specific details for a given scenario.
Scanning and Software Composition
The Licensing Champion should have familiarity with ensuring the software product has been scanned using the organisation's standard tooling for license compliance and security vulnerabilities.
The Licensing Champion should have familiarity with reviewing issues raised by scans. In particular, the Licensing Champion should be familiar with the reasons why:
Product Context
The product context is how the product is going to be deployed and used, in as far as this affects open source software license compliance. For example:
A product's context will affect the kinds of software permitted in the product, and will therefore change the Licensing Champion's answers when the development team ask "is it okay to use this?"
The Licensing Champion should have a general awareness of the importance of a defined product context prior to release. The Licensing Champion should be able to ask the development team questions which will guide them to consider how their plans could be affected by the third-party software in their product. Typical considerations:
Approval
The Licensing Champion should be familiar with the approval process, and have a good idea of the intent behind each piece of information the development team needs to submit as part of the approval process, so that the development team can be guided in how to provide that information. The Licensing Champion should be familiar with any relevant documents, forms and workflows, as well as any various FAQs, documentation and information available.
Escalation
Where necessary, the Licensing Champion should escalate questions to the OSPO as appropriate, rather than guessing.
Required Training
The organisation has a goal of achieving/maintaining OpenChain ISO/IEC 5230:2020 conformance. As part of that conformance, everyone involved in the organisation's internal Open Source Compliance Program – the processes that internally governs the organisation's use of open source software – must be trained to ensure they understand their role and responsibilities within the program, and the organisation has to have evidence that they have been tested to demonstrate that they understood the training. Licensing Champions will play a key role in this program, given that they will be sharing their experience and guiding others. So the organisation needs to ensure the Licensing Champions are suitably trained.
The following is required training for the Licensing Champions:
The following is recommended training for the Licensing Champions:
LF courses. These are self-led eLearning courses that ensure a consistent grounding in the basics.
Shared Resources
The following communication channels are ways that the development teams can communicate with the Licensing Champions:
The following communication channels are ways that the Licensing Champions can discuss matters among themselves and the OSPO, without the involvement of the development teams:
Beta Was this translation helpful? Give feedback.
All reactions