Skip to content

Meeting September 12th 2025

Jump to bottom
Philipp Ahmann edited this page Sep 12, 2025 · 2 revisions

Participants

  • Philipp Ahmann (Host)
  • Wendi Urribarri
  • Ivan Perez
  • Hugo Cornelis
  • Simone Weiss
  • Gabriele Paoloni (alternative host)
  • Nicole Pappler
  • Michael Armbruster
  • Tu Thanh Nguyen
  • Daniel Pisanu
  • Olivier Charrier

Previous participants

  • Philipp Ahmann (Host)
  • Daniel Weingaertner
  • Vinicius Tadeu Zein
  • Leonardo Rossetti
  • Naoto Yamaguchi
  • Yuya Okamoto
  • Hiroaki Shigehara
  • Sebastian Hetze
  • Karen Bennet
  • Philippe Quere
  • Roberto Paccapeli
  • Eric Laurin
  • Fadi Labib
  • Daniel Haack
  • Mikel Azkarate
  • Nicole Pappler

Topics & Notes

Action items from last meeting(s)

  • AI-Simone and AI-Michael will create a spread sheet for Xen
    • Simone and Michael will sync.
  • AI-Wendi will create a spread sheet for LLVM
  • AI-Daniel W. and AI-Ivan will create a spread sheet for Linux
  • AI-Nicole will create a spread sheet for Zephyr (later probably due to BW issues)
  • AI-Gab add a descriptions in Best practices sheet (as he anyway has to do it for another topic).

Continue any work on OSS project agnostic template workbook

Phrase small deliverables - What means participation?

  • Small deliverables can also mean members can work for 1h a week or 1h in two weeks to deliver a small piece of work.
  • First goal:
    • Have something ready for OSS Japan conference "Towards an OSS Best Practices Standard for Regulated Industries".
  • Philipp: Try to get an understanding about ISO/IEC/IEEE 32675:2022 "Information technology — DevOps — Building reliable and secure systems including application build, package and deployment" (https://www.iso.org/standard/83670.html) and how it relates to our work.
  • What do we want to achieve by reading the standard, what do we want to report.
    • Does the standard fit to how Open Source Software is developed?
    • Could the standard be enhanced to include open source best practices?
    • Worth to reach out to ISO/IEC/IEEE to extract some parts for use in the OSS project repo?
    • Check if there is a mapping from standard to criteria we listed in the template.
      • In case of high overlap, we could consider to extend the standard.
  • Two classes one reduce risk of product other one reduces risk of engineering (development)
    • OSS has limited risk in engineering.
    • E.g. ASPICE has a lot of good information, but the addressed risk of engineering matters less.
    • You may neglect some parts of the standard for early risk mitigation due to its later use.
    • Maybe mostly the reduction of risk of products is the part we are looking for.
  • Don't mix standards for development and standard for auditor. A checklist for an auditor does not matches the complete steps of development.
    • For SW tools: Development standards may be the base for audits, but also best practices from engineering are taken as base for assessments/audit.

[Skipped] Financing (money and/or capacity) / Funding of the project

  • general money could be spend on resources, research (e.g. surveys or students)
  • Mentorship program from Linux Foundation (would require an actual mentor)
  • Workshops, conference participation, infrastructure
  • Support for administrative parts.
  • Investing time within the SIG is also a form of financing.
  • Check with the companies from the survey, which actually considered funding the activity.

AoB

Helpful links

Collaborative editing: https://mensuel.framapad.org/p/lighthouse-oss-af5r?lang=en

Clone this wiki locally