Good talk, but I fear there is just too much to go in to on such a massive subject in one hour. Would have been better with a few real world examples. Seemed a little too sales-pitchy for me.
As an OSS project maintainer and contributor to numerous OSS projects, most of this information was review, but there were a few very valuable bits of knowledge that I gleaned from the talk, and in particular, the fact that there are automated FOSS tools available to scan third-party libraries for compliance-related issues (not to mention CVE issues), such as Fossology.
Mr. McLoughlin was very well spoken and articulate in his discourse. I was shocked to see how few people attended the talk, given the relative ubiquity and prevalence of our industry's reliance on OSS. A very worthwhile subject to cover, in my opinion.
The talk was very content-rich and covered a broad range of topics within the OSS compliance space, but I think attendees would benefit more from a deep-dive into the few most common licenses that we see in popular OSS projects on GitHub, as well as a lot more translation from the "quasi-legalse" language you find in licenses to plain English. I typically go with MIT for my open source projects mostly because I can't be bothered to try to read and understand the massive wall of text that stuff like BSD or GPL are in comparison, so something like that would really help.
The speaker is clearly very knowledgeable on the subject and has many years of experience dealing with it, so I think it's easy to miss the fact that the scope might have been too broad for people new to the topic to digest, hence my suggestion to approach it from more of a "deep dive into the common / important things" versus "let me teach you everything".
I had really low expectations, not even sure why I choose this topic. However I was glad I did, because I found this talk to be one of the most interesting of any I attended.
Comments
Comments are closed.
Good talk, but I fear there is just too much to go in to on such a massive subject in one hour. Would have been better with a few real world examples. Seemed a little too sales-pitchy for me.
As an OSS project maintainer and contributor to numerous OSS projects, most of this information was review, but there were a few very valuable bits of knowledge that I gleaned from the talk, and in particular, the fact that there are automated FOSS tools available to scan third-party libraries for compliance-related issues (not to mention CVE issues), such as Fossology.
Mr. McLoughlin was very well spoken and articulate in his discourse. I was shocked to see how few people attended the talk, given the relative ubiquity and prevalence of our industry's reliance on OSS. A very worthwhile subject to cover, in my opinion.
The talk was very content-rich and covered a broad range of topics within the OSS compliance space, but I think attendees would benefit more from a deep-dive into the few most common licenses that we see in popular OSS projects on GitHub, as well as a lot more translation from the "quasi-legalse" language you find in licenses to plain English. I typically go with MIT for my open source projects mostly because I can't be bothered to try to read and understand the massive wall of text that stuff like BSD or GPL are in comparison, so something like that would really help.
The speaker is clearly very knowledgeable on the subject and has many years of experience dealing with it, so I think it's easy to miss the fact that the scope might have been too broad for people new to the topic to digest, hence my suggestion to approach it from more of a "deep dive into the common / important things" versus "let me teach you everything".
I had really low expectations, not even sure why I choose this topic. However I was glad I did, because I found this talk to be one of the most interesting of any I attended.