Update 2023-11-15.md

Added the actual minutes

Meeting-Material/Meeting-20231115/2023-11-15.md

@@ -1 +1,78 @@
 # Meeting Minutes - November 15, 2023
+Meeting Minutes – November 15, 2023
+## Administrative
+* Lead by Frances Paulisch
+* Minutes from last meeting to approve: [2023-11-01.md](https://github.com/Open-Source-Compliance/Sharing-creates-value/blob/master/Meeting-Material/Meeting-20231101/2023-11-01.md)      
+* Antitrust policy notice
+## Status of Meeting setup
+* Calendar for the next month meeting chairs:
+  * November '23
+    * Nov. 1 2023 8:00 UTC ; Frances Paulisch
+    * Nov. 15 2023 16:00 UTC ; Frances Paulisch
+  * December '23 (Dec. 6 (morning) and Dec. 20 (late afternoon) 
+    * Dec. 6 2023 8:00 UTC ; Oliver Fendt
+    * Dec 20 2023 16:00 UTC ; Holger Streidl
+* Reminder: Can the meetings which are not currently scheduled based on UTC maybe adjust so that we can avoid conflicts?
+* see extra-file in repo: [meeting\_chairs.md](https://github.com/Open-Source-Compliance/Sharing-creates-value/blob/master/Meeting-Material/Meeting-Organization/meeting\_chairs.md)
+## News
+ * [*Administration*] Remember to consider “Homework” i.e. the topic from last meeting How to do offline collaboration (especially adding particular tools to the various capabilities)? Marcel Kurzmann did an example in the Oct. 18 meeting of this round.  Example with issue: [https://github.com/Open-Source-Compliance/Sharing-creates-value/issues/97](https://github.com/Open-Source-Compliance/Sharing-creates-value/issues/97)
+
+ * [*OSM for Embedded*] Meeting next to EclipseCon on Oct. 18: "Sharing FOSS License Management Data". See also  [ https://github.com/Open-Source-Compliance/Sharing-creates-value/blob/meeting_20231018_license_management_data/Meeting-Material/Meeting-20231018-EclipseCon-Sharing_FOSS_License_Management_Data/Meeting-20231018-EclipseCon-Sharing_FOSS_License_Management_Data.md]( https://github.com/Open-Source-Compliance/Sharing-creates-value/blob/meeting_20231018_license_management_data/Meeting-Material/Meeting-20231018-EclipseCon-Sharing_FOSS_License_Management_Data/Meeting-20231018-EclipseCon-Sharing_FOSS_License_Management_Data.md)  Decision at last meeting to have follow-up sessions and invited to join this community (and they join and present today). 
+## Main focus today:		Open Source Management and Embedded / Linux
+
+Marcel introduced the topic and shared the slideset [Sharing FOSS License Management Data](https://github.com/Open-Source-Compliance/Sharing-creates-value/blob/master/Meeting-Material/Meeting-20231115/Sharing_FOSS_License_Management_Data.pptx).  He explained that since all the various Linux Distributions and Ecosystems along the supply chain e.g. Debian, Yocto, OSADL, all do activities related to Open Source Management (OSM) that this might be a good opportunity to work together on this important topic. i.e. not only have OSS-based tooling for compliance that can work together but actually also find a way to potentially share clearing results.  
+
+What could be the „least common denominator“ for the community to align on a method and reuse the meta data across the communities?
+Overall the ca. 20 attendees of the meeting were positive on the idea and we had good discussions on various points and particular challenges or topics that one would have to address and align on. 
+* Align to review the upstream sources and not the ones (as in yocto) then mixed with other sources.
+* What exactly would we share (at minimum the license meta-data)?
+* How can we agree on one method (or other alternative) to „validate“ the results? This includes discussion regarding which tools, slight differences in interpretations. Choose one tool or explicitly multiple to ensure they all agree?
+* Examples of topics within the „validation“ that we would have to agree on
+* 1) how to handle non-standard license identifiers (scancode DB might be a good starting point)?
+* 2) how do we handle non-source code files i.e. images, BLOBs?
+* 3) how to handle files without license information?
+* 4) how to report possible issues
+* The question also came up how is this related to Ocelot, it is quite similar, but a slightly different focus.
+* How can we share „validated“ results – a proposal for a SW360 but, if so, then one that is hosted somehow by the community, must be seen by all as from a neutral provider.
+* How to agree on a disclaimer that all artifacts are more like „research“ results and cannot be considered „legal advice“?  Perhaps, in order to win trust, we may want to be able to have a concrete example that we show our concrete results, but also provide the concrete example so that a company can more easily compare the community results to their company-specific results and thus build trust.
+* How to ensure that the validation is done by appropriately experienced experts (perhaps an explicit approach for „curator qualifications“)?
+* It was mentioned that it would be good to have a high degree of transparency to foster trust.
+* Here is one documentation that we could potentially start with: [guideline](https://gitlab.eclipse.org/eclipse/oniro-compliancetoolchain/toolchain/docs/-/blob/main/audit_workflow/oniro_ip_audit_guidelines.md)
+
+In summary: Many supported the idea, but I think we are need to discuss more how to concretely proceed. It was suggested that we select a place to start and start working concretely in a small scope to see the actual challenges in practice and then go on from there. We probably want to explicitly delay a tooling decision, maybe use the initial time to try various ones.
+
+Many thanks to the colleagues from the OSM-area who joined the meeting today to discuss about this topic and to suggest working together on it.
+
+## Upcoming events
+* December 2023 7-8th Linux Open Compliance Summit [https://events.linuxfoundation.org/open-compliance-summit/](https://events.linuxfoundation.org/open-compliance-summit/)
+       * Helio's talk: [https://ocs2023.sched.com/event/1TbwY/keynote-data-as-a-single-source-of-truth-helio-chissini-de-castro-cariad-se](https://ocs2023.sched.com/event/1TbwY/keynote-data-as-a-single-source-of-truth-helio-chissini-de-castro-cariad-se)
+   * February 2024 3-4th FOSDEM'24 [https://fosdem.org/2024/#:~:text=FOSDEM](https://fosdem.org/2024/#:~:text=FOSDEM) 2024 will take place at the ULB
+       * further events in Europe see [https://foss.events/Backlog](https://foss.events/Backlog) collection + potential Fringe event at FOSDEM
+   * March 2024 4-5th FOSSBackstage'24 Berlin [https://24.foss-backstage.de/](https://24.foss-backstage.de/)
+   * March 2024 6-7th ORT Community Days '24 Berlin [https://github.com/oss-review-toolkit/ort/wiki/ORT-Community-Day(s)-2024](https://github.com/oss-review-toolkit/ort/wiki/ORT-Community-Day(s)-2024)
+   * further events in Europe see https://foss.events/Backlog collection   
+* Fringe Event at FOSDEM on Compliance (Feb 2) arranged by Philippe and others
+* SBOM Day at FOSDEM (Feb 4), [https://hackmd.io/@spdx/fosdem2024-cfp](https://hackmd.io/@spdx/fosdem2024-cfp), call for papers is open until Dec 8
+* March 2024 4-5th FOSSBackstage'24 Berlin [https://24.foss-backstage.de/](https://24.foss-backstage.de/)
+* March 2024 6-7th ORT Community Days '24 Berlin [https://github.com/oss-review-toolkit/ort/wiki/ORT-Community-Day(s)-2024](https://github.com/oss-review-toolkit/ort/wiki/ORT-Community-Day(s)-2024)
+
+## AOB
+## Attendees 
+* Frances Paulisch
+* Lennart Seck
+* Kai Hudalla 
+* Alberto Pianon
+* Holger Streidl
+* Marcel Kurzmann 
+* Jari Koivisto
+* Rakesh Prabhakaran
+* Ummo Schwarting
+* Vladimir Slavov 
+* Anthony Ponzani 
+* Victor Lu
+* Karsten Klein
+* Dirk Burgmann
+* Stephen Kilbane
+* Mary Wang
+* Thomas Noserke
+* Oscar Valenzuela