Open-source News

Google, VMware Headline Linux Foundation's ACT Program  SDxCentral

Automotive Grade Linux Booth at CES 2020 Showcases 2020 Mazda CX-30, 2020 Toyota RAV4, and 20+ Open Source AGL-Based Demos  Embedded Computing Design

Automotive Grade Linux Booth at CES 2020 Showcases 2020 Mazda CX-30, 2020 Toyota RAV4, and 20+ Open Source AGL-Based Demos  Embedded Computing Design

For those preferring the Vim text editor, Vim 8.2 is out today and its primary new feature is support for "popup windows" and for demonstrating those new capabilities is even a new Vim-based game called Killer Sheep...

Oracle has released VM VirtualBox 6.1 with better integration around the public Oracle Cloud, continued work on their new 3D support brought forward in VirtualBox 6.0, user-interface improvements, and much more...

Nvidia Linux/BSD Graphics Driver Adds Support for Quadro T2000 with Max-Q Design  Softpedia News

Google, Siemens and VMware fund The Linux Foundation to advance the Automated Compliance Tooling project  TechStartups.com

Linux users get an early Christmas gift — Microsoft Teams  Herald Planet

Proteus Device is a secure, Linux-based handheld (not a smartphone)  Liliputing

Google, Siemens and VMware commit to the Automated Compliance Tooling project, community accelerating work on Tern, OSS Review Toolkit, FOSSology and Quartermaster

San Francisco, USA – December 12, 2019 – The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced founding member commitments from Google, Siemens and VMware for the Automated Compliance Tooling (ACT), as well as key advancements for tools that increase ease and adoption of open source software.

Using open source code comes with a responsibility to comply with the terms of that code’s license. The goal of ACT is to consolidate investments in these efforts and to increase interoperability and usability of open source compliance tooling. Google, Siemens and VMware are among the companies helping to underwrite and lead this collaborative work.

Also announced today is the availability of Tern 1.0. Tern was originally contributed by VMware and is an inspection tool that finds the metadata of the packages installed in a container image. It is now able to generate SPDX. There is also the new FOSSology 3.7 release available today for reading SPDX headers have also been added to more than 75 percent of the source code files in the Linux kernel. And the Google Summer of Code (GSoC) interns have updated the spdx-tools libraries to support translations in Java, Python and Go. This enables other tools to smooth the import and export of SPDX documents.

“One of the most exciting parts of the ACT Project is its integration with pre-existing activities around the Linux Foundation Open Compliance Project,” says Shane Coughlan, OpenChain General Manager. “This includes the OpenChain Reference Tooling Work Group, with its focus on addressing real world challenges as efficiently as possible, an area where targeted investment is critical. The end result of these activities will ensure that open source tooling for open source compliance is more mature, more effective and easier to adopt for entities of all sizes.”

“Open Source tools that support the Open Source compliance process have seen great progress in recent months.” says Mirko Boehm, co-founder of Endocode and the QMSTR project. “With ACT, the efforts of the community, businesses and the funding for QMSTR from the European Commission’s Horizon 2020 program come together under one roof in direct collaboration with related industry projects like OpenChain. We expect an acceleration of the development of Open Source compliance solutions and are excited to collaborate with the partners at ACT, the community and the Linux Foundation”.

“It’s a testament to the community and the importance of automating compliance in software development that ACT membership and tools development and integration are coming together to create open source integrated solutions,” said Kate Stewart, senior director of Strategic Programs at Linux Foundation. “We applaud the contributions coming in from all corners of the community and look forward to what 2020 will bring to the work.”

Community members will be meeting this week at Open Compliance Summit in Tokyo, Japan. ACT is seeking new members, community partners and additional tooling projects. To get involved, contact act@linuxfoundation.org

ACT is composed of five primary projects:

FOSSology: An open source license compliance software system and toolkit allowing users to run license, copyright and export control scans from a REST API. As a system, a database and web UI are provided to provide a compliance workflow. License, copyright and export scanners are tools available to help with compliance activities. FOSSology is an existing Linux Foundation project that will move under ACT.

OSS Review Toolkit (ORT) enables highly automated and customizable Open Source compliance checks the source code and dependencies of a project by scanning it, downloading its sources, reporting any errors and violations against user-defined rules, and by creating third-party attribution documentation. ORT is designed for the CI/CD world and supports a wide variety of package managers including Gradle, Go modules, Maven, npm and SBT. The project is being contributed to ACT by HERE Technologies.

Quartermaster(QMSTR), originally contributed by Encode, integrates into the build systems to learn about the software products, their sources and dependencies. Developers can run QMSTR locally to verify outcomes, review problems and produce compliance reports. By integrating into DevOps CI/CD cycles, license compliance can become a quality metric for software development. The project is being contributed to ACT by Endocode.

SPDX Tools: Software Package Data Exchange (SPDX) is an open standard for communicating software bill of material information including components, licenses, copyrights and security references. The main SPDX specification will remain separate from, yet complementary to, ACT, while the SPDX tools that meet the spec and help users and producers of SPDX documents will become part of ACT. SPDX is an existing Linux Foundation project.

Tern: Tern is an inspection tool to find the metadata of the packages installed in a container image. It provides a deeper understanding of a container’s bill of materials so better decisions can be made about container based infrastructure, integration and deployment strategies. Tern was created by VMware, who are contributing the project to ACT, to help developers meet open source compliance requirements for containers.

Member Quotes

Google, founding member

“To do open source compliance well, at scale, we need to ensure the community has easy access to advanced automation and tooling,” said Will Norris, Open Source Engineering Manager at Google. “Google has invested heavily in our own compliance tooling, and we are proud to be a part of the Automated Compliance Tooling project to share our experience and expertise with the broader community. We look forward to helping make it easier for everyone using open source code to do so respectfully and in accordance with open source licenses.”

New York University’s Secure Systems Lab, affiliate member

“The software compliance ecosystem has long needed an initiative such as ACT, and projects such as SPDX-tools and Tern are key elements in the challenge of automating compliance” said Santiago Torres-Arias, lead of the in-toto project and member of the New York University’s Secure Systems Lab, “We are most excited about the integration of in-toto into SPDX, which will help in providing strong, cryptographically-enforced compliance checks.  Security is not just a matter of protecting against outsiders, but also a matter of ensuring all actors within your supply chain are following the rules.”

Siemens, founding member

“An Open Source license compliance toolchain has to be Open Source itself. ACT is a milestone in building an integrated and automated end to end OSS compliance toolchain consisting of open source. ACT will boost the effort of the OpenChain Reference Tooling Work Group in realizing such a toolchain, which easily can be used free of charge – OSS license compliance for everyone.”

VMware, founding member

“Compliance is at the core of how companies need to engage with open source projects,” said Dirk Hohndel, vice president and chief open source officer, VMware. “The more we automate compliance processing, the better we are able to advance agile development and rapid response to address required changes such as security issues. For years, VMware has worked towards automating compliance tooling and we are committed to helping enterprises better understand what’s inside containers and manage their compliance obligations.”

For more information, please contact: act@linuxfoundation.org

 

About The Linux Foundation
Founded in 2000, The Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more.  The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

The post The Linux Foundation’s Automated Compliance Work Garners New Funding, Advances Tools Development appeared first on The Linux Foundation.

HP Linux Imaging & Printing Drivers Are Now Supported on Debian GNU/Linux 10.2  Softpedia News

AMD Radeon RX 5500 XT Linux Performance Review  Phoronix

SAN FRANCISCO, DECEMBER 12 – Today, the OpenChain Project announced Microsoft, a Platinum Member, is the latest company to achieve OpenChain conformance.  This milestone is an example of how OpenChain can be an important part of building quality open source compliance programs that meet the needs of companies and that build trust in the ecosystem.

The OpenChain Project establishes trust in the open source from which software solutions are built. It accomplishes this by making open source license compliance simpler and more consistent. The OpenChain Specification defines inflection points in business workflows where a compliance process, policy or training should exist to minimize the potential for errors and maximize the efficiency of bringing solutions to market. The companies involved in the OpenChain community number in the hundreds. The OpenChain Specification is being prepared for submission to ISO and evolution from a growing de facto standard into a formal standard.

“Open source compliance is a top priority for Microsoft and we respect the license choices developers make”, said David Rudin, Assistant General Counsel, Microsoft. “We value our partnership with OpenChain to help build trust in the larger open source community. Through investments in open source policy, tools to identify open source software, and collaboration with the open source community in projects like OpenChain, the TODO Group, and ClearlyDefined, we are committed to working with the community to develop and share best practices for open source compliance.”

“Microsoft has been an exceptional contributor to the OpenChain Project both in terms of board engagement and in broader engagement with our work teams around the world,” says Shane Coughlan, OpenChain General Manager. “One of the defining aspects of the OpenChain industry standard is our broad applicability to companies of all sizes and in all sectors. It has been fantastic to work with Microsoft to understand the needs of the cloud and large enterprises, especially with regards to how some approaches differ to consumer electronic, infrastructure and other markets. The conformance announcement today is a milestone that greatly supports our evolution as we head into 2020 and underlines once again the value of our continued collaboration.”

About the OpenChain Project

The OpenChain Project builds trust in open source by making open source license compliance simpler and more consistent. The OpenChain Specification defines a core set of requirements every quality compliance program must satisfy. The OpenChain Curriculum provides the educational foundation for open source processes and solutions, whilst meeting a key requirement of the OpenChain Specification. OpenChain Conformance allows organizations to display their adherence to these requirements. The result is that open source license compliance becomes more predictable, understandable and efficient for participants of the software supply chain.

About The Linux Foundation

The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and industry adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

The post The OpenChain Project announces Microsoft OpenChain Conformance appeared first on The Linux Foundation.

The Linux Foundation's Automated Compliance Work Garners New Funding, Advances Tools Development  PRNewswire

AMD today is shipping the Radeon RX 5500 XT as the new sub-$200 Navi graphics card. This 7nm graphics card offers 22 compute units, 1408 stream processors, up to 5.6 TFLOPS of compute power, 4GB or 8GB GDDR6 video memory options, and built atop their modern RDNA architecture and supporting features in common with the RX 5700 series like PCIe 4.0 support. Here is a look at the initial Linux gaming performance of the AMD Radeon RX 5500 XT with various gaming benchmarks and Steam Play tests as well.

KDE Applications 19.12 is out today as the collection of 120+ KDE applications tailored around the Plasma desktop and largely built using Qt and KDE Frameworks...

LibreOffice 6.3.4 Is Now Available for Download on Windows, Linux, and Mac  Softpedia News

After being delayed from last month, Qt 5.14 is shipping today as the newest Qt5 tool-kit release while developers become increasingly focused on next year's Qt 6.0 end-of-year release and Qt 5.15 in the spring that will serve as an LTS release and the last hurrah for Qt5...

Linux Operating System Market Growth Scope Assessment 2019: Linux Mint, Ubuntu Linux, openSUSE, Debian  Global Industry Analysis

Beyond AMD's open-source graphics driver stack of the past decade, part of their original open-source plans have also involved providing public (NDA-free) GPU hardware documentation. That has come with time though the documentation drops are not coordinated in-step with code drops. Out today, for example, is the ISA documentation on Vega 7nm...