Notes from day 1: https://hackmd.io/Z552wq0wT46zD7jibJj_Tg?edit
Pierre Chastanet asks the audience: What do you need?
They will start assembling papers on key topics. Eg. what sort of skills do one need?
FOSS4SSMEs: consortium to teach about FOSS
Lack of digital skills leads to a reduced competativeness
You can't even run a bakery without computer knowledge
We've created an online course for SMEs to learn about open source
Topics: intro, business models, solutions, and migration path: sign up to newsletter to get notified when the course is online.
example: FoSS policy in france, Frans Nagel study, +9-18% of IT startups, 7-14% more IT jobs
Reccomendations towards the commission:
Support digital-led SMEs with business help
Understand how open innovation and intellectual property interact, find out how the dominant patent paradigm can be broken
Public procurement with a level playing field for SMEsHelp SMEs to take part in trainings
Support diversity and inclusivity
Foster sovereign digital competencesFund research to understand strategic value and impact on economy
Coordinate policy internally
Follow through on commitments, invest in Talinn declaration
Safeguard FOSS, the license takes away the transaction cost and the definitions of OSI and FSF need to be endorsed
Andre Richier: We're already investing in the education aspects, and more will be in the digital skills action plan
In the data world things only works if there are stewards, the points of contact who make sure the data is good. This is an essential role, what does it look like in your universe?
Transferable skills are key, so that non-open source teaching translates as well
Ireland has in 2020 a gap of 18000 jobs in IT, the more we invest the larger the gap seems to get
We need to help parents boast about the job titles of their children
A key way to do this is by creating standards
We've started to use the EU competence framework to measure where people are and what their paths are. This framework is good and not just another framework.
The lawyers dont need the best and the brightest, we need them in IT
If we help people to understand open source so that the users can also become makers
Make sure that there is space for failing as well
Open source software and hardware is a matter of independence, both from vendors and for the EU economy
We've gotten the ministry to fund 120 schools to open 'open labs' to make software and hardware
Using open source is a given, the challenge is creating a scaling ecosystem of contributors
We need to give architects more control because they are often overuled
Getting public critisicm is new for people in corporate culture
Building a business model with non-competative assets is a skill that needs to be learned
We need in the legal department to learn to deal with the mix of patents and open source and open data
We need to make sure we can protect open assets in patent wars
It is great in collaborations (with universities) to just say it is open source and move forward from all of the legal questions and get going
What does the commission need to do on the policy
Responsible for scope of cross-licensing, look at role of patents in open source
example: chaning the shape of a plug is very costly, must be done infrequently – software changes can be very inexpensive; linux kernel over years averages 8 changes per hour.
Standards are not documents, technolgies; specs are documents. Puropose of standards is to provide specs
Open source creates joint implementations which have standardizing effects
Open source foundations cover functions like consensus building or knowledge transfer
cost of change determines the efficacy of implementation-first vs. specifification-first
standard setting and open source are complementary standardisation instruments available to policy makers
head of IBM's department of standardization in europe
Makes a point on that standards and open source are different things:
Three steps of openness for standards
several things that used to be done in standards bodies are now being done in Open Source projects
Open source implements standards
standards are developed in open source
standards are maintained in open source
in-house vs. co-operative ways for SDOs to address open source
There are challenges around IPR, business models and governance
for OASIS, inerop is always the goal
historically used more traditional approach to standards creation; for two years trying to open new roads to welcome open source in a more dynaic way
convergence of tools, e.g.: git, JIRA
"Open Projects Programme" designed explicitly towards open source communities
Governing board must make non-assert statements to participants
"Open cybcersercurity Alliance": "integrate once – reuse everywhere"
Open Mobility Foundation is a global coallition for collaborating with open source in cities around infrastructure
OFE: promotes open standards, open source; pragmatic, try to see these things as a means to an end.
The commission shouldn't change open standards or open source, but recognize the differences and work to support both.
Standards first vs development of OSS first – each constrain the other. A shift towards OSS dev coming first whereas it used to be the other way around.
Ecma was founded in 1961
Ecmascript was started in 1996
open source community coming every 4-6 weeks with a new version; but ecma can cope with the speed by stabilizing every 6 months.
OSS and FRAND patent policy regime of several SODs are incompatible. The SDO patent policy must be RF based policy.
SDO Software Copyright policy must be compatible to the Software Copyright of the FOSS licensses
EC should more clearly support that besides FRAND , also RF based policy regimes, more open source
financial support for OSS communities and persons t; financial support, with minimal "red tape"
instable market: 6 monthly space, sometimes 6 weeks
competing standards body, can't join because not a big player in the field
hard for a non-profit org to implement an open spec; hard to get the funds to purchase the specification
example: android features developed thrown over the wall with open license, but we can not participate in development
Björn Lundell:
Michiel Leenaars:
The commission should dogfood on the key standard they are using.
(referring to ODF and that one cannot be sure that file sent to them in that format will be read)
Mirko:
There are two litmus tests on if something is open:
If the answer is no on any, it is not open
leading the workshop
started with open access, moving towards more open science, open data, etc
work at a national level in europe, also contacts worldwide, and work at thematic level
global alignment in standards, what it means to publish reproducable, etc
sharing, publishing, monitoring science trends
open source is the ground-floor, foundational aspect in open source – all of this is based on open source
reproducibility finds easy calls in transparency and collaborition of copensource
Maybe open source sustainability models could inspier research systems' sustainability?
no obvious distinction between software and research software
result of citations may create indicators of quality
open peer review could be attached to software
EC calls:
EC strategies:
general population rejection of experts, scientists are seen as experts
stacks / environments / framework, with services and support sold around them
can you replicate/reproduce published results?
culture:
some of the software that CERN has been using has become too expensive to provide to all researches
public tender: favor open source software
one example: simplified some legal negotiation, because every understood from the start it's open source
European Open Science Cloud
Open source improves scientific infrastructure
WHy OpenNebula, open source?
To the EC:
https://openworking.wordpress.com/
Jose Urra Llanusa creating the Open Centrifuge amongst many other things
Open Refine
Some essential software is supported by only a few contributors
how do we licensing, auditing, etc.
Recommendation:
If you want to have "sexy" research, you need to have solid infrastructure underneath
My angle is more hardware
Mandate from the 1950's means everything CERN does should be publicly available
We are at the turning point with open hardware similar to where we were at the turning point of software in the 1990s. If software were not allowed to be shared, it was a loss to society.
member state connundrum: the member states financed it, why give it to other countries?
discoverablilty ++, secrecy of projects –, creates duplicate effort
exciting the supply and demand each help
education is key
work on positive incentives for scientists to share more than results
work on news ways to do tech and knowlege transfers between reserachers and public at large
To EC:
Impacts of mandates:
In policies broght forward, be pragmatic
Open teaching materials:
White-rabbit: extends IEEE 1588, sub-nanosecond sinchronization?
Open hardware, open source in medical
Evangolos Tsavalopoulos: We want to make this a real workshop, which means we want to end up with some real proposals.
Polling used for this session: https://my.beekast.com/kast/osb2020panel62/wall
Comptoire du libre to share OSS between French public organizations.
One challenge is to build a community when building OSS for public services.
Voting on topics took place (results can be seen on the link above). (There was some confusion on how to vote, and where to add the things to vote on.)
Frank Karlitschek: small business acts will naturally lead to open source
Paulo Ribeiro: The public body taking the IP means we can't contribute any of that back to the community. In some countries it is the default that the IP in procured software is owned by the public body doing the procurement.
Stéfane: Could we turn (what?) directory that is used in France into an international one?
Karlitschek: it is hard to have the right partnership for every individual part of your system, it is hard to find one party to work with to talk to a lot of the elements.
Mirko Böhm: There are no "open source companies". Companies are serving customers, sometimes with only open source products and/or services. It is also unreasonable for governments to only try to work with SMEs because they may not be able to scale as needed.
Mika Helenius: Challenges the last point of Mirko's statement, has other experiences from Finland.
Saranjit Arora: How do we scale support contracts for OSS made by SMEs (that may not be able to scale speedily enough)?
Answer by Boris van Hoytema: IT is becoming more infrastructure and misson critical and therefore need to have more competence inhouse and not only rely on external contractors to do it. Gives example of Dutch train service NS who is running their GSMA network themselves because if it drops all trains stop.
Paulo Ribeiro: Agrees, there need to be a minimum set of skills within a public body to be able to successfully work collaboratively with OSS vendors.
Saranjit: Asks the same question again..
Amanda Brock: Points out terminology, vendor sells stuff so you cannot be an OSS vendor. You sell development or support.
EU Policy person: We need a concrete project that we can start working on over borders and have as a showcase next year.
Answer by Boris: There is already ongoing work on this, Amsterdam with a messaging and routing app, Barcelona with online participation platform, OS2 with multiple software and more. There is no lack of public bodies wanting to share and collaborate.
Another voting round was made.
Closing statements:
Matthieu: Use publiccode.yml as the italians: https://developers.italia.it/en
Frank: Likes the voting results. IPR is important. Reuse catalogs that already exists, don't create a new one.
Stéfane: There is already a list, that also includes vendors.
Saranjit sums up: expecting a need for the EC to provide support due to increase usage of OSS. How to make expertise available? Partnerships? Internalize it by having people that knows the OSS inhouse?
Polling link: http://beekast.live/osb2020panel7
The purpose of the session is to highlight role of open source in achieving secruity and trust.
Perhaps we should run security audits on new open source software.
Was much easier to sell solutions if OSS because they know they can maintain it and develop it further; no lock-in
Misconception: That open source somehow magically produces secure software. License makes it possible. License is prerequisite to produce secure and trustworthy software, but no gauranetee, e.g.: OpenSSL had bug
AI: needs data, not just software. How to make the data available, transparent. Open data is very important. Need ways to share. Need more transparency.
Been a challenge to put a business model around open source; now it is easier, but there are other challenges.
Voting on the issues enterd took place
What is the threat model: don't forget the hardware
End to end validation: the whole system needs validation, with change on one component
Q from Thomas Gageik: Should we start regulating software development?
A from Amanda Brock: No. Not in general. Possibly, certain industry sectors could have regulation for software that are being used there, but developers should never be liable for software they release in the open.
Stuart suggests the NHS clinical safety procedures
DCB0129
DCB0160
Voting in beekast took place again
Continue the discussion and provide more ideas at:
digit-oss-strategy@ec.europa.eu
https://joinup.ec.europa.eu/collection/open-source-observatory-osor
A new study is upcoming, with good arguments for the politicians.
-
Any changes
Be notified of any changes
-
Mention me
Be notified of mention me
-
Unsubscribe
Subscribe