Feedback 2023/12/11
As I am going through the course, I'll be posting in this thread things that you may want consider fixing. Each issue will be in a separate reply, so that it would be easier to link to them.
Comments
-
The text:
Open source isn’t going away. As noted in "The State of Enterprise Open Source: A Red Hat report", open source software is more flexible, higher quality and has better security than commercial alternatives.
Another key benefit of open source is that it prevents vendor lock-in. This is where a software vendor can either force upgrades or charge license fees that increase over time against their customers’ wishes. As we will see, this practice is incompatible with the license that open source software is provided under.
Is present on both these pages:
- https://trainingportal.linuxfoundation.org/learn/course/open-source-contribution-in-finance-lfd137/important-concepts/what-is-open-source-software?page=1
- https://trainingportal.linuxfoundation.org/learn/course/open-source-contribution-in-finance-lfd137/important-concepts/what-is-open-source-software?page=2
Likely the page was split or merged - in any case you probably want to remove the duplication.
0 -
Regarding the copyright, it is a good idea to clarify this statement:
NOTE: When working as an employee for a firm, your firm holds the copyright to anything you write, including software.
Without any explicit arrangement, the firm only owns what you produce as part of the employment engagement, or using the firm's resources (hardware, tools, services, premises). You own the copyright of anything you do on your personal time without using firm's resources.
Some employment contracts lay broader claims, as in "the firm owns everything you produce and you cannot share without explicit authorization". In such firms, an OSS contribution policy constitutes such authorization (as long as you comply to its stipulations).
0 -
It may be worth adding a sentence or two, stating what does it mean for code to be in the public domain, and how does it differ from the permissive license. Even better a table summarizing the key differences between the four types of licenses (including proprietary).
I believe that it is an open question if an author can disclaim their responsibilities (regarding licensing, high tech export regulations) by putting a work in public domain.
I would love if we can start phasing out the cutesy "copyleft" and "viral" monikers and use the descriptive "reciprocal licenses".
0 -
General comment:
So far - pages are chunked at way too small pieces. I find myself losing context, and getting distracted, looking where to click instead of focusing on the material.
Scrolling is not necessarily bad.
This page is offensively clicky - opening all the boxes to reveal one sentence feels like jumping through hoops.
0 -
On OSS Criteria:
The program must include source code, or some easy way to get hold of it.
It is worth getting a bit more specific as that is very relevant to corporate OSS - reciprocal licenses require the _final modified source code _to be available to any user; permissive licenses require the upstream code that is being built on to be acknowledged and linked; public domain does not require any of these (and technically does not classify as OSS).
Furthermore, it is important to note that licenses require that code is offered to users of the software - hence if one reuses even a strong reciprocal license such as AGPL, but keeps the usage in the firm, there will be no external obligations.
0 -
A good way to engage with OSS is to start participating in the user community, first by asking good questions (insert your favorite guide here), then by providing answers, helping new users, initiating discussions about requirements and new features.
0 -
It is worth mentioning that Eclipse now hosts the Adoptium project, coordinating the activities of the the various Java builders and their artifacts, as well as Temurin - a vanilla OpenJDK runtime:
https://adoptium.net/marketplace/
https://adoptium.net/temurin/0 -
Which type of open source license allows the end user to redistribute the software with their own license?
Technically both PD and Permissive licenses allow for relicensing.
The quiz results bar chart render misses the last question
0 -
The linked ISO 27001 standard costs 124 CHF - I doubt anybody will be willing to spend this kind of money just to check the reference material. A summary would be very useful, as well as guidance in which cases is it worth reading the primary source.
0 -
As OSS contribution can be done both in firm's capacity and in personal capacity, do we really need to be on record when not using our firm's identity? Can we have more detailed reasoning if that is the case?
When I hack something on a Sunday afternoon and put it on Github, do I need to ask my OSPO? How about if it is a private project? How about if it is an issue comment? Support comment? Tweet?
I know it is common sense, but this pages in their current form can be misinterpreted, and it is critical to draw good boundaries.
0 -
Quiz 2:
What is the term used to describe communication related to a financial firm's products, services, investments, or other business matters?
also:
From an open source perspective, what’s the difference between public information and classified information?
This was probably in the 124CHF document, but I cannot meaningfully make a difference between "Internal", "Restricted" and "Firm business" - this doesn't line up with my company classification.
I'd rather have a question about what I should and should not do, over "what name did we give to..."
0 -
It would be useful to show few supply chains to emphasize that it is a concept, not a fixed set of stages and processes.
Besides the provided "server application", few more illustrations would be "library", "mobile application", "pacemaker firmware", or "package in Linux distribution".
0 -
One more criteria:
- Value of reused functionality vs. maintenance/coupling/complexity cost of added dependencies
0 -
It could cause your firm serious reputational damage if it were found that a member of staff had committed code that had somehow aided terrorism.
This is vague example for what is OK and what not OK would be appreciated.
Many of the terrorists use Android phones and end-to-end encrypted messaging (Whatsapp, Telegram, etc) - does that reflect poorly on those projects?
0 -
SVB is no more, and has somewhat negative associations - perhaps we can have a different example?
0 -
The quiz of section 7 was funny, but not useful. Most of the answers were obviously false, and as such it did not add value. If we cannot come up with useful questions, perhaps it is better to remove the quiz, of fold the "escalation" section in the "regulatory landscape"
0 -
This is a weird way to ask a question:
Popularity, community support, documentation, code quality, security and vulnerability management should be considered when selecting software components in addition to:
Pretty much all answers are correct to an extent and one has to guess what is intended.
Similar with:
Requiring approval before submitting personal OSS contributions is necessary to prevent:
The following sentence is hard to parse. (What risk? In what way does it challenge? What are "traditional ways"?)
A new technology has created risks regarding data leakage and challenges the traditional ways of contributing to an open source project involving this technology. What is the suggested action to manage these new scenarios?
0 -
Surveymonkey is blocked by my corporate proxy:
0 -
Bottom line, very good as scope and content.
If I could change one thing, it would be to reduce the number of "slides" - as a guideline, 150-200 words per screen is a good amount. If I have to click "Next" for every sentence, I'm losing context.
Another minor pick is that it would be nice to make sure to minimize the number of questions requiring to memorize nomenclatures, especially when speaking of taxonomies that may vary between companies.
0
Categories
- All Categories
- 167 LFX Mentorship
- 219 LFX Mentorship: Linux Kernel
- 795 Linux Foundation IT Professional Programs
- 355 Cloud Engineer IT Professional Program
- 179 Advanced Cloud Engineer IT Professional Program
- 82 DevOps Engineer IT Professional Program
- 127 Cloud Native Developer IT Professional Program
- 112 Express Training Courses
- 112 Express Courses - Discussion Forum
- 6.2K Training Courses
- 48 LFC110 Class Forum - Discontinued
- 17 LFC131 Class Forum
- 35 LFD102 Class Forum
- 227 LFD103 Class Forum
- 14 LFD110 Class Forum
- 39 LFD121 Class Forum
- 15 LFD133 Class Forum
- 7 LFD134 Class Forum
- 17 LFD137 Class Forum
- 63 LFD201 Class Forum
- 3 LFD210 Class Forum
- 5 LFD210-CN Class Forum
- 2 LFD213 Class Forum - Discontinued
- 128 LFD232 Class Forum - Discontinued
- 1 LFD233 Class Forum
- 2 LFD237 Class Forum
- 23 LFD254 Class Forum
- 697 LFD259 Class Forum
- 109 LFD272 Class Forum
- 3 LFD272-JP クラス フォーラム
- 10 LFD273 Class Forum
- 152 LFS101 Class Forum
- 1 LFS111 Class Forum
- 1 LFS112 Class Forum
- 1 LFS116 Class Forum
- 1 LFS118 Class Forum
- LFS120 Class Forum
- 7 LFS142 Class Forum
- 7 LFS144 Class Forum
- 3 LFS145 Class Forum
- 1 LFS146 Class Forum
- 3 LFS147 Class Forum
- 1 LFS148 Class Forum
- 15 LFS151 Class Forum
- 1 LFS157 Class Forum
- 33 LFS158 Class Forum
- 8 LFS162 Class Forum
- 1 LFS166 Class Forum
- 1 LFS167 Class Forum
- 3 LFS170 Class Forum
- 2 LFS171 Class Forum
- 1 LFS178 Class Forum
- 1 LFS180 Class Forum
- 1 LFS182 Class Forum
- 1 LFS183 Class Forum
- 29 LFS200 Class Forum
- 736 LFS201 Class Forum - Discontinued
- 2 LFS201-JP クラス フォーラム
- 14 LFS203 Class Forum
- 102 LFS207 Class Forum
- 1 LFS207-DE-Klassenforum
- 1 LFS207-JP クラス フォーラム
- 301 LFS211 Class Forum
- 55 LFS216 Class Forum
- 48 LFS241 Class Forum
- 42 LFS242 Class Forum
- 37 LFS243 Class Forum
- 15 LFS244 Class Forum
- LFS245 Class Forum
- LFS246 Class Forum
- 50 LFS250 Class Forum
- 1 LFS250-JP クラス フォーラム
- LFS251 Class Forum
- 154 LFS253 Class Forum
- LFS254 Class Forum
- LFS255 Class Forum
- 5 LFS256 Class Forum
- 1 LFS257 Class Forum
- 1.3K LFS258 Class Forum
- 10 LFS258-JP クラス フォーラム
- 111 LFS260 Class Forum
- 159 LFS261 Class Forum
- 41 LFS262 Class Forum
- 82 LFS263 Class Forum - Discontinued
- 15 LFS264 Class Forum - Discontinued
- 11 LFS266 Class Forum - Discontinued
- 20 LFS267 Class Forum
- 24 LFS268 Class Forum
- 29 LFS269 Class Forum
- 1 LFS270 Class Forum
- 199 LFS272 Class Forum
- 1 LFS272-JP クラス フォーラム
- LFS274 Class Forum
- 3 LFS281 Class Forum
- 9 LFW111 Class Forum
- 260 LFW211 Class Forum
- 182 LFW212 Class Forum
- 13 SKF100 Class Forum
- 1 SKF200 Class Forum
- 1 SKF201 Class Forum
- 782 Hardware
- 198 Drivers
- 68 I/O Devices
- 37 Monitors
- 96 Multimedia
- 174 Networking
- 91 Printers & Scanners
- 83 Storage
- 743 Linux Distributions
- 80 Debian
- 67 Fedora
- 15 Linux Mint
- 13 Mageia
- 23 openSUSE
- 143 Red Hat Enterprise
- 31 Slackware
- 13 SUSE Enterprise
- 348 Ubuntu
- 461 Linux System Administration
- 39 Cloud Computing
- 70 Command Line/Scripting
- Github systems admin projects
- 90 Linux Security
- 77 Network Management
- 101 System Management
- 46 Web Management
- 64 Mobile Computing
- 17 Android
- 34 Development
- 1.2K New to Linux
- 1K Getting Started with Linux
- 371 Off Topic
- 114 Introductions
- 174 Small Talk
- 19 Study Material
- 507 Programming and Development
- 285 Kernel Development
- 204 Software Development
- 1.8K Software
- 211 Applications
- 180 Command Line
- 3 Compiling/Installing
- 405 Games
- 309 Installation
- 97 All In Program
- 97 All In Forum
Upcoming Training
-
August 20, 2018
Kubernetes Administration (LFS458)
-
August 20, 2018
Linux System Administration (LFS301)
-
August 27, 2018
Open Source Virtualization (LFS462)
-
August 27, 2018
Linux Kernel Debugging and Security (LFD440)