Building blocks could potentially be “components”; that term applies to physical supply chains, too.
Emphasizing that the volunteer developers are still professionals, academics, etc., is certainly important. I’ve seen enough people aghast how we at the Log4j project are all unpaid; many of us have spent countless hours at work using and extending Log4j where we’ve been able to contribute our changes back to the project. Sure, many of us also work on this in our spare time, but the volunteer aspect is strictly that Apache doesn’t pay us. JNDI can potentially be described as a standard programming component used for looking up directory information from LDAP and other similar technology. It may help to mention that LDAP is a directory service (maybe they’re familiar with Active Directory or some other phonebook-like directory service). -- Matt Sicker > On Jan 16, 2022, at 11:55, Sam Ruby <[email protected]> wrote: > > On Sun, Jan 16, 2022 at 12:40 PM Gilles Sadowski <[email protected]> > wrote: > >> Le dim. 16 janv. 2022 à 17:13, Sam Ruby <[email protected]> a écrit : >>> >>> In discussions with US Senate Staffers, it became apparent that there is >>> a need for a less technical description of both open source >> >> Presenting the rationale for open source to code that "does not >> provide [...] competitive advantage" is self-deprecating IMHO. >> > > Fair. Some background: many of the people the ASF interacted with last > week came in with the impression that open source software was primarily > written by amateur hobbyists with too much spare time on their hands. > After all, why would any business want to give away their hard own work? > > Here's what we are up against, and this includes a quote from the person > who called the meeting at the White House: > > Log4j is open-source software that’s maintained by a gaggle of volunteer > programmers as a part of the nonprofit Apache Software Foundation, one > among dozens of open-source initiatives which have change into an important > part of worldwide commerce. > > Neuberger described open-source software as “a witch’s brew” that’s “built > by volunteers, broadly used, and not managed”. > > -- > https://mywinet.com/some-federal-systems-affected-by-software-flaw-us-official-says/ > Is there a better way to capture the motivation of businesses to contribute > to open source? > > > >>> and the >>> Log4J vulnerability. >> >> Not using "jargon" in that section makes it more difficult to follow for >> programmers while probably not any clearer for non-programmers. >> Since "code" and "library" have been defined in the first section, the >> usual terms could then be used afterwards as appropriate. >> > > I'm not convinced. Yes, building block is jarring to me, even though I > know what it meant. Think about how jarring code or library would be to a > reader for which these are not common uses. > > I picked up the term building block from a lawyer who is experienced in > these matters. He repeated back to us what he heard us say, and used this > term. > >> I've taken a first stab at this, and placed it here: >>> >> https://cwiki.apache.org/confluence/display/COMDEV/Log4j+vulnerability+background >> >> s/Software Build of Materials/Software Bill of Materials/ >> ? >> > > Fixed. Thanks! Feel free to directly update the page > > > >> Best regards, >> Gilles >> > > - Sam Ruby > > > >>> As always, this is on a wiki. You know what you need to do! >>> >>> - Sam Ruby >>> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: >> [email protected] >> >> --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
