Country of Origin Request- OpenRefine

[gsfl...@gmail.com]

Hello,

 

I am reaching out to request information on the OpenRefine. Here at the NASA Goddard Space Flight Center Archives we are required to have all new software installs approved by the agency’s IT security team. As part of this process, we would need information on the country of origin for the software applications that we are interested in, even if they are open-source and we are not procuring them.

 

As all NASA Goddard Space Flight Center IT software requests must comply with Section 514 of the Consolidated Appropriations Act, 2018, Public Law 115-141 – the country of origin information must be obtained from the company that develops, produces, manufactures, or assembles the product(s). Specifically, could you please identify the country where the following software tool was developed, manufactured, and/or assembled:

 

1. OpenRefine

 

Additionally, if the country of origin is outside the United States, please provide any information you may have stating that testing is performed in the United States prior to supplying products to customers.

 

I’m not sure if you receive these types of request for country of origin very often and I really appreciate your help with this as we are excited to use this software. If you are able to provide a reply to this request, an email or electronic document attachment indicating the country of origin would suffice.

 

Please let me know if you have any questions and thank you in advance for your help with this.

 

Best Regards,

 

 

George Diez, George (GSFC-272.0)[Select Federal]

Digital Team Lead

NASA Goddard Space Flight Library

 

 

 

[Thad Guidry]

Hi George,

Happy to answer this.

It's the same "Country of Origin" as the Linux kernel used on all NASA space flights. :-)

In seriousness, the tooling and dependencies that OpenRefine uses is all open source and created by the most diverse group of human engineers from around the world, like most modern software programs and systems.

Many of these engineers volunteer their time to check for security issues or address bugs in their code, as well as ours.  Good software is made better by being open source and allowing contributors from anywhere to see the code and fix issues.

Anyways,

In 514, it is mentioned that of an "information system" which OpenRefine would probably not be classified as.

    Sec. 514.  None of the funds provided or otherwise made available in 
this Act shall be available to carry out section 872 of

[[Page 132 STAT. 628]]

the Homeland Security Act of 2002 (6 U.S.C. 452) unless explicitly 
authorized by the Congress.

but I think you are referring to the text  within this:

    Sec. 514. (a) None of the funds appropriated or otherwise made 
available under this Act may be used by the Departments of Commerce and 
Justice, the National Aeronautics and Space Administration, or the 
National Science Foundation to acquire a high-impact or moderate-impact 
information system, as defined for security categorization in the 
National Institute of Standards and Technology's (NIST) Federal 
Information Processing Standard

which says nothing about "country of origin".

Unrelated, but also to generally acknowledge that my personal opinion is that the "Buy American Act" has many acknowledged gaps in philosophy when it concerns open source software such as Linux or OpenRefine.

At this time, my humble suggestion and opinion is to list the "Country of Origin" for some open source "software procurement" (but there is no procurement - i.e. no sale transaction, only installation as defined under TITLE III of the Science Appropriations Act, 2018) of OpenRefine to be listed as "NONE".

Other users on our user mailing list may completely disagree or emphatically agree with me.

Thad

https://www.linkedin.com/in/thadguidry/

--
You received this message because you are subscribed to the Google Groups "OpenRefine" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openrefine+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/openrefine/33202035-8fd2-4d7c-8cb0-89745d319308o%40googlegroups.com.

[Tom Morris]

[+ openrefine-dev bcc: openrefine]

Hi George,

I've added the developer list where the OpenRefine contributors hang out and moved the main list to bcc.

There is no company which develops or produces OpenRefine. It was originally developed by Metaweb, an American company, in the United States as Freebase Gridworks. Metaweb was later acquired by Google, also an American company, but over the last decade OpenRefine has been maintained and enhanced by an international collaboration of mostly volunteer contributors. You can view a complete list of all 159 contributors here: https://github.com/OpenRefine/OpenRefine/graphs/contributors. 

All of the source code is available for inspection here: https://github.com/OpenRefine/OpenRefine and if it would make your IT security team more comfortable, you can build your own binaries rather than use our prebuilt binaries.

Let us know if you have any other follow-up questions. I'd be happy to talk to your IT security team directly if it would be useful.

Best regards,

Tom

--

[George Diez]

Thanks for the information.

You received this message because you are subscribed to a topic in the Google Groups "OpenRefine" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/openrefine/aNuY4NoRibI/unsubscribe.
To unsubscribe from this group and all its topics, send an email to openrefine+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/openrefine/CAE9vqEFt8Z4b8JE2aQPkikS%3DrtBkJYXYYy8%3DySpQojwLetRECw%40mail.gmail.com.