[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
[stem-dev] Fw: [eclipse.org-committers] Updates to the Eclipse IP Due Diligence Process
|
fyi
-----
Forwarded by James Kaufman/Almaden/IBM on 06/29/2020 10:30 AM -----From:
Wayne
Beaton <wayne.beaton@xxxxxxxxxxxxxxxxxxxxxx>To:
eclipse.org-committers@xxxxxxxxxxxDate:
06/25/2020
02:31 PMSubject:
[EXTERNAL]
[eclipse.org-committers] Updates to the Eclipse IP Due Diligence
ProcessSent
by: eclipse.org-committers-bounces@xxxxxxxxxxx
Greetings
Committers.
In
October 2019, The Eclipse Foundation’s Board of Directors approved an
update to the IP Policy that introduces several significant changes in
our IP due diligence process. I’ve just pushed out an update to the Intellectual
Property section
in the Eclipse Foundation Project Handbook.
I’ll
apologize in advance that the updates are still a little rough and require
some refinements. Like the rest of the handbook, we continually revise
and rework the content based on your feedback.
Here’s
a quick summary of the most significant changes.
License
certification only for third-party content. This change removes
the requirement to perform deep copyright, provenance and scanning of anomalies
for third-party content unless it is being modified and/or if there are special considerations
regarding the content. Instead, the focus for third-party content is on license
compatibility only, which had previously been referred to as Type
A due diligence.
Leverage
other sources of license information for third-party content. With
this change to license certification only for third-party content, we are
able to leverage existing sources of information license information. That
is, the requirement that the Eclipse IP Team personally review every bit
of third-party content has been removed and we can now leverage other trusted sources.
ClearlyDefined
is a trusted source of license information. We
currently have two trusted sources of license information: The Eclipse
Foundation’s IPZilla and ClearlyDefined.
The IPZilla database has been painstakingly built over most of the lifespan
of the Eclipse Foundation; it contains a vast wealth of deeply vetted information
about many versions of many third-party libraries. ClearlyDefined is an
OSI project that combines automated harvesting of software repositories
and curation by trusted members of the community to produce a massive database
of license (and other) information about content.
Piggyback
CQs are no longer required. CQs had previously been used for tracking
both the vetting process and the use of third-party content. With the changes,
we are no longer required track the use of third-party content using CQs,
so piggyback CQs are no longer necessary.
Parallel
IP is used in all cases. Previously, our so-called Parallel
IP process, the means by which project teams could leverage content
during development while the IP Team completed their due diligence review
was available only to projects in the incubation phase and
only for content with specific conditions. This is no longer the case:
full vetting is now always applied in parallel in all cases.
CQs
are not required for third-party content in all cases. In the
case of third-party content due diligence, CQs are
now only used to track the vetting process.
CQs
are no longer required before third-party content is introduced. Previously,
the IP Policy required that all third-party content must be vetted by the
Eclipse IP Team before it can be used by an Eclipse Project. The IP Policy
updates turn this around. Eclipse project teams may now introduce new third-party
content during a development cycle without first checking with the IP Team.
That is, a project team may commit build scripts, code references, etc.
to third-party content to their source code repository without first creating
a CQ to
request IP Team review and approval of the third-party content. At least
during the development period between releases, the onus is on the project
team to—with reasonable confidence—ensure any third-party content that
they introduce is license compatible with the project’s license. Before
any content may be included in any formal release the project team must
engage in the due
diligence process to
validate that the third-party content licenses are compatible with the
project license.
History
may be retained when an existing project moves to the Eclipse Foundation. We
had previously required that the commit history for a project moving to
the Eclipse Foundation be squashed and that the initial
contribution be
the very first commit in the repository. This is no longer the case; existing
projects are now encouraged (but not required) to retain their commit history.
The initial contribution must still be provided to the IP Team via CQ as
a snapshot of the HEAD state
of the existing repository (if any).
The
due diligence process for project content is unchanged.
If
you notice anything that looks particularly wrong or troubling, please
either open a bug
report,
or send a note to EMO.
I've
been blogging about this for a few months. Please look herefor more information.
While
I have your attention (assuming that you've made it this far)...
Virtual
Eclipse Community Meet-ups
We
are looking for presenters for our Virtual Eclipse Community Meet-ups.
We host community-oriented webinars once to twice a month, on a variety
of topics relevant to the Eclipse Community on Crowdcast.
We would like to invite someone from your project to present/demo your
Eclipse project. You can check out past examples of the livestreams we've
had presented on our Youtube playlist.
What: The webinars are 30-45 minutes long and usually consist of a few
slides and a live demo, with +/- 5 minutes for Q&As at the end.
When: Preferably on a Wednesday at 11am ET so that the Pacific and European
time zones can attend, however, this is flexible.
If you are interested, please email marketing@xxxxxxxxxxxand let us know your availability and topic!
Survey
University
of Gothenburg has created a survey aimed at understanding what type of
code knowledge developers consider important and prefer to remember. They
have defined five (5) types of knowledge, i.e.: general code, detailed
code, quality and testing, static and dynamic structure and collaboration.
The
survey consists of 29 short questions organized in 10 sections that should
not take more than 20 minutes to complete.
Any
publication of the data will be anonymized and in summarized form; and
it will not include any identifying information or personal data, such
as your (optional) e-Mail address.
The
survey is available at the following link:
https://sunet.artologik.net/gu/Survey/8598
Thanks!
Wayne
--Wayne
Beaton
Director
of Open Source Projects | Eclipse
Foundation, Inc.
Join
us at our virtual event: EclipseCon
2020- October 20-22_______________________________________________
eclipse.org-committers mailing list
eclipse.org-committers@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/eclipse.org-committers