Eclipse Committer Due Diligence Guidelines

All content must be received as Git commits via infrastructure provided by the Eclipse Foundation. All content submitted through any channel other than the Eclipse Foundation infrastructure must be approved by the PMC, and submitted to the EMO, via a Contribution Questionnaire for due diligence approval, prior to being committed to the source code repository. It is highly recommended that each Committer review and understand Intellectual Property Management at the Eclipse Foundation and the Eclipse Foundation’s Due Diligence Process in particular.

Users and recipients of content distributed by the Eclipse Foundation are granted rights to the content by the declared project license(s). The project license(s) are described on the each project’s website, the license and notice files in the project’s software repositories, and in the copyright headers of individual source files..

IMPORTANT NOTE: Committers should never accept a contribution received via a private communication such as email. It is important that all contributions are received through one of the channels described above to ensure that all necessary licenses are granted and that there is a public, timestamped, and archived record of the submission.

Before accepting every contribution, the Committer must check the following:

It is the responsibility of the Committer to verify that there is a valid ECA on file for the author(s) of each contribution.

A Committer cannot always assume that contributed content can be freely used or redistributed. Committers are obligated to ensure the appropriate due diligence has been completed before incorporating and redistributing content received from others. The process for performing due diligence depends on whether the contribution is deemed to be a "significant" one. A "significant" contribution is a substantial amount of code or content that introduces major new functionality into the code base, or any code or module which will be distributed under any license other than the project license(s).

Any contribution greater than 1,000 lines of code is deemed to be "significant". If necessary, the EMO can assist in determining whether a contribution should be classified as "significant".

For "significant" contributions, the following three steps should be used in determining if the contributed content is suitable for committing to an Eclipse Foundation project,

For simple bug fixes and minor enhancements contributed under the Eclipse Foundation Terms of Use, PMC and EMO approval is not required. However, the Committer is expected to ensure the appropriateness of the contribution and its availability for redistribution and modification by the Eclipse Foundation. There are many factors in making these determination, including things like license compatibility, confidentiality, copyright rights, patents, export control laws, no profanity, acceptable standards of code quality and coding style, etc. If a Committer has any concerns on these topics, they should seek assistance from the EMO.

If the contribution has any "legal" terms or conditions associated with it whatsoever (other than a simple statement saying the contribution is licensed under the project license(s)) the contribution must be approved by the appropriate PMC before being utilized. Possible "legal" terms or conditions include anything referring to "copyright", "patent", "trade secret", "confidential", "license" or "rights," or any other language purporting to grant or reserve any rights to use or distribute the contribution, or limit public distribution of the contribution. The PMC (with assistance from the EMO as necessary) will determine if the "legal" language is consistent with the project license(s) as applicable.

Given the amount of time required to complete the due diligence process on these packages, the Committer should allow sufficient time for the appropriate review process to complete.

If the contribution is known or is believed to contain any type of encryption or decryption software, the contribution must be approved by the appropriate PMC before being utilized.

Cryptographic content from the Eclipse Foundation has been given a classification as Export Commodity Control Number (ECCN) 5D002.C.1 by the U.S. Government Department of Commerce, Bureau of Export Administration, and is deemed eligible for export under 15 CFR §742.15(b), and deemed not subject to Export Administration Regulations as publicly available encryption source code classified ECCN 5D002.. However, under this license exception, the content may not contain cryptanalytic functionality, such as a cryptographic codebreaker. It is the Committer’s obligation to ensure that the content does not contain functionality that would require a change in export classification. If you have any questions regarding cryptography or export controls, please contact license@eclipse.org.

Any modifications, additions or removal of cryptographic code, should be brought to the PMC’s attention.

Any Contributions containing Cryptography should have information regarding the Cryptography documented in notices  for the source code repository and distribution forms that contain the Contribution. The Committer should work with the EMO to ensure the notices file has the appropriate documentation before the contribution is committed to the source code repository.

Each project may have its own standards for quality and style. However, any profanity found in the code or its comments are considered unacceptable and should be removed before the content is contributed. For more details on a specific project’s quality or style standards, please connect directly with the project team, or consult with the PMC.

It is very important that all content contains the correct legal documentation. Please read the Legal Documentation Requirements.

If you require assistance in preparing any of this documentation, contact your PMC or the EMO. All legal documentation should be approved by the EMO prior to committing the content.

There are cases where content redistributed at the Eclipse Foundation is not received as a contribution under the the project license(s). The most common case is a Committer who wishes to redistribute content maintained by another open source project, outside of the Eclipse Foundation. Some examples of such packages currently being redistributed by the Eclipse Foundation are projects maintained by The Apache Software Foundation, Mozilla, GTK+, JUnit, JCraft, and others.

Before any such package can be redistributed by the Eclipse Foundation, the Committer must create a Contribution Questionnaire, providing details of the package to the EMO and the PMC. The package will then be reviewed as follows:

Tracking of each contribution within a project is very important from a legal point of view. As well, it allows for the appropriate acknowledgement of each contributor. This information about each contribution is typically maintained within Git commit records, and the standard copyright headers contained within individual source files.

Each project team must take steps to ensure that intellectual property is properly received, so that it can be tracked by the automated Intellectual Property Log ("IP Log") infrastructure.

To help support downstream adoption of Eclipse Foundation projects, it is a necessity to exercise the appropriate due diligence. In addition to these specific standards, the community relies on Committers to exercise their own judgment with respect to other factors that may deem the contribution to be inappropriate for use. If a Committer has doubts about the appropriateness of the contribution for any reason, then that Committer should investigate and consult with the applicable PMC, who will call on or direct you to EMO resources if necessary.

Last updated: December 19/2017