Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [cft-dev] Fwd: [incubation] Project downloads scanner

Hi Martin,

Thanks for the link. I checked the 3 dependencies that are red for CFT, and it seems we do have CQs for them that were filed a couple of weeks ago (3 tomcat embed 8.0.33) but have not yet been approved by IP team:

https://dev.eclipse.org/ipzilla/show_bug.cgi?id=11221
https://dev.eclipse.org/ipzilla/show_bug.cgi?id=11222
https://dev.eclipse.org/ipzilla/show_bug.cgi?id=11223

Maybe that is one reason they appear as red still.

I hope when we submit the final IP Log in May 26 the remaining CQs will be reviewed and approved by IP team, as they appear in the "Pending CQ" section:

https://www.eclipse.org/projects/ip_log.php?projectid=ecd.cft

-Nieraj

On Wed, May 4, 2016 at 2:02 AM, Martin Lippert <mlippert@xxxxxxxxx> wrote:
Hey!

This is an interesting tool for projects. Please take a look.
It shows a few items for the CFT project for which there is no CQ yet… :-)

Cheers,
-Martin



Anfang der weitergeleiteten Nachricht:

Von: Wayne Beaton <wayne@xxxxxxxxxxx>
Betreff: [incubation] Project downloads scanner
Datum: 4. Mai 2016 um 05:34:41 MESZ
Antwort an: Discussions for new Eclipse projects <incubation@xxxxxxxxxxx>

Hey folks!

There is a tool accessible from your project page that provides a list (generated from your project downloads) of the third-party libraries that are used by your project. The scanner searches through everything in project's directory on the download server, including archive files. For every JAR file it finds, it attempts to identify a corresponding CQ. Any file that cannot be mapped to a CQ is highlighted in red. Click on an entry to show where that file is located.

e.g.

https://www.eclipse.org/projects/tools/downloads.php?id=technology.dash

The tool only considers JAR files and it does its best work with OSGi bundles that follow the standard OSGi bundle naming pattern.

The tool is intended to assist with the process of ensuring that projects are distributing only approved libraries. It is far from perfect. The tool does report--at least for some projects--many false negatives (especially for JAR files that do not include version information in the file name). Don't panic if your project page shows a lot of red. This is one of the reasons why we make this page accessible only to committers and don't advertise it widely. If something jumps out at you, please try to mitigate. I'll help with mitigation when the time comes to do your first/next release. If something that you know you know is approved is showing up red, let me know.

You can access the tool from your project's "PMI" page by expanding the "Committer Tools" section and clicking on the "Review Downloads" link (you'll have to login). It takes you here:

https://www.eclipse.org/projects/tools/downloads.php?id=<project.name> (where <project.name> is your project's full id, e.g. 'technology.dash')
We have started work on a new version of the tool that will do a far better job.

Note that the approval of third-party libraries is version-specific. If your project has approval for one version of a library but your build pulls in a newer version, you must either fix your build to pull only the approved version, or create a CQ for the new version.

There is more information about contribution questionnaires (CQs) in the Eclipse Project Handbook [1] (and the PolarSys [2] and LocationTech [3] variants).

HTH,

Wayne

[1] https://www.eclipse.org/projects/handbook/#ip-cq
[2] https://www.eclipse.org/projects/handbook/polarsys.html#ip-cq
[3] https://www.locationtech.org/documentation/handbook#ip-cq
--
Wayne Beaton
@waynebeaton
The Eclipse Foundation
EclipseCon
          France 2016
_______________________________________________
incubation mailing list
incubation@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/incubation


_______________________________________________
cft-dev mailing list
cft-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/cft-dev



Back to the top