| Re: [cft-dev] Fwd: [incubation] Project downloads scanner |
Hey!This is an interesting tool for projects. Please take a look.It shows a few items for the CFT project for which there is no CQ yet… :-)Cheers,-MartinAnfang der weitergeleiteten Nachricht:Von: Wayne Beaton <wayne@xxxxxxxxxxx>Betreff: [incubation] Project downloads scannerDatum: 4. Mai 2016 um 05:34:41 MESZAntwort an: Discussions for new Eclipse projects <incubation@xxxxxxxxxxx>_______________________________________________Hey folks!
There is a tool accessible from your project page that provides a list (generated from your project downloads) of the third-party libraries that are used by your project. The scanner searches through everything in project's directory on the download server, including archive files. For every JAR file it finds, it attempts to identify a corresponding CQ. Any file that cannot be mapped to a CQ is highlighted in red. Click on an entry to show where that file is located.
e.g.
https://www.eclipse.org/projects/tools/downloads.php?id=technology.dash
The tool only considers JAR files and it does its best work with OSGi bundles that follow the standard OSGi bundle naming pattern.
The tool is intended to assist with the process of ensuring that projects are distributing only approved libraries. It is far from perfect. The tool does report--at least for some projects--many false negatives (especially for JAR files that do not include version information in the file name). Don't panic if your project page shows a lot of red. This is one of the reasons why we make this page accessible only to committers and don't advertise it widely. If something jumps out at you, please try to mitigate. I'll help with mitigation when the time comes to do your first/next release. If something that you know you know is approved is showing up red, let me know.
You can access the tool from your project's "PMI" page by expanding the "Committer Tools" section and clicking on the "Review Downloads" link (you'll have to login). It takes you here:
https://www.eclipse.org/projects/tools/downloads.php?id=<project.name> (where <project.name> is your project's full id, e.g. 'technology.dash')
We have started work on a new version of the tool that will do a far better job.
Note that the approval of third-party libraries is version-specific. If your project has approval for one version of a library but your build pulls in a newer version, you must either fix your build to pull only the approved version, or create a CQ for the new version.
There is more information about contribution questionnaires (CQs) in the Eclipse Project Handbook [1] (and the PolarSys [2] and LocationTech [3] variants).
HTH,
Wayne
[1] https://www.eclipse.org/projects/handbook/#ip-cq
[2] https://www.eclipse.org/projects/handbook/polarsys.html#ip-cq
[3] https://www.locationtech.org/documentation/handbook#ip-cq
--
Wayne Beaton
@waynebeaton
The Eclipse Foundation
incubation mailing list
incubation@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/incubation
_______________________________________________
cft-dev mailing list
cft-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/cft-dev