Hello,
As part of our ongoing work to improve security there is an upcoming change in how we handle project virtual servers, and how they are expected to be managed by your team you need to be aware of.
By way of background, the Eclipse Foundation discontinued project virtual servers from its offering many years ago. All currently operating virtual servers are part of a grandfathered offering.
Starting in Q1 2025, we are requiring that all projects that have a virtual server hosted by or sponsored by the Foundation submit and maintain an update schedule. This schedule should indicate who on the project team is responsible for managing the server, and establish a consistent update cadence for both software and the OS that your project will follow.
Members of the project that are identified as responsible will also be added to our GDPR notices if they do not already receive them, so they can action any GDPR requests the Foundation receives.
If the project doesn’t have anyone that is willing to take on such responsibilities, we should begin discussing the graceful shutdown of your project virtual server.
Please submit your schedule to security@xxxxxxxxxxxxxxxxxxxxxx by February 17, 2025 or engage with the Security or Infra(infrastructure@xxxxxxxxxxxxxxxxxxxxxx) teams via email by that time. If we don’t hear from you by the due date, we’ll file an issue to schedule the shutdown, after which your data will be held briefly before it is removed.
-Matt.