Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [] Improving license check for dependencies

1. Remove the need to get PMC approval.

As a Tools PMC representative this would be very welcome.

I agree for the Tools PMC but other PMCs know their projects in detail and are responsive, like e.g. the PMC of the Eclipse Project. It should be left to each PMC to say whether they require CQ approval or not.


From:        Aleksandar Kurtakov <akurtako@xxxxxxxxxx>
To:        "" <>
Date:        19.03.2020 21:45
Subject:        [EXTERNAL] Re: [] Improving license check for        dependencies
Sent by:

On Thu, Mar 19, 2020 at 9:08 PM Jim Hughes <jnh5y@xxxxxxxx> wrote:

Hi all,

In the spirit of reducing friction, I'd like to share a little about my
week in trying to get some CQs approved.  I work on a project called
GeoMesa which has dependencies on two different ecosystems: Java-based
geospatial and Apache Software Foundation 'big data' projects (like
HBase, Cassandra, etc).  (Consequently, GeoMesa has entered over 400 CQs
over its lifetime.)

For an upcoming release, we are upgrading versions of our Apache
projects.  I tossed in 4 CQs* for ASF code.  All of the versions are
upgrades of software projects which have already been approved.

In order to make sure that we don't miss something, we wait for Eclipse
approval in IPZilla before merging a PR with a dependency change. 
(We've got a little bit of scripting with Maven's Dependency plugin
which helps us monitor this.  Let me know if you are interested; I'd be
happy to share more info.)

I'm hitting a few pieces of slow down / friction / frustration.

First, I am required to get PMC approval for each CQ.  It took me two
days of pinging my fellow PMCers to get one of them to vote +1 and click
4 boxes in IPZilla.

Second, now that the CQs are back to the 'new' status, and I am
completely unsure what the next steps are.  Does anyone know how long
the automated checks take to run?

Third, each of projects is an Apache Software Foundation project for
which previous versions have been used by Eclipse projects.  I know
there's always a chance that something goes screwy with licensing in any
project at any time.  That said, if any of these CQs fail an automated
check, then I imagine an Eclipse employee is gonna have a task to open
the CQ, they'd see that it is an ASF project and click 'approve'.

Anyhow, apologies for venting.  Thanks for reading, thanks in advance
for any suggestions.  For my position, I think there are some changes we
could make:

1. Remove the need to get PMC approval.

As a Tools PMC representative this would be very welcome.

2. Provide some way to get faster approval for version upgrades.

Either of those approaches would make my life better.  Together, 95% of
my frustration with IP concerns would be gone.

As the AC, what are we in a position to recommend / request?



* Interested in watching from home, the CQs are here:

_______________________________________________ mailing list
To unsubscribe from this list, visit


Alexander Kurtakov
Red Hat Eclipse Team_______________________________________________ mailing list
To unsubscribe from this list, visit

Back to the top