Intellectual Property Policy Changes Implementation
You've likely heard about the introduction of a new type of
intellectual property (IP) due diligence for third party content.
The short version is that our Type A Due Diligence
involves a license certification only and our Type B Due
Diligence provides our traditional license certification,
provenance check, and code scan for various sorts of anomalies.
I've been blogging about it: take a look at my blog's Intellectual
Property category for more information.
Vulnerability Reporting Process Tweaks
I've been working on some
updates to our policy and procedures regarding security
issues and vulnerability reporting.
Committers should familiarize themselves with the Eclipse Security Policy.
The policy describes a means for tracking discussion on sensitive
issues without immediately disclosing them to the public via a
"committer only" designation in Bugzilla. Unfortunately, GitHub
Issues does not have a means of privately discussing issues
between committers, so we've set up a solution that uses the
Eclipse Bugzilla instance. The Eclipse Webmaster created a generic
bucket for capturing vulnerability reports and we are putting the
pieces together to ensure that issue reports get directed
correctly (e.g. assign them to the right project lead).
We've included a handy link on the security page to make it easy
to create bug reports in the right state (i.e. with the committers
only flag turned on). I encourage project teams (especially
those working on runtime technology) to consider including a
project-specific link for reporting vulnerabilities.
Note that it is our policy that all vulnerabilities eventually
get disclosed, so issue privacy should be considered as short term
state to give a project team an opportunity to get ahead of a
vulnerability.
Google Summer of Code
From the Google
Summer of Code Student Manual:
Google Summer of Code (GSoC) is a global program that
matches students up with open source, free software and
technology-related organizations to write code and get paid to
do it! The organizations provide mentors who act as guides
through the entire process, from learning about the community
to contributing code. The idea is to get students involved in
and familiar with the open source community and help them to
put their summer break to good use.
Project teams that intend to participate in the Google Summer of
Code should visit our Information
Page, sign up for the soc-dev
mailing list, and add student project ideas to the Ideas
Page. You may also consider marking some of your bugs as helpwanted
or bugday.
Note that we're still in the mentoring organization application
stage; we'll let you know when it's time to sigh up as a mentor or
student.
Project Announcements
There are some reviews concluding on February 15, 2017:
We have several proposals open for community review:
Please add your comments either directly on the proposal or in
the Proposals
forum.
We run reviews ending on the first and third Wednesday of each
month. Our next scheduled review dates are March 1, 2017 and March
15, 2017.
For more information about releases and reviews, please see the Eclipse
Project Handbook.
Eclipse Foundation Projects Team at Eclipse Converge and Devoxx
US
The Eclipse Foundation Projects Team will be at Eclipse Converge
and Devoxx US in March. We'll be
there to answer your questions, and help you work through any
process-related issues. We'll be hanging out the Eclipse
Foundation's Booth. Join us there!
Let me know if you have any questions.
Thanks,
Wayne
--
Wayne Beaton on behalf of the Eclipse Management Organization
@waynebeaton
The Eclipse Foundation