Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [lyo-dev] [IMPORTANT] Lyo 2.3.0 IP Due Diligence Type correction

Andrii

 

Having myself recently learned about TypeB and TypeA (and the whole Eclipse IP due diligence process), I found it as a selling point to promote Lyo as open-source, as opposed to any other so-called “open-source” projects one can find anywhere.

So, clearly distinguishing & highlighting the diligence type might help promote this, and make people care even more.

 

A detail, but what is “contrib” meant to mean with the proposed group id for Type A ‘org.eclipse.lyo.contrib’. Would a group id with “typeA” in it be even clearer?

 

regards

______________________________

Jad El-khoury, PhD

KTH Royal Institute of Technology

School of Industrial Engineering and Management, Mechatronics Division

Brinellvägen 83, SE-100 44 Stockholm, Sweden

Phone: +46(0)8 790 6877 Mobile: +46(0)70 773 93 45

jad@xxxxxx, www.kth.se

 

From: lyo-dev-bounces@xxxxxxxxxxx [mailto:lyo-dev-bounces@xxxxxxxxxxx] On Behalf Of Andrii Berezovskyi
Sent: 15 August 2018 14:06
To: Lyo project developer discussions <lyo-dev@xxxxxxxxxxx>
Subject: Re: [lyo-dev] [IMPORTANT] Lyo 2.3.0 IP Due Diligence Type correction

 

Legend for the illustration:

 

  • green arrows point to the groupId that contain only Type B artefacts (the only exception is the arrow next to the ‘oslc-trs’, it is a “stray” artefact in the upper ‘org.eclipse.lyo’ groupId)
  • pink border denotes the particular (Type B) artifacts that get delivered as part of the release (parent modules ‘lyo-server-build’, ‘oslc4j-core-build’, and ’store-parent’ get published automatically but have no JARs inside)

 


–Andrew.



2018-08-15  kl. 13:56 skrev Andrii Berezovskyi <andriib@xxxxxx>:

 

Jim,

 

Don’t get me wrong but I have doubt that there are many orgs that even understand the difference between Eclipse Type A & Type B release, let alone to prefer one over another :)

 

With respect to the groupId, please find a quick illustration of Type A/B groupId’s and artifactId’s:

 

<Inklistrad_bild_2018-08-15__13_43.png>

 

We can move both lyo-validation and lyo-store under the ‘org.eclipse.lyo.contrib’ group to clearly mark that it is going to be the designated place for Type A content. Please let me know if that (and having all releases marked as Type A) will be OK for your process.

 

Again, I am not hearing any users from other companies speaking up about importance of Type B IP check as opposed to a Type A check (as a reminder, we got zero replies from the community on the Type A suggestion I started a while ago).

 

 

–Andrew.



2018-08-15  kl. 13:12 skrev Jim Amsden <jamsden@xxxxxxxxxx>:

 

Andrew,
When evaluating product dependencies, IBM (and likely other) companies rely on the eclipse process to understand the potential legal impact of including a particular component. Depending on the due diligence type, users of dependent components may need to do additional scans themselves, leading to additional costs and potential delays.

Currently an eclipse/Lyo "release" is considered a single thing, with type B due diligence as captured in the IP log. IBM relies on this information to simplify the IP assessment of eclipse components.

If an eclipse/Lyo release actually includes multiple things, maybe even delivered on different release cycles, then we need to clearly distinguish them and their provenance. If multiple things are all delivered as maven components, then group ids might with release notes might be adequate.


Jim Amsden, Senior Technical Staff Member
OSLC and Linked Lifecycle Data
919-525-6575




From:        Andrii Berezovskyi <andriib@xxxxxx>
To:        Lyo project developer discussions <lyo-dev@xxxxxxxxxxx>
Cc:        Sharon Corbett <sharon.corbett@xxxxxxxxxxxxxxxxxxxxxx>, Wayne Beaton <wayne.beaton@xxxxxxxxxxxxxxxxxxxxxx>
Date:        08/14/2018 04:19 PM
Subject:        [lyo-dev] [IMPORTANT] Lyo 2.3.0 IP Due Diligence Type correction
Sent by:        lyo-dev-bounces@xxxxxxxxxxx




Dear Lyo users,

Unfortunately, the Lyo release v2.3.0 contained artefacts that only had their license checked and full code scanning was not carried out. As a result of a discussion with the Eclipse IP team, we are markingthe Lyo 2.3.0 release as “Type A” checked.

All previous releases remain Type B checked. You can find more about the Type A/B here. We apologise for any inconvenience it may have caused you. The only component that had Type A dependencies what lyo.validation, but we had to downgrade the whole release.

I would also like to use this opportunity to re-open Type A/B discussion in the light of a new suggestion from Wayne (CC). He suggested that we mark the releases from now on as Type A checked but clearly indicate in the release notes the packages and/or groupId’s of the components that only depend on Type B content. Would that inconvenience any of you?


–Andrew.
_______________________________________________
lyo-dev mailing list
lyo-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/lyo-dev


_______________________________________________
lyo-dev mailing list
lyo-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/lyo-dev

 

_______________________________________________
lyo-dev mailing list
lyo-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/lyo-dev

 

Back to the top