[stem-dev] Fw: [eclipse.org-committers] Updates to the Eclipse IP Due D

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[stem-dev] Fw: [eclipse.org-committers] Updates to the Eclipse IP Due Diligence Process

From: "James Kaufman" <jhkauf@xxxxxxxxxx>
Date: Mon, 29 Jun 2020 10:30:30 -0700
Delivered-to: stem-dev@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/stem-dev>
List-help: <mailto:stem-dev-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/stem-dev>, <mailto:stem-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/stem-dev>, <mailto:stem-dev-request@eclipse.org?subject=unsubscribe>

fyi

----- Forwarded by James Kaufman/Almaden/IBM on 06/29/2020 10:30 AM -----

From: Wayne Beaton <wayne.beaton@xxxxxxxxxxxxxxxxxxxxxx>
To: eclipse.org-committers@xxxxxxxxxxx
Date: 06/25/2020 02:31 PM
Subject: [EXTERNAL] [eclipse.org-committers] Updates to the Eclipse IP Due Diligence Process
Sent by: eclipse.org-committers-bounces@xxxxxxxxxxx

Greetings Committers.

In October 2019, The Eclipse Foundation’s Board of Directors approved an update to the IP Policy that introduces several significant changes in our IP due diligence process. I’ve just pushed out an update to the Intellectual Property section in the Eclipse Foundation Project Handbook.

I’ll apologize in advance that the updates are still a little rough and require some refinements. Like the rest of the handbook, we continually revise and rework the content based on your feedback.

Here’s a quick summary of the most significant changes.

License certification only for third-party content. This change removes the requirement to perform deep copyright, provenance and scanning of anomalies for third-party content unless it is being modified and/or if there are special considerations regarding the content. Instead, the focus for third-party content is on license compatibility only, which had previously been referred to as Type A due diligence.

Leverage other sources of license information for third-party content. With this change to license certification only for third-party content, we are able to leverage existing sources of information license information. That is, the requirement that the Eclipse IP Team personally review every bit of third-party content has been removed and we can now leverage other trusted sources.

ClearlyDefined is a trusted source of license information. We currently have two trusted sources of license information: The Eclipse Foundation’s IPZilla and ClearlyDefined. The IPZilla database has been painstakingly built over most of the lifespan of the Eclipse Foundation; it contains a vast wealth of deeply vetted information about many versions of many third-party libraries. ClearlyDefined is an OSI project that combines automated harvesting of software repositories and curation by trusted members of the community to produce a massive database of license (and other) information about content.

Piggyback CQs are no longer required. CQs had previously been used for tracking both the vetting process and the use of third-party content. With the changes, we are no longer required track the use of third-party content using CQs, so piggyback CQs are no longer necessary.

Parallel IP is used in all cases. Previously, our so-called Parallel IP process, the means by which project teams could leverage content during development while the IP Team completed their due diligence review was available only to projects in the incubation phase and only for content with specific conditions. This is no longer the case: full vetting is now always applied in parallel in all cases.

CQs are not required for third-party content in all cases. In the case of third-party content due diligence, CQs are now only used to track the vetting process.

CQs are no longer required before third-party content is introduced. Previously, the IP Policy required that all third-party content must be vetted by the Eclipse IP Team before it can be used by an Eclipse Project. The IP Policy updates turn this around. Eclipse project teams may now introduce new third-party content during a development cycle without first checking with the IP Team. That is, a project team may commit build scripts, code references, etc. to third-party content to their source code repository without first creating a CQ to request IP Team review and approval of the third-party content. At least during the development period between releases, the onus is on the project team to—with reasonable confidence—ensure any third-party content that they introduce is license compatible with the project’s license. Before any content may be included in any formal release the project team must engage in the due diligence process to validate that the third-party content licenses are compatible with the project license.

History may be retained when an existing project moves to the Eclipse Foundation. We had previously required that the commit history for a project moving to the Eclipse Foundation be squashed and that the initial contribution be the very first commit in the repository. This is no longer the case; existing projects are now encouraged (but not required) to retain their commit history. The initial contribution must still be provided to the IP Team via CQ as a snapshot of the HEAD state of the existing repository (if any).

The due diligence process for project content is unchanged.

If you notice anything that looks particularly wrong or troubling, please either open a bug report, or send a note to EMO.

I've been blogging about this for a few months. Please look herefor more information.

While I have your attention (assuming that you've made it this far)...

Virtual Eclipse Community Meet-ups

We are looking for presenters for our Virtual Eclipse Community Meet-ups. We host community-oriented webinars once to twice a month, on a variety of topics relevant to the Eclipse Community on Crowdcast.

We would like to invite someone from your project to present/demo your Eclipse project. You can check out past examples of the livestreams we've had presented on our Youtube playlist.

What: The webinars are 30-45 minutes long and usually consist of a few slides and a live demo, with +/- 5 minutes for Q&As at the end.

When: Preferably on a Wednesday at 11am ET so that the Pacific and European time zones can attend, however, this is flexible.

If you are interested, please email marketing@xxxxxxxxxxxand let us know your availability and topic!

Survey

University of Gothenburg has created a survey aimed at understanding what type of code knowledge developers consider important and prefer to remember. They have defined five (5) types of knowledge, i.e.: general code, detailed code, quality and testing, static and dynamic structure and collaboration.

The survey consists of 29 short questions organized in 10 sections that should not take more than 20 minutes to complete.

Any publication of the data will be anonymized and in summarized form; and it will not include any identifying information or personal data, such as your (optional) e-Mail address.

The survey is available at the following link:
https://sunet.artologik.net/gu/Survey/8598

Thanks!

Wayne

Wayne Beaton

Director of Open Source Projects | Eclipse Foundation, Inc.

Join us at our virtual event: EclipseCon 2020- October 20-22_______________________________________________ eclipse.org-committers mailing list eclipse.org-committers@xxxxxxxxxxx To unsubscribe from this list, visithttps://www.eclipse.org/mailman/listinfo/eclipse.org-committers

Prev by Date: [stem-dev] Minutes from STEM Community Call on June 11
Next by Date: [stem-dev] Global age-structured population model
Previous by thread: [stem-dev] Minutes from STEM Community Call on June 11
Next by thread: [stem-dev] Global age-structured population model
Index(es):
- Date
- Thread

Breadcrumbs