Re: [openpass-sc] EMO | automotive.openpass 2024.06 (#527)

[Eclipse Management Office EMO <emo@xxxxxxxxxxxxxxxxxxxxxx>]

I had been discussing this with Barbara Kohn late last year. I see that you've added version information to the spreadsheet since that discussion.

We don't have a great answer for C/C++ code because the C/C++ doesn't have a good answer for identifying C/C++ content. AFAICT, there is no common build tool that can reveal the dependencies to us and so they need to be manually tracked. If you are using a build tool that can reveal dependencies, please let me know and we'll try to work out how to leverage it.

The short answer is that our new IPLab can be used in exactly the same manner as you used IPZilla. Your team can create individual issues, provide a pointer or attach source code, and the IP Team can review them from there. This will be time consuming. There's more help in the handbook.

However, since you've identified the GitHub repository and version for many of your dependencies, we can use that information with the Eclipse Dash License Tool.

I've used the Eclipse Dash License Tool to create this issue, for example, by invoking the tool in this manner:

$ echo "git/github/nlohmann/json/3.9.1" | java -jar org.eclipse.dash.licenses-1.1.1-SNAPSHOT.jar - -review -project automotive.openpass  -token <token>
[main] INFO Querying Eclipse Foundation for license data for 1 items.
[main] INFO Found 0 items.
[main] INFO Querying ClearlyDefined for license data for 1 items.
[main] INFO Found 1 items.
[main] INFO License information could not be automatically verified for the following content:
[main] INFO
[main] INFO git/github/nlohmann/json/3.9.1
[main] INFO
[main] INFO This content is either not correctly mapped by the system, or requires review.
git/github/nlohmann/json/3.9.1, , restricted, clearlydefined
[main] INFO A review is required for git/github/nlohmann/json/3.9.1.
[main] INFO A review request was created https://gitlab.eclipse.org/eclipsefdn/emo-team/iplab/-/issues/21021 .

It should be relatively easy to map each row of your spreadsheet into a form that IPLab will understand. e.g., "https://github.com/nlohmann/json, 3.9.1" becomes "git/github/nlohmann/json/3.9.1"

So... you could use an Excel formula to make those conversions, move them into a text file named (for example) dependencies.txt, and then give that file to the Eclipse Dash License Tool.

$ cat dependencies.txt

...

git/github/nlohmann/json/3.9.1

git/github/zaphoyd/websocketpp/2.8.2

...

$ java -jar org.eclipse.dash.licenses-1.1.1-SNAPSHOT.jar dependencies.txt -review -project automotive.openpass  -token <token>

As I discussed with Barbara, it is our policy that we review specific versions of content. Version information is missing for some of the listed dependencies. We really need that information. And we really need to be able to review the source. If a specific release version can't be identified, we can also work from a specific commit ref.

There will be a few cases where the automation fails to find a matching release/tag in GitHub, and some manual intervention will be required. The IP Team can help you sort that out.

Can you get somebody to try to use the tool in the manner that I've described for one of your components? And the, based on that experience, we can sort out the best path forward.

Wayne

On Wed, May 7, 2025 at 8:56 AM <jan.dobberstein@xxxxxxxxxxxxxxxxx> wrote:

Dear Wayne,

 

we – the openPASS community - are stuck with the question how to proceed wrt the openPASS IP review.

• In the past, our developers used IPzilla for manually filing CQs, but since this tool is gone, we don’t know how to get the  IP Log approved.
• In 2024, we collected all third party dependencies in an Excel file and updated README files etc. – but to be honest, we did not know what to do with this collection.
• Then, we evaluated the Eclipse Dash tool as an automatic solution for code screening and ticket creation (=> not applicable for our code)
• Now, our focus is on closing the ticket and defining a process how to add further dependencies in the future, without necessarily having a tool doing this task automatically.

 

As Michael suggested, please find here some potential dates to further discuss how to proceed. I hope we can meet and discuss this topic.

openPASS IP Review | DFN-Terminplaner

 

Best regards,

Jan

 

 

Von: Maria Teresa Delgado (@mdelgado624) <gitlab@xxxxxxxxxxxxxxxxxx>
Gesendet: Dienstag, 6. Mai 2025 21:26
An: Dobberstein, Jan (059) <jan.dobberstein@xxxxxxxxxxxxxxxxx>
Betreff: Re: EMO | automotive.openpass 2024.06 (#527)

 

[**EXTERNAL E-MAIL**]

Maria Teresa Delgado commented:

@jdobberstein any updates on this?

—
View it on GitLab.
You're receiving this email because you have been mentioned on gitlab.eclipse.org. Unsubscribe from this thread · Manage all notifications · Help

If you are not the addressee, please inform us immediately that you have received this e-mail by mistake, and delete it. We thank you for your support.

--

The Eclipse Management Organization | Eclipse Foundation