Eclipse Foundation Projects Calendar
The Eclipse Foundation Projects Team schedules events to discuss the Eclipse Foundation Development Process, the Eclipse Foundation Intellectual Property Policy Policy and Eclipse Foundation Due Diligence Process, and other related topics.
Upcoming events (all times are UTC) [iCal]:
Office Hours Recordings
The EMO hosts a monthly call to discuss the Eclipse Foundation Development Process, changes to the Eclipse IP Policy and Due Diligence Process, and other related topics. All Eclipse open source project committers are invited to join. The format is flexible: we generally start with a very short presentation followed by a question and answer session. Bring your questions and the Eclipse Management Organization team will try to provide answers.
We record only the formal presentation part of our "Office Hours" sessions.
IT Update
Recorded on November 14, 2024
Denis Roy, the Eclipse Foundation's IT Director, delivered a brief presentation on the latest IT updates, followed by a Q&A session.
Marketing Service for Eclipse Open Source Projects
Recorded on October 10, 2024
In this session, we discuss marketing services offered to Eclipse open source projects.
Vulnerability Reporting and Security for Eclipse Projects
Recorded on September 12, 2024
In this session, guest speaker Marta Rybczynska from the Eclipse Security Team started with a refresher on the vulnerability reporting and handling process from the committer's perspective. Then she reviewed take-aways from the new CNA rules covering common situations, including how you determine whether or not a specific bug is a vulnerability.
Code Signing and GitHub Configuration Self-Service
Recorded on July 11, 2024
For this session, we had two topics from the Security Team.
Recent changes to the code signing services, specifically for JAR signing and Windows Authenticode, have led to performance issues in CI builds. Let's explore strategies to mitigate these issues and outline our remediation plan.
The Eclipse Foundation will soon enable GitHub configuration self-service (also known as Eclipse OtterDog) for all projects with sources on GitHub. We will explain what will happen and be available to answer your questions.
Generative AI Usage Guidelines
Recorded on April 11, 2024
In this session, we presented the Eclipse Foundation's Generative Artificial Intelligence Usage Guidelines for Eclipse Committers. There is some discussion about copyright in the context of GPT technologies, but the primary focus is the guidelines themselves. Bear in mind that Wayne is not a lawyer, and nothing that we present in this session should be considered legal advice.
Errata:
In the discussion that followed the presentation, we concluded that including a citation in the copyright and license header was incorrect. Further, it was also incorrect to specify a license, even one that expresses public domain, as doing so would be inconsistent with the prevailing opinion that AI-generated content cannot be copyrighted and licensed.
The slide should have appeared as such:
Links:
- Generative Artificial Intelligence Usage Guidelines for Eclipse Committers
- Hugo Website template for your project website
Frequently Asked Questions
Recorded on March 14, 2024
During this session, we tackled some frequently asked questions, including discussion of merit for committer elections, various roles that are (and are not) part of the Eclipse Foundation Development Process, and more.
Notes
IP Lab
Recorded on February 8, 2024
IPLab is what we call the combination of the GitLab repository that we've set up for committers to use to engage in intellectual property due diligence review and the automated processes that support the IP due diligence process. In this session, we focus on manual creation of reviews, which is often required when the review of project content is required (the Eclipse Dash License Tool automates most of the heavy lifting for third party content).
Notes
December 2023 Updates
Recorded on November 9, 2023
Our topic this month was a general update in which we touched briefly on multiple topics including project metadata, our IP due diligence process, the Eclipse Dash License Tool, IPLab, SBOMs, security and more.
Intellectual Property Due Diligence
Recorded on November 9, 2023
During this week's (online) office hours, we spent a few minutes reminding committers of the services that we make available for Eclipse committers to help reduce the burden of intellectual property management. Specifically, we discussed the processes and tools that we have in place to help with due diligence review of project code and the third party content that leverage. Naturally, this discussion covered some usage scenarios of the Eclipse Dash License Tool and IPLab. We also spoke a little bit about SBOMs.
Notes
- Open Source distributions in a cloud-native world: from a technical to a legal point of view [EclipseCon 2023] [recording]
- The Eclipse Dash License Tool
- Manually create IP review requests via IPLab
- SBOM Best Practices
- Wayne is not a lawyer
SBOMs and Project Metadata
Recorded on October 12, 2023
Generating SBOMs directly as part of your build, and (at least in the case of Maven) sharing them to the software repository is relatively straightforward. To really leverage the the tools to generate SBOMs, however, we need your help to tighten up the metadata captured in your build scripts (e.g., capture license information as SPDX expressions in your pom.xml file) and update your builds to generate the SBOMs.
Notes
Eclipse Otterdog
Recorded on September 14, 2023
Thomas Neidhart from the Eclipse Foundation's Security Team will present Otterdog: a tool to manage GitHub organizations at scale using a configuration as code approach.
Notes:
2023 Committer Survey Hightlights
Recorded on August 10, 2023
Maria Teresa provides an overview of what we learned from our recent (2023) committer survey.
Progress Reviews
Recorded on June 8, 2023
Progress reviews are a fundamental bit of governance that Eclipse open source project teams engage in periodically (generally annually). By engaging in a progress review, an open source project team can push out official releases for a full year. For long-time Eclipse Committers... progress reviews are fundamentally the same as release reviews (the primary difference being that release reviews tend to be aligned with a specific release). Note that specification projects are required to engage in release reviews for every release.
The EMO doesn't tend to think of reviews as pass/fail events. Rather, these reviews are an opportunity for the EMO and PMC to make sure that Eclipse project teams understand their responsibilities under the Eclipse Foundation Development Process and the Eclipse IP Due Diligence Process, and are generally engaging in vendor neutral open, transparent, and meritocratic practices to attract contribution and participation.
Notes:
One thing that we forgot to mention in the talk is how to actually initiate a progress review. To initiate a progress review, send a note to EMO and the team will lead you through the process. Note that the EMO does periodically initiate progress reviews on behalf of a project.
- Progress Reviews in the Eclipse Foundation Project Handbook;
- Documentation Generator (accessible by committers only);
- The Eclipse Dash License Tool;
- Generating SBOM for Eclipse Projects
May 2023 Update
Recorded on May 11, 2023
In ths session, we delivered status updates on various efforts that we've been engaged in, including: progress reviews; the Eclipse Dash License Tool; and generating SBOMs for Eclipse Projects.
Notes:
Someone Reports a Security Issue in my Project! Now What?
Recorded on April 24, 2023
Special Extra! This session was recorded as part of the Virtual Eclipse Community Meetups.
All projects have bugs. Some of them have a security impact and can be used to cause harm. We call them vulnerabilities. Because of the possible impact of security issues, we handle them differently. This talk will guide the audience through the Eclipse Foundation processes of reporting and managing vulnerabilities with new tooling. As a bonus, Marta will show resources for your project, like a SECURITY.md template.
Notes:
AI and Contribution
Recorded on April 13, 2023
This presentation is intended to start a conversation about what our policy/position should be with regard to how we deal with contributions of content generated by an AI.
Note that our current policy is that we do not accept contributions generated by an AI as doing so is--at least--in conflict with the ECA/DCO (note that an AI cannot sign the ECA).
SBOMs
Recorded on March 7, 2023
A short discussion of some of the work that we're doing for Eclipse projects regarding the generation of SBOMs and some of the technologies that we're exploring to assist with their generation.
Security @ The Eclipse Foundation
Recorded on February 9, 2023
The Eclipse Dash License Tool
Recorded on January 13, 2023
Notes:
- The Eclipse Dash License Tool on GitHub
- Eclipse Dash License Tool in the Handbook
- IP Lab on Eclipse GitLab
Eclipse Foundation Intellectual Property Policy Updates
Recorded on December 8, 2022