Eclipse Foundation Projects Calendar

The Eclipse Foundation Projects Team schedules events to discuss the Eclipse Foundation Development Process, the Eclipse Foundation Intellectual Property Policy Policy and Eclipse Foundation Due Diligence Process, and other related topics.

Upcoming events (all times are UTC) [iCal]:

Office Hours Recordings

The EMO hosts a monthly call to discuss the Eclipse Foundation Development Process, changes to the Eclipse IP Policy and Due Diligence Process, and other related topics. All Eclipse open source project committers are invited to join. The format is flexible: we generally start with a very short presentation followed by a question and answer session. Bring your questions and the Eclipse Management Organization team will try to provide answers.

We record only the formal presentation part of our "Office Hours" sessions.

IT Update

Recorded on November 14, 2024

Denis Roy, the Eclipse Foundation's IT Director, delivered a brief presentation on the latest IT updates, followed by a Q&A session.

Marketing Service for Eclipse Open Source Projects

Recorded on October 10, 2024

In this session, we discuss marketing services offered to Eclipse open source projects.

Vulnerability Reporting and Security for Eclipse Projects

Recorded on September 12, 2024

In this session, guest speaker Marta Rybczynska from the Eclipse Security Team started with a refresher on the vulnerability reporting and handling process from the committer's perspective. Then she reviewed take-aways from the new CNA rules covering common situations, including how you determine whether or not a specific bug is a vulnerability.

Code Signing and GitHub Configuration Self-Service

Recorded on July 11, 2024

For this session, we had two topics from the Security Team.

Recent changes to the code signing services, specifically for JAR signing and Windows Authenticode, have led to performance issues in CI builds. Let's explore strategies to mitigate these issues and outline our remediation plan.

The Eclipse Foundation will soon enable GitHub configuration self-service (also known as Eclipse OtterDog) for all projects with sources on GitHub. We will explain what will happen and be available to answer your questions.

Generative AI Usage Guidelines

Recorded on April 11, 2024

In this session, we presented the Eclipse Foundation's Generative Artificial Intelligence Usage Guidelines for Eclipse Committers. There is some discussion about copyright in the context of GPT technologies, but the primary focus is the guidelines themselves. Bear in mind that Wayne is not a lawyer, and nothing that we present in this session should be considered legal advice.

Errata:

In the discussion that followed the presentation, we concluded that including a citation in the copyright and license header was incorrect. Further, it was also incorrect to specify a license, even one that expresses public domain, as doing so would be inconsistent with the prevailing opinion that AI-generated content cannot be copyrighted and licensed.

The slide should have appeared as such:

Links:

• Generative Artificial Intelligence Usage Guidelines for Eclipse Committers
• Hugo Website template for your project website

Frequently Asked Questions

Recorded on March 14, 2024

During this session, we tackled some frequently asked questions, including discussion of merit for committer elections, various roles that are (and are not) part of the Eclipse Foundation Development Process, and more.

Notes

• Committer Elections
• Project Roles

IP Lab

Recorded on February 8, 2024

IPLab is what we call the combination of the GitLab repository that we've set up for committers to use to engage in intellectual property due diligence review and the automated processes that support the IP due diligence process. In this session, we focus on manual creation of reviews, which is often required when the review of project content is required (the Eclipse Dash License Tool automates most of the heavy lifting for third party content).

Notes

• The Eclipse Dash License Tool
• Manually create IP review requests via IPLab

December 2023 Updates

Recorded on November 9, 2023

Our topic this month was a general update in which we touched briefly on multiple topics including project metadata, our IP due diligence process, the Eclipse Dash License Tool, IPLab, SBOMs, security and more.

Intellectual Property Due Diligence

Recorded on November 9, 2023

During this week's (online) office hours, we spent a few minutes reminding committers of the services that we make available for Eclipse committers to help reduce the burden of intellectual property management. Specifically, we discussed the processes and tools that we have in place to help with due diligence review of project code and the third party content that leverage. Naturally, this discussion covered some usage scenarios of the Eclipse Dash License Tool and IPLab. We also spoke a little bit about SBOMs.

Notes

• Open Source distributions in a cloud-native world: from a technical to a legal point of view [EclipseCon 2023] [recording]
• The Eclipse Dash License Tool
• Manually create IP review requests via IPLab
• SBOM Best Practices
• Wayne is not a lawyer

SBOMs and Project Metadata

Recorded on October 12, 2023

Generating SBOMs directly as part of your build, and (at least in the case of Maven) sharing them to the software repository is relatively straightforward. To really leverage the the tools to generate SBOMs, however, we need your help to tighten up the metadata captured in your build scripts (e.g., capture license information as SPDX expressions in your pom.xml file) and update your builds to generate the SBOMs.

Notes

• SBOM Best Practices

Eclipse Otterdog

Recorded on September 14, 2023

Thomas Neidhart from the Eclipse Foundation's Security Team will present Otterdog: a tool to manage GitHub organizations at scale using a configuration as code approach.

Notes:

• Otterdog on GitLab
• Request assistance with Otterdog

2023 Committer Survey Hightlights

Recorded on August 10, 2023

Maria Teresa provides an overview of what we learned from our recent (2023) committer survey.

Progress Reviews

Recorded on June 8, 2023

Progress reviews are a fundamental bit of governance that Eclipse open source project teams engage in periodically (generally annually). By engaging in a progress review, an open source project team can push out official releases for a full year. For long-time Eclipse Committers... progress reviews are fundamentally the same as release reviews (the primary difference being that release reviews tend to be aligned with a specific release). Note that specification projects are required to engage in release reviews for every release.

The EMO doesn't tend to think of reviews as pass/fail events. Rather, these reviews are an opportunity for the EMO and PMC to make sure that Eclipse project teams understand their responsibilities under the Eclipse Foundation Development Process and the Eclipse IP Due Diligence Process, and are generally engaging in vendor neutral open, transparent, and meritocratic practices to attract contribution and participation.

Notes:

One thing that we forgot to mention in the talk is how to actually initiate a progress review. To initiate a progress review, send a note to EMO and the team will lead you through the process. Note that the EMO does periodically initiate progress reviews on behalf of a project.

• Progress Reviews in the Eclipse Foundation Project Handbook;
• Documentation Generator (accessible by committers only);
• The Eclipse Dash License Tool;
• Generating SBOM for Eclipse Projects

May 2023 Update

Recorded on May 11, 2023

In ths session, we delivered status updates on various efforts that we've been engaged in, including: progress reviews; the Eclipse Dash License Tool; and generating SBOMs for Eclipse Projects.

Notes:

• Progress Reviews;
• The Eclipse Dash License Tool;
• Generating SBOM for Eclipse Projects

Someone Reports a Security Issue in my Project! Now What?

Recorded on April 24, 2023

Special Extra! This session was recorded as part of the Virtual Eclipse Community Meetups.

All projects have bugs. Some of them have a security impact and can be used to cause harm. We call them vulnerabilities. Because of the possible impact of security issues, we handle them differently. This talk will guide the audience through the Eclipse Foundation processes of reporting and managing vulnerabilities with new tooling. As a bonus, Marta will show resources for your project, like a SECURITY.md template.

Notes:

• Managing and Reporting Vulnerabilities

AI and Contribution

Recorded on April 13, 2023

This presentation is intended to start a conversation about what our policy/position should be with regard to how we deal with contributions of content generated by an AI.

Note that our current policy is that we do not accept contributions generated by an AI as doing so is--at least--in conflict with the ECA/DCO (note that an AI cannot sign the ECA).

SBOMs

Recorded on March 7, 2023

A short discussion of some of the work that we're doing for Eclipse projects regarding the generation of SBOMs and some of the technologies that we're exploring to assist with their generation.

Security @ The Eclipse Foundation

Recorded on February 9, 2023

The Eclipse Dash License Tool

Recorded on January 13, 2023

Notes:

• The Eclipse Dash License Tool on GitHub
• Eclipse Dash License Tool in the Handbook
• IP Lab on Eclipse GitLab

Eclipse Foundation Intellectual Property Policy Updates

Recorded on December 8, 2022