Eclipse Foundation Projects Calendar
The Eclipse Foundation Projects Team schedules events to discuss the Eclipse Foundation Development Process, the Eclipse Foundation Intellectual Property Policy Policy and Eclipse Foundation Due Diligence Process, and other related topics.
Upcoming events (all times are UTC) [iCal]:
Office Hours Recordings
The EMO hosts a monthly call to discuss the Eclipse Foundation Development Process, changes to the Eclipse IP Policy and Due Diligence Process, and other related topics. All Eclipse open source project committers are invited to join. The format is flexible: we generally start with a very short presentation followed by a question and answer session. Bring your questions and the Eclipse Management Organization team will try to provide answers.
We record only the formal presentation part of our "Office Hours" sessions.
These are tentative topics for future sessions. We reserve the right to change these plans.
- Eclipse Projects and SLSA
- Supply Chain Levels for Software Artifacts (SLSA) is a security framework that helps ensure the integrity of software artifacts.
Recorded on November 9, 2023
During this week's (online) office hours, we spent a few minutes reminding committers of the services that we make available for Eclipse committers to help reduce the burden of intellectual property management. Specifically, we discussed the processes and tools that we have in place to help with due diligence review of project code and the third party content that leverage. Naturally, this discussion covered some usage scenarios of the Eclipse Dash License Tool and IPLab. We also spoke a little bit about SBOMs.
- Open Source distributions in a cloud-native world: from a technical to a legal point of view [EclipseCon 2023] [recording]
- The Eclipse Dash License Tool
- Manually create IP review requests via IPLab
- SBOM Best Practices
- Wayne is not a lawyer
Recorded on October 12, 2023
Generating SBOMs directly as part of your build, and (at least in the case of Maven) sharing them to the software repository is relatively straightforward. To really leverage the the tools to generate SBOMs, however, we need your help to tighten up the metadata captured in your build scripts (e.g., capture license information as SPDX expressions in your pom.xml file) and update your builds to generate the SBOMs.
Recorded on September 14, 2023
Thomas Neidhart from the Eclipse Foundation's Security Team will present Otterdog: a tool to manage GitHub organizations at scale using a configuration as code approach.
Recorded on August 10, 2023
Maria Teresa provides an overview of what we learned from our recent (2023) committer survey.
Recorded on June 8, 2023
Progress reviews are a fundamental bit of governance that Eclipse open source project teams engage in periodically (generally annually). By engaging in a progress review, an open source project team can push out official releases for a full year. For long-time Eclipse Committers... progress reviews are fundamentally the same as release reviews (the primary difference being that release reviews tend to be aligned with a specific release). Note that specification projects are required to engage in release reviews for every release.
The EMO doesn't tend to think of reviews as pass/fail events. Rather, these reviews are an opportunity for the EMO and PMC to make sure that Eclipse project teams understand their responsibilities under the Eclipse Foundation Development Process and the Eclipse IP Due Diligence Process, and are generally engaging in vendor neutral open, transparent, and meritocratic practices to attract contribution and participation.
One thing that we forgot to mention in the talk is how to actually initiate a progress review. To initiate a progress review, send a note to EMO and the team will lead you through the process. Note that the EMO does periodically initiate progress reviews on behalf of a project.
- Progress Reviews in the Eclipse Foundation Project Handbook;
- Documentation Generator (accessible by committers only);
- The Eclipse Dash License Tool;
- Generating SBOM for Eclipse Projects
Recorded on May 11, 2023
In ths session, we delivered status updates on various efforts that we've been engaged in, including: progress reviews; the Eclipse Dash License Tool; and generating SBOMs for Eclipse Projects.
Recorded on April 24, 2023
Special Extra! This session was recorded as part of the Virtual Eclipse Community Meetups.
All projects have bugs. Some of them have a security impact and can be used to cause harm. We call them vulnerabilities. Because of the possible impact of security issues, we handle them differently. This talk will guide the audience through the Eclipse Foundation processes of reporting and managing vulnerabilities with new tooling. As a bonus, Marta will show resources for your project, like a SECURITY.md template.
Recorded on April 13, 2023
This presentation is intended to start a conversation about what our policy/position should be with regard to how we deal with contributions of content generated by an AI.
Note that our current policy is that we do not accept contributions generated by an AI as doing so is--at least--in conflict with the ECA/DCO (note that an AI cannot sign the ECA).
Recorded on March 7, 2023
A short discussion of some of the work that we're doing for Eclipse projects regarding the generation of SBOMs and some of the technologies that we're exploring to assist with their generation.
Recorded on February 9, 2023
Recorded on January 13, 2023
- The Eclipse Dash License Tool on GitHub
- Eclipse Dash License Tool in the Handbook
- IP Lab on Eclipse GitLab
Recorded on December 8, 2022