Skip to main content

Eclipse Foundation Project Handbook

Table of Contents

Notices

Copyright © 2015, 2020 Eclipse Foundation, Inc. and others.

Made available under the Eclipse Public License v 2.0.

This document includes content originally authored on the Eclipsepedia wiki by Wayne Beaton, Fabian Steeg, Denis Roy, Dave Carver, Ed Merks, Bjorn Freeman-Benson, Anne Jacko, Ian Skerrett, Mike Milinkovich, and John Arthorne.

Version 1.0M9.

Overview

This document provides you with the information that you need to create a new Eclipse open source project or become a committer on an existing one.

The Eclipse Development Process (EDP) is the foundational document for Eclipse projects and committers. It describes the manner in which we do open source software. The Eclipse Development Process does not prescribe any particular development methodology; it is more concerned with the larger-scale aspects of open source project lifecycle, including such things as reviews, processes for running votes and elections, bringing new committers onto a project, etc. This document will elaborate on some key points of the Eclipse Development Process.

Principles

Four basic principles lie at the heart of the Eclipse Development Process:

  • Transparency;

  • Openness;

  • Meritocracy; and

  • Vendor neutrality

We refer to the first three as the "open source rules of engagement".

To operate with transparency, a project’s discussions, minutes, deliberations, project plans, plans for new features, and other artifacts are open, public, and easily accessible.

Openness at Eclipse means quite a lot more than "open book" (which is really a synonym for transparent). The project is open to all; Eclipse provides the same opportunity to all. Everyone participates with the same rules; there are no rules to exclude any potential contributors which include, of course, direct competitors in the marketplace.

Eclipse is a meritocracy. The more that somebody contributes, the more responsibility they will earn. A pattern of quality contribution to a project may lead to an invitation to join the project as a committer. Leadership roles in Eclipse are also merit-based and earned by peer acclaim. Merit must be demonstrated in publicly-accessible forums. Committers and project leads are added to a project via election.

Note

Employment status has no bearing at whether or not somebody can participate in an open source project at Eclipse. Employment does not guarantee committer status; committer status must be earned by everybody.

Vendor neutrality is similar to openness in that it’s concerned with maintaining a level playing field. No vendor is permitted to dominate a project, and nobody can be excluded from participating in a project based on their employment status. While project resources will contain copyright statements that assert ownership of various assets by individual vendors, the project itself must remain vendor neutral.

Quality and intellectual property cleanliness are also important principles.

Quality means extensible frameworks and exemplary tools developed in an open, inclusive, and predictable process involving the entire community. From the consumption perspective, Eclipse quality means good for users (exemplary tools are cool/compelling to use, indicative of what is possible) and ready for use by adopters. From the creation perspective, Eclipse quality means working with a transparent and open process, open and welcoming to participation from technical leaders, regardless of affiliation.

Intellectual property (IP) is any artifact that is made available from a Eclipse server (this includes source code management systems, the website, and the downloads server). Artifacts include (but are not limited to) such things as source code, images, XML and configuration files, documentation, and more. Strict rules govern the way that we manage IP and your responsibilities as a committer.

Code produced by an Eclipse project is used by organizations to build products. These adopters of Eclipse technology need to have some assurance that the IP they’re basing their products on is clean: the organization or individuals who claim copyright of the code are the legitimate copyright holders, and the copyright holders legitimately agree to make the code available under the license(s) that the project works under. As a committer, you must be careful that you do not copy code and inadvertently claim it as your own.

Starting an Open Source Project at Eclipse Foundation

Before getting started, it’s important to know what is required of an Eclipse project. The Eclipse Foundation will take ownership of many aspects of the project to ensure that the project and its assets are managed in an open and vendor-neutral manner. This takes the form, for example, of the Eclipse Foundation retaining ownership of the project’s trademarks on behalf of the community, and carefully managing who has write access on project resources such as source code repositories and distribution channels. Eclipse projects are obligated to use certain resources assigned to the project by the Eclipse Foundation and conform to logo and trademark guidelines. New project sponsors must engage in the process of transitioning an existing project with the intent to continue development of the project code and growth of the community and ecosystem around the project.

It’s also important to know what new projects don’t give up. The project team retains control of the project’s direction by virtue of regular contribution to the project. The contributors to the project retain ownership of their contributions (those contributions are used under license by the project). Project leads are required to ensure that other individuals who present themselves to the project are given uniform opportunity to participate, but the project team gets to establish the rules for participation (within certain parameters). The project team is responsible for determining development methodology, establishing plans, etc. Existing owners of the project code retain their ownership.

Project Proposal

Eclipse open source projects start with a proposal that is made available to the community for review. At the end of the community review period, we engage in a creation review, and then provision the project resources.

starting overview
An overview of the Project Creation Process

Use the web form to create a new project proposal. Instructions are provided on the form. All new proposals are created in draft mode, and are accessible only by the original author and anybody designated as a project lead or committer in the proposal. Only those individuals designated as a project lead may edit the proposal.

Note

Keep track of the URL of the proposal. The website does not provide public links to the document until after the proposal is opened for community review. If you do lose trck of the URL, ask the EMO for assistance.

A proposal must minimally include a description of the project, a declaration of scope, and a list of prospective members (project leads and committers) before we make it accessible to the public for community review.

When you feel that the proposal is ready, send a note to the Eclipse Management Organization (EMO) requesting that the proposal be made available to the public for review. The EMO will review the proposal and may provide feedback before initiating the community review period.

At the beginning of the community review period, the EMO will announce the proposal on several channels (the Project Activity News page, Twitter, the Proposals Forum, blog post, and an email note to the Eclipse Foundation members and committers). The EMO will also open a record in the Eclipse Foundation’s issue tracker—​an instance of Bugzilla—​to track the progress of the proposal; the proposal’s author and project leads will be copied on that record.

A proposal will be open for community review for a minimum of two weeks.

The Eclipse Foundation holds the trademark for all Eclipse projects. Trademark assignment is undertaken prior to the creation of any new project. If you already have a trademark on your project name, that trademark must be assigned to the Eclipse Foundation. Be advised that trademark assignment can be a time-consuming process (it can take hours, days, or weeks depending on the circumstances surrounding the name). If you currently hold the trademark, you will be asked to complete a Trademark Transfer Agreement.

The proposal must list at least one mentor from the Eclipse Architecture Council. Members of the Eclipse Architecture Council have considerable experience with Eclipse Foundation practices, and the Eclipse Development Process. The EMO will engage directly with the Architecture Council to identify mentors as necessary. Mentors are assigned to the project through the incubation phase; they are released from their duties when the project graduates.

When the project name trademark has been secured, a mentor has been identified, and the proposal contents are finalized, the EMO will schedule a creation review. Reviews—​which run for a minimum of one week—​are scheduled twice a month, generally concluding on the first and third Wednesday of each month. The creation review may overlap with the community review period.

Note

Creation reviews tend to always be successful. They should be considered low stress as the hard work has already been done in advance of the start of the review.

Provisioning

Following a successful creation review, the EMO will initiate the provisioning process.

Provisioning starts with an email message being sent to each of the committers listed on the project proposal with instructions on how to engage in the committer paperwork process. The exact nature of that paperwork depends on several factors, including the employment status of the individual and the Eclipse Foundation membership status of their employer.

Note

The provisioning process will not start until after the paperwork for at least one project committer is received and processed by the EMO Records Team. If you can be ready with the paperwork in time for the completion of the creation review, then we can move quickly through the provisioning process.

When we initiate provisioning, committers will be sent an email with instructions; please don’t send any paperwork in until after you receive those instructions.

When the paperwork is received and processed for one committer, the Eclipse Webmaster will begin the resources provisioning process. When that process is complete, the Eclipse Webmaster will provide information regarding the nature and coordinates of the various resources and services available to the project.

After Provisioning

Before pushing any code into an official Eclipse project repository, the project team must submit the project’s initial contribution of project code and wait for the Eclipse Intellectual Property (IP) Team to grant checkin of that contribution.

Project teams interact with the Eclipse IP Team via the IPZilla system using Contribution Questionnaires (CQs). Those members of the project team that are included in the CQ’s CC list will be informed of progress via email.

Warning

The IP Team will indicate check-in permission by adding the checkin keyword and final approval by setting the state of the CQ to approved. Do not push any code into the project repository until after the Eclipse IP Team has indicated that you are ready to do so.

Third party content that is required by the project code must also be reviewed by the Eclipse IP Team. Project teams that are new to the process should start by raising no more than three CQs for third party content in order to gain an understanding of the third party review process before proceeding to enter all requests.

post creation
Post creation activities

After the project code is pushed into the project repository, the project team can create and distribute milestone builds for the first release. However, all intellectual property must be approved by the Eclipse IP Team before the project team can issue any official releases.

Project Phases

Eclipse projects move through various phases. Projects in active phases (incubation or mature) engage in all the normal sorts of development activies: project committers write code, run builds, release software, court contribution, and seek to convert contributors into committers. All new projects start in the incubation phase. Projects tend to stay in the incubation phase for a few months (varies depending on the nature and composition of the project) and then move into the mature phase.

phases
An overview of the Project lifecycle Phases

Key project lifeycle events are gated by reviews; moving from the incubation phase to the mature phase must be, for example, preceded by a graduation review.

Incubation Phase

A project in the incubation phase is said to be incubating.

The classification of a project in the incubation phase is not a statement about the quality of the project’s code; rather, the incubation phase is more about the project team’s progress in practicing the open and transparent processes described by the Eclipse Development Process to establish the three communities (developers, adopters, and users) around the project.

Incubating projects are encouraged to produce milestone builds, make releases, and grow their community.

When the project code is ready (e.g. stable APIs) and the project team has learned to operate as an open source project according to the Eclipse Development Process, the project may opt to graduate (via graduation review into the mature phase.

Incubation branding

In order to alert potential consumers of the incubating nature, projects in the incubation phase must include incubation branding.

incubating
The Incubation Logo

The project team must:

  • Display the incubation logo on their project web page (if they have one);

  • Display the incubation logo on their project’s primary download page;

  • Include the word "incubation" in the filename of all downloadable files (when technically feasible) for builds and milestones; and

  • When technically feasible, include the word "incubation" in features (e.g. about dialogs, feature lists, and installers).

There are no incubation branding requirements for general user interface elements.

Note

For projects that produce OSGi artifacts, include the word "incubation" in the Bundle-Name, feature names, and p2 repositories. The word "incubation" should not be included in technical namespaces (especially when it may result in confusion when the project leaves incubation). e.g. an OSGi bundle’s Bundle-SymbolicName, or a Java package name.

Mature Phase

Most of the lifetime of an Eclipse project is spent in the mature phase. A mature project is one that:

  • Is a good open source citizen with open, transparent, and meritocratic behavior;

  • Regularly and predictably releases IP clean extensible frameworks and exemplary tools; and

  • Actively nurtures the three communities: developers, adopters, and users.

Archived

When a project has reached its logical conclusion, its resources are archived. Transition in the Archived (phase) is preceded by a termination review.

Frequently Asked Questions

  1. How do I find Eclipse Architecture Council mentors?

    You don’t have to find them yourself. Focus on the content of the proposal. We can solicit mentors from the Eclipse Architecture Council after the proposal has been opened for community review.

  2. What license(s) can I use for my project?

    Eclipse top level projects define the standard licensing for their projects. When a project has nonstandard licensing requirements, they may need to make an appeal to the Eclipse board of directors to request their approval. Connect with EMO for assistance.

  3. Can I change the proposal after it is posted?

    Yes. The proposal can be changed any time before the start of the creation review.

  4. When do I submit my code for review by the IP team?

    Submit your code (initial contribution) for review after the project has been provisioned. The Eclipse Webmaster will let you know when provisioning is complete.

  5. Does the new project have to use Git?

    Yes. Git is the only source code management system that is currently permitted for new projects.

  6. Can I host my project code on GitHub?

    Eclipse projects can make use of GitHub. Official project repositories must be hosted under an Eclipse Foundation-managed organization at GitHub. Official repositories are subject to the same intellectual property due diligence rules and processes that all Eclipse project repositories must follow.

  7. How long should I let my project incubate?

    It depends. Community expectations are one factor. Team experience with open source is another. If your team is new to open source, it may make sense to stay in incubation a little longer than a seasoned team with a mature code base might. As a general rule, though, projects should plan to leave incubation within a year.

  8. Does the mature project code that I’m bring to Eclipse need to incubate?

    Yes. All new projects start in the incubation phase. Remember that incubation is as much about the project team learning about how to operate as an open source project as it is about the project code. Project teams that "get it" can opt to exit incubation quickly (e.g. with their first release) if that makes sense for the team and the community.

  9. What do all these terms (e.g. EMO) mean?

    Please see the glossary.

Project Resources and Services

Open source projects at the Eclipse Foundation are required to make use of certain Eclipse Foundation services:

  • All project issues must be tracked in the issue tracker assigned to the project;

  • Source code must be maintained in source code repositories assigned to the project (e.g. an Eclipse Git or Gerrit instance, or an organization on GitHub maintained by the Eclipse Foundation);

  • All third party content used by the project must be tracked and approved for use by the Eclipse IP Team;

  • Downloads must be distributed via an Eclipse downloads server;

  • Developer (committer) communication must occur in the dev-list provided to the project by the Eclipse Foundation; and

  • Projects must keep their Project Metadata up-to-date.

Identifers

Project resources make use of two sorts of ids:

Short name

The short name is used in various parts of Eclipse Foundation infrastructure (e.g. the name of the project’s directory on the downloads and Git servers, and the URL for the project website). The short name may contain lowercase alphanumeric characters, dashes, and underlines; but does not contain periods.

Qualified identifier

The project’s short name is joined with the short name of the parent project(s) to form a qualified identifier (project id) for the project that is used as a key on services generated and/or maintained for the project by the Eclipse Foundation.

For example the "Eclipse Woolsey" project has a short name of "woolsey"; its qualified identifier is "technology.dash.woolsey", indicating that it is a subproject of the an Eclipse Dash Project which is itself a subproject of the Eclipse Technology Top Level Project.

Source Code Management

Eclipse projects must maintain source code in the repositories assigned to the project by the Eclipse Foundation. These official repositories must be the exclusive source of all project code delivered via the project’s assigned distribution channel (e.g. the download server).

In order for the project to operate in an open manner, it must be possible for potential contributors to have access to the code base in its most current form, so all ongoing development must be regularly pushed to these canonical repositories.

Eclipse Contributor Agreement (ECA)

The Eclipse Foundation has implemented the Eclipse Contributor Agreements (ECA) to improve intellectual property (IP) management and workflow. All contributors, who are not committers on the Eclipse project, must sign the ECA.

Committers do not require an ECA to contribute to a project on which they have committer status.

Git Commit Records

Git commit records are required to take a specific form. The credentials of the actual author must be used to populate the Author field. The author credentials must specify the author’s actual (legal) name and email address. The email address used must match the email address that the Eclipse Foundation has on file for the author (case-sensitive).

The commit message is divided into three sections:

  1. One line (max 72 characters) summary;

  2. Description; and

  3. Footer.

Example Git Commit Record
commit d6cf52411377a039fc2906378711091a26e932cb
Author: Some Body <somebody@somewhere.com> 1
Date:   Wed May 29 16:17:36 2013 +0200

    Bug 350686 - Hide unwanted action bar items 2

    This change hides unwanted 'Link with Editor' and
    'Customize View...' items from the local toolbar
    and the view menu.

    Change-Id: Ia2bd5091303d1b0a738157effc24e4dac5a7d0c7 3
    Also-by: Some Bodyelse <somebodyelse@nowhere.com> 4
    Signed-off-by: Some Body <somebody@somewhere.com> 5
1 The email address of the author must match the email address on the Eclipse Foundation Account, the name "Some Body" must be replaced by the real name of the person.
2 Best practice: include the bug id in the commit message summary.
3 Gerrit Change-Id (only when pushing to Gerrit for review).
4 Additional authors can be added using Also-by or Co-authored-by entries, by replacing the name "Some Bodyelse" by the real name of the person
5 Non-committers must sign-off the commit, indicating that they aware of the terms by which the contribution has been provided to the project, using the same name and email address as used in the author field.
Important

The named used in the Author field (and, when required, in the Also-by and Signed-off-by fields) must be the legal name of the contributor; the email address must be valid and real.

The summary line is used in many places where Git commits are listed, ensure that this line is sensible by itself. The description area should be used to provide more detail about the commit. The footer area is used for extra fields and values.

If the bug id is included in the summary line (using the form "Bug 12345 - xxx" or "[12345] xxx") Gerrit Code Review will automatically add a link in the corresponding Bugzilla record back to the Gerrit record (this, of course, only applies to commits pushed to Gerrit).

The Change-Id is used by Gerrit Code Review to associate new versions of a change back to its original review. This field need only be specified if the repository is managed by Gerrit.

An Also-by (or Co-authored-by) entry can be added for each additional author of a commit (one committer per entry). This might apply, for example, if a commit has been authored via pair-programming, or the commit is the result of collapsing multiple commits authored by multiple developers. To be considered valid the entry must take the form Also-by: Name <email>.

Commits that are provided by non-committers must have a Signed-off-by field in the footer indicating that the author is aware of the terms by which the contribution has been provided to the project. To be considered valid the entry must take the form Signed-off-by: Name <email>. The non-committer must additionally have an Eclipse Foundation Account and must have a signed Eclipse Contributor Agreement (ECA) on file.

Git

Those projects that want to use Git on the Eclipse forge, are assigned a directory in which they may create as many Git repositories as required. Committers may open a bug to request Eclipse Webmaster help to create a new Git repository for their project project. Alternatively, committers with shell accounts can create repositories themselves.

Create a new Git repository
> initrepo /gitroot/project/org.eclipse.repo.name.git

For consistency, the name of the repository must end with .git.

To set the description of the repository, use sftp or scp to copy a text file to /gitroot/project/org.eclipse.repo.name.git/description. Git repository descriptions should be limited to a paragraph of one or two sentences.

Only project committers can push to an Eclipse Git repository. A push that includes commits that do not conform to the required form will be rejected.

Note

Anybody can browse Eclipse Git repositories. Use a project’s short name to quickly jump to the project’s Git repositories with a URL of the form https://git.eclipse.org/c/<shortname> (e.g. https://git.eclipse.org/c/dash for repositories associated with the technology.dash project).

Gerrit Code Review

Gerrit provides web based code review and repository management for the Git version control system. Many projects use Gerrit to reduce barriers and encourage contribution to the project. Open a bug to request that the Eclipse Webmaster configure your Git repository for Gerrit.

Commits may be pushed directly to the Git repository through Gerrit by a project committer (e.g. to the master branch).

Anybody can push to a refs/for/* branch for review in a Gerrit repository. A push that includes commits that do not conform to the required form will be rejected. Commits intended for review should have a Change-Id

You can browse Eclipse repositories directly on the Gerrit server.

GitHub

Projects may opt to move some or all of their canonical source code repositories to an organization on GitHub that is maintained by the Eclipse Foundation. Both GitHub Issues and Wiki may also be used.

Any committer can open a bug to request that the Eclipse Webmaster create a new, or move an existing, Git repository into their project. The Eclipse Webmaster will install some hooks onto all Eclipse project GitHub repository.

The Committers hook grants designated project committers write access to the GitHub-hosted project repositories. Project committers must use the email address they provide to the Eclipse Foundation as their GitHub email address.

The Eclipse Contributor Agreement (ECA) hook will inspect incoming GitHub pull requests to ensure that the contributor has a valid ECA on file, and that the commit has been "signed-off" as required. Project committers should only merge pull green requests:

Github cla success
Notification that the commit is properly structured and permissions are in place.

Since the GitHub API does not provide a means of absolutely denying a merge the hook will warn committers that the contributors have not signed a ECA or that the commit message is not correctly structured:

Github cla failure
Notification that there is something wrong with the commit.

Click on the Details link for more information. Committers must not merge commits unless they are absolutely certain that the contributer does have a valid ECA on file and the commit message includes the required Signed-off-by statement in the footer.

Note

The Eclipse Webmaster creates and maintains a mirror of all GitHub-hosted repositories on Eclipse Foundation hardware.

Issue Trackers

Eclipse projects must use an Eclipse Foundation-provided issue tracker. Project teams may opt to use either the Eclipse Bugzilla instance or—​for projects that use GitHub--GitHub Issues instances associated with Eclipse Foundation-managed GitHub project repositories.

Forums and Outbound Communication

All projects are assigned a user forum as a point of contact between the user and adopter communities, and the project developers.

The EMO strongly encourages the use of alternative communication channels for connecting with the community: project teams know their community and how to best connect with them.

Project Websites

Project websites are an excellent way to connect an open source project with the community. Many projects opt to use the Project Management Infrastructure (PMI) as their project website. PMI-based website URLs take the form of https://projects.eclipse.org/projects/<projectid> (e.g. https://projects.eclipse.org/projects/technology.foo).

Many project teams opt to create a custom main project website: if so-desired, a project may host a website on Eclipse Foundation-hosted servers. Project website URLs generally take the form https://www.eclipse.org/<shortname> (e.g. https://www.eclipse.org/foo). Custom project website content is maintained in Git repositories hosted on Eclipse Foundation infrastructure. A background job moves content from the Git repository to the website; content pushed to the repository will appear on the live website within five minutes.

Note

If a project website has not already been created for your project, open a bug to request that the Eclipse Webmaster create one.

Websites not hosted by the Eclipse Foundation are considered community portals and are subject to the Guidelines for Eclipse Logo & Trademarks (the Eclipse Foundation asserts ownership of all project name trademarks).

Builds

Use of Eclipse Foundation-provided and hosted build services, the so-called Common Build Infrastructure (CBI) is strongly recommended, but not strictly required.

Whether or not a project chooses to make use of provided build resources, it must be possible for members of the community to build project artifacts from source code with reasonable effort.

Signed Artifacts

Where technically sensible, all downloadable artifacts should be signed by an Eclipse Foundation certificate.

Downloads

The project is allocated space on the Eclipse download and archive servers.

Project artifacts (e.g. downloads) can be distributed via third party services (e.g. Maven Central), but—​where technically sensible—​the Eclipse Foundation-provided infrastructure must be considered the primary source of project downloads.

Project committers can upload project artifacts to the project’s directory on the download server. The short name is used to denote the area available to the project (e.g. https://downloads.eclipse.org/dash for the technology.dash project) via SFTP or SCP, or from a Eclipse Foundation hosted build infrastructure.

External Resources

Project teams may use services that are not hosted by the Eclipse Foundation (e.g. GitHub or DockerHub).

The following rules apply:

  • The Eclipse Foundation’s branding rules must be observed;

  • External services must not add legal terms or conditions that invalidate the project licenses or copyrights;

  • One or more project committers must have ownership rights; and

  • The usual level playing field must be observed.

Even when using services not hosted by the Eclipse Foundation, project teams are required to operate in an open, transparent, meritocratic, and vendor-neutral manner. Use of the service must not add an unreasonable access barrier for contributors, and no single individual or company can exert exclusive control of the service. Administrative level control of the service must be shared by as diverse a subset of the project committers as possible, and a documented policy must be established for managing that control.

All services require that users conform to some sort of terms of use that likely dictate copyright and licensing terms. Project leads must take care to ensure that those terms of use are not at odds with the project license or impact the copyright ownership of project contributions.

Warning

Source code, documentation, issues/tickets/bug reports must all be maintained using resources that are provided and managed by the Eclipse Foundation.

External resources can be used for:

  • User forum discussions, presentations;

  • Builds and alternative sources for downloads;

  • Container image management (e.g. DockerHub); and

  • Examples, blogs, social media handles.

This list is not exhaustive. Project leads should work with their PMC and the EMO to determine the terms and conditions for an external resource are compatible with the project license(s), the Eclipse IP Policy, and Eclipse Development Process.

DockerHub

The Eclipse Foundation owns several organizations on DockerHub, including eclipse, locationtech, and polarsys, but does not formally support or strictly manage the use of these organizations. Due to manner in which permissions are managed, membership in the owners team for these organizations is required to create new repositories. The project’s PMC or the EMO can grant membership in this team to designated committers for projects that require this access. The EMO periodically reviews membership in the teams associated with these organizations and will remove members who are not active committers. Repositories created in these organizations must follow the pattern <organization>/<shortname>[-<component>] (e.g. eclipse/che-server).

Note

Content distributed via official Eclipse Foundation channels must be complete enough that a consumer can (with reasonable effort) use it without needing the DockerHub distribution. That is, the DockerHub distribution needs to be considered a convenient way to leverage the content, not the only way. Please make sure that you treat any links or related discussion that you have on an Eclipse Foundation property about images distributed via DockerHub as an unofficial channel.

Subject to the rules for the use of external resources, a project team can create and maintain their own organization on DockerHub. The organization name must follow the pattern eclipse-<shortname> (e.g. eclipse-woolsey) or some variation (e.g. eclipsewoolsey). As indicated in the rules, ownership of the organization must be shared by a subset of project committers and the project must have a documented policy regarding how access to that organization is managed.

Additionally, a PMC may decide to create and manage an organization for the Top-Level Project. The PMC may have their own policy regarding the use of DockerHub. Project teams should consult with their PMC to determine which approach is best suited for the project.

Maven Central

The Eclipse Foundation has no formal relationship with Maven Central or staging providers like OSSRH. Eclipse project teams are, however, welcome to use these services as a distribution channel.

By convention, the groupid should be of the form org.eclipse.<shortname> (e.g. org.eclipse.dash for the technology.dash project). Project teams should work with their PMC if some exception to this convention is required (and take care to avoid infringing on the namespaces of other projects). The form of the artifactid should be determined by the project team. The version number should follow the standard Semantic Versioning pattern. All pre-release builds must be appropriately labeled (e.g. 1.0M3 for pre-release builds of version 1.0).

Project teams must engage in the Releases process before labeling any software as a release version.

The Eclipse Release Engineering Team has provided some help regarding the use of Maven Central in the Eclipsepedia Wiki.

Frequently Asked Questions

  1. Can a project use the gh-pages support from Github to host at <project>.github.io?

    The project’s primary website must be hosted on Eclipse Foundation infrastructure. GitHub’s gh-pages support can be used to host supplementary content only as a Community Portal (and is subject to the branding requirements).

  2. Can we use GitHub for our project website?

    The process that publishes website content pulls from the project’s designated website repository on git.eclipse.org. A project team can put website source in a GitHub repository, but in order to actually get it on the website, some sort of process must set something up to push it to the website repository. Build infrastructure can be used for this.

  3. Do we have to use the Eclipse Foundation-provided download server?

    If you provide content to your community via any form of click-to-download notion, then the Eclipse Foundation-provided download server must be the primary source of that content. If, however, the concept of a download doesn’t make sense for the sort of content that your project provides (e.g. your community consumes your context exclusively through Maven Central, or if source code is the only content delivered by the project), then you aren’t required to provide that content via the download server.

  4. Can we host pre-release software (e.g. milestone builds) on Maven Central?

    Reasonable steps must be taken to ensure that the consumer understands the pre-release nature of software. At a minimum, pre-release software must be labeled as such. A milestone build for version 1.0, for example, must be labeled as "1.0M1" (or similar). Pre-release software can be pushed to Maven Central, but due to the permanent nature of content that is pushed there, it will persist there indefinitely. Whether or not this is desirable is a decision that the project team should make with help from their PMC.

  5. Can we use external services like OSSRH to stage pre-release builds?

    Yes.

  6. Can an an Eclipse project accept anonymous code contributions?

    No. All contributions must be associated with their author using their legal name and a real email address. In pragmatic terms, the contributor must provide their legal name and email address in the Git commit’s Author field, and sign-off the commit using those same credentials; the contributor must also have electronically signed the ECA using those same credentials.

Managing and Reporting Vulnerabilities

The Eclipse Security Policy contains information regarding obligations and specific practices regarding the reporting and disclosure of vulnerabilities.

Security Team

The Eclipse Security Team provides help and advice to Eclipse projects on security issues and is the first point of contact for handling security vulnerabilities. Members of the Security Team are committers on Eclipse Projects and members of the Eclipse Architecture Council.

Reporting

Vulnerabilities can be reported either via email to security@eclipse.org or directly with a project via the Eclipse Foundation’s Bugzilla instance.

The general security team email address can also be used to report vulnerabilities. Members of the Eclipse Security Team will receive messages sent to this address. This address should be used only for reporting undisclosed vulnerabilities; regular issue reports and questions unrelated to vulnerabilities in Eclipse project software will be ignored. Note that this email address is not encrypted.

The community is encouraged to report vulnerabilities using the standard Eclipse Bugzilla instance in a project-specific product and component. If the project teams does not have a Bugzilla product of their own, or if a reporter is unable to determine an appropriate product and component, the reporter may use Community/Vulnerability Reports product/component. Issue reports related to vulnerabilities must be marked with the committers-only flag, either by the reporter, or by a committer during the triage process.

Note

Bugzilla Records marked with the committers-only flag are visible to all Eclipse committers. By default, a committers-only Bugzilla record is also accessible to the reporter, assignee, and individuals explicitly indicated in the cc list.

Warning

Bugzilla sends out emails as issues are modified. Email is inherently insecure.

Tip

The Eclipse IP Team will give priority to contribution questionnaires (CQs) required to resolve vulnerabilities.

Disclosure

Disclosure is initially limited to the reporter and all Eclipse Committers, but is expanded to include other individuals, and the general public. The timing and manner of disclosure is governed by the Eclipse Security Policy.

Note

Knowledge of a vulnerability can be easily extended to individuals by adding them to the cc list on the corresponding Bugzilla report

Contacts added to an unresolved vulnerability must be individuals. Groups (e.g. mailing lists with open subscription and public archives)--with the exception of the Security Team email address--should never be copied on a vulnerability issue.

The committers-only must be removed and the security keyword must be added on Bugzilla records for disclosed vulnerabilities.

Publicly disclosed issues are listed on the Known Eclipse Security Vulnerabilities page.

Common Vulnerabilities and Exposure

The Eclipse Foundation is a Common Vulnerabilities and Exposures (CVE) Numbering Authority.

Whether or not a vulnerability requires a CVE is decided by the project team with assistance from their PMC (if required).

To request a CVE Number assignment, the vulnerability must be captured in a Eclipse Bugzilla record. The project team can track work on a vulnerability elsewhere, but the vulnerability reporting is tracked via Bugzilla.

Tip

Mark Bugzilla records as committers-only to prevent broad dissemination of the vulnerability before the project team has had a chance to get ahead of the issue.

The Bugzilla record must provide:

  • The name of the impacted project and product;

  • A description of the versions impacted (which may include ranges);

  • A Common Weakness Enumeration (CWE) code; and

  • A one or two sentence summary of the issue which clearly identifies the Eclipse project/product and impacted versions.

The Bugzilla record may be augmented with additional information as required.

Example CVE Report data
project: Eclipse Vert.x

version: [3.0, 3.5.1]

cwe: CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')

summary: In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response
headers and HttpClient request headers do not filter carriage return and
line feed characters from the header value. This allow unfiltered values
to inject a new header in the client request or server response."

The record must be RESOLVED/FIXED and the committers-only flag must be turned off before the EMO can push the report to the central reporting authority.

When all of the information is assembled and the vulnerability is ready for disclosure, a project team member must send a message to the Security Team with a request to assign a CVE Number and send the report to the central authority.

The required information is rendered into the appropriate form by the EMO and forwarded to the central authority.

Note

The security team will assign a CVE Number to the Bugzilla record as an alias, they will then notify the central authority, and—​when the report is accepted and posted—​add the central authority’s link to the URL field of the bug.

Frequently Asked Questions

In what form should a disclosure be published? Is publishing the bug on the Known Vulnerabilities page enough?

Publishing on the Known Vulnerabilities page will happen automatically. This is mimimal disclosure. Whether or not you should do more is a project team decision. If you need help with that decision, connect with your PMC or the Security Team.

If the vulnerability real and is in release software (i.e., it’s likely to have been adopted), you should request a CVE.

You should let your community know about the vulnerability though your usual communication channels.

Who can/will update Known Vulnerabilities page and when?

When a Eclipse Bugzilla record has the "committers-only" flag turned off, includes the security keyword, is in the RESOLVED, VERIFIED, or CLOSED state, and is resolved FIXED, it will appear on this page.

Can I already commit the fixes to our repository and provide a service release, or shall I wait for some part of the disclosure process first?

In general, you should fix the issue first.

Whether or not we disclose in advance of making the fix available is a judgement call. When there is a real risk that somebody may exploit the vulnerability, you generally want to inform your adopters as quicky and discretely as possible so that they can prepare themselves.

If the issue is particularly sensitive and you need to make that fix in a private repository and coordinate disclosure, connect with EMO and we’ll help. Very few projects actually need to go to this extreme.

Is there something specific I should add (or something I should avoid mentioning) in the commit message?

That depends. In general, you should avoid adding anything that calls particular attention to the vulnerability. Just state what the commit contains.

Do we need a CVE?

It’s up to the project team. We need the project team to engage with the process of gathering the information required to report the vulnerability to the central authority; the first step in that process is deciding whether or not a CVE is desired/required.

The general rule is that a CVE is required when a vulnerability impacts release software. The Eclipse Security Team has given this advice (paraphrased):

If someone can download compiled (e.g., JAR) files and use them without any sort of compilation process then we are inclined to say that there exists a tangible risk to consumers and so a CVE should be requested. That is, unless that version string specifically says alpha or beta, or the content has otherwise clear warnings to not use it in a production context, then we should—​as good citizens—​create a CVE. Merely being versioned 0.x instead of 1.x doesn’t absolve the situation.

If you’re not sure, check with your PMC or the Security Team.

It’s a bit of a rite of passage for an open source project to disclose their first vulnerability.

Do we need a CVE for versions of software that we released before moving our project to the Eclipse Foundation?

The answer to this is not obvious, but as a general rule…​ no. The answer is not obvious because the continuity of the source of affected products may not be obvious (or relevant) to consumers, and it is not strictly wrong for a CVE Numbering Authority to create a CVE for a version of a product not immediately in their purview.

Ultimately, whether or not we should create a CVE is the project team’s call.

Does the CVE process start after the disclosure?

Sort of. You can start the process, but we need to remove the committers-only flag on the before we push the CVE to the central authority.

Contributing to an Eclipse Project

Contributors

Anybody can be a contributor. To be a contributor, you just need to contribute. Contributions typically take the form of code or documentation submitted to the project’s source code repository, but may also take the form of answering questions in project and community forums, and more.

For contributions that contain intellectual property (e.g., source code or documentation), some formal documentation is required to ensure that the rights associated with the intellectual property are properly managed and licensed.

To contribute to an Eclipse open source project, a contributor must:

  1. Create an Eclipse Foundation Account;

  2. Sign the Eclipse Contributor Agreement;

  3. Read the project’s contribution guide to learn about coding style and other guidelines for contributions (contribution guidelines are typically found a CONTRIBUTING or README file in the root of every source code repository)

  4. Create a commit

    • Ensure that the author credentials on the commit record match the email address associated with their Eclipse Foundation Account, and

    • Ensure that all commits have been Signed-off;

  5. Create a pull request (GitHub), or submit a review (Gerrit):

  6. Work with the project team to merge the contribution.

Note that contributors retain ownership of their contributions; the ECA, for example, states in part:

This ECA, and the license(s) associated with the particular Eclipse Foundation projects You are contributing to, provides a license to Your Contributions to the Eclipse Foundation and downstream consumers, but You still own Your Contributions, and except for the licenses provided for in this ECA, You reserve all right, title and interest in Your Contributions.

That is, the contributor owns their contributions, but grants a license to the Eclipse Foundation and downstream consumers to use them under the terms of the project license.

contributor contributors
Becoming a contributor

After establishing a pattern of contributing high quality contributions a contributor may be invited to join the project as a committer; an existing project committer will nominate a contributor to be a committer via committer election.

Committers

For Eclipse projects (and the open source world in general), committers are the ones who hold the keys. Committers decide what code goes into the code base, they decide how a project builds, and they ultimately decide what gets delivered to the adopter community. With awesome power, comes awesome responsibility, and so the Open Source Rules of Engagement described by the Eclipse Foundation Development Process, puts meritocracy on equal footing with transparency and openness: becoming a committer isn’t necessarily hard, but it does require a demonstration of merit.

In practical terms, there are two ways to become an Eclipse Committer.

The first way is to be listed as an initial committer on a new project proposal. When projects come to the Eclipse Foundation we need them to actually start with committers, and so we include this as part of the bootstrapping. As part of the process of community vetting a new project proposal, the committers listed are themselves vetted by the community. In effect, the project proposal process also acts as a committer election that’s open to the entire community.

The second way to become a committer is to get voted in via committer election. After an individual has made a small number of high quality contributions that demonstrate that they understand how the project works, understand the Eclipse Development Process and are prepared to implement the Eclipse IP Policy, a committer will invite them to join the team and initiate the election. Committer elections start with a nomination by an existing committer that includes a statement of merit that usually takes the form of a list various contributions that the individual has made to the project. What constitutes a sufficient demonstration of merit varies by project team and team.

Note

Committer status is assigned on a project-by-project basis. That is, individuals have committer rights only on those projects for which they hold committer status. For all other projects, they are contributors.

When a contributor becomes a committer, they must be covered by a committer agreement (either a Member Committer and Contributor Agreement (MCCA) or an Individual Committer Agreement (ICA). As the last step in the committer election process, the Eclipse Foundation systems will determine which agreement applies and engage a committer paperwork workflow with the new committer to ensure that everything is in place.

Eclipse Foundation Account

Eclipse Foundation project resources are accessible without an account. That is, members of the community may browse code, documentation, issues, help, etc. without creating an Eclipse Foundation Account. For those members of the community that wish to contribute code patches, open issues, add content to wikis, etc., an Eclipse Foundation Account is required.

For contributors and committers, their Eclipse Foundation account is their primary portal into their relationship with the Eclipse Foundation. From their account page, individuals can sign the Eclipse Contributor Agreement, manage their mailing list subscriptions, access build resources, and more.

Tip

If you’re working with projects that use GitHub, be sure to add your GitHub Id to your Eclipse Foundation Account so that our scripts can add you to the GitHub Teams that we use to manage access to Eclipse Foundation repositories hosted on GitHub. When, for example, you become a committer on an Eclipse project that hosts their source code repositories on GitHub, you will be sent an invitation to join the GitHub Team associated with that project.

Eclipse Contributor Agreement

The purpose of the Eclipse Contributor Agreement (ECA) is to provide a written record that contributors have agreed to provide their contributions of code and documentation under the licenses used by the Eclipse project(s) they’re contributing to. It also makes it clear that contributors are promising that what they are contributing to Eclipse is code that they wrote, and that they have the necessary rights to contribute it to Eclipse projects. And finally, it documents a commitment from the contributor that their open source contributions will be permanently on the public record.

All contributors, who are not committers on the Eclipse project, must sign the Eclipse Contributor Agreements (ECA) to ensure that the necessary intellectual property (IP) rights to the contribution are granted.

Contributors who are already covered by a committer agreement (either an MCCA or ICA) are not required to also sign the ECA.

Tip

You can determine your ECA status from your Eclipse Foundation Account page. Your ECA status is shown in the top-right corner.

Committers do not require an ECA to contribute to a project on which they have committer status.

Frequently Asked Questions

  1. Is there any requirement on what is necessary for committers/project leads to consider when dealing with contributions from someone from the same company?

    No requirement. Getting reviews/approvals from any committer on your project is sufficient, whether they are from the same company or different.

    Project teams may establish their own rules regarding how contributions are accepted. These rules range from allowing any committer to approve a contribution, to requiring that contributions from a committer be approved by another committer, to requiring that all contributions be approved by a project lead. Whatever the case, it should be documented (typically captured in a CONTRIBUTING file).

    It is generally considered good practice (or a nice-to-have) to request a review from an "outsider", especially if the proposed change might be considered complex or controversial. It’s always good to get outside viewpoints. But the specific rules are left for the project team to decide.

  2. Do I need to sign the Eclipse Contributor Agreement (ECA)?

    If you are not a committer on an Eclipse open source project, to contribute (e.g., make pull requests) to that project, you need to be covered by an ECA. If you are already a committer on any Eclipse open source project, then you are already covered by an ECA through your committer agreement and do not need to sign the ECA separately. If your employer has signed the Member Committer and Contributor Agreement, then you are already covered by an ECA and you do not need to sign the ECA separately.

    If you are a committer on a project you do not need an ECA to contribute to that project.

  3. How do I know if I’m covered by an Eclipse Contributor Agreement (ECA)?

    Visit your Eclipse Foundation Account page. Your ECA status is shown in the top-right corner.

  4. How do I know if my employer is a member of the Eclipse Foundation?

    If your employer is a member of the Eclipse Foundation, they will be listed on the Explore Our Members page.

  5. How do I know if my employer has signed the Member Committer and Contributor Agreement (MCCA)?

    Check with your manager. If your manager doesn’t know, you can contact the EMO Records Team for assistance.

  6. I know that my employer has signed the Member Committer and Contributor Agreement (MCCA), but my account page shows that I am not covered by the ECA. What should I do?

    It’s likely that you haven’t provided us with employer information. In order for our systems to know that you are affiliated with a particular organization, you must specify your employer in your Eclipse Foundation Account.

  7. I am a committer on a project, but I cannot push to that project’s GitHub repositories. What should I do?

    It’s likely that you haven’t provided us with your GitHub Id. Our systems manage the composition of the GitHub teams that have the necessary privileges on project repositories. For that, we need your GitHub Id, which you must provide us with in your Eclipse Foundation Account.

Elections

Roles in a project are assigned based on merit demonstrated in a publicly-accessible forum, in the form of an election. Elections start with a nomination that contains a statement of merit. The nature of a statement of merit varies widely, but is generally expected to to concisely state the impact that the nominee has had on the project.

Note

Employment status has no bearing at whether or not somebody can participate in an open source project at Eclipse. Employment does not, for example, guarantee committer status; committer status must be earned by everybody.

Committer Elections

Contributors who have the trust of the project’s committers can, through election, be promoted to committer status for that project. The breadth of a committer’s influence corresponds to the breadth of their contribution. A development team’s contributors and committers may (and should) come from a diverse set of organizations. A committer gains voting rights allowing them to affect the future of the project. Becoming a committer is a privilege that is earned by contributing and showing discipline and good judgment. It is a responsibility that should be neither given nor taken lightly, nor is it a right based on employment by an Eclipse Foundation member company or any company employing existing committers.

Being a Eclipse committer is more than just having write-access to the project resources: there are specific IP due diligence and record keeping activities that committers must follow. New committers must ensure that they are familiar with the Committer Due Diligence Guidelines.

New committers should be encouraged to join the Incubation Mailing List; this list is a good place to ask questions about process, services available, and other aspects of working as a committer.

What are the Requirements?

There are only three requirements around nominating and electing new committers (note that there are additional committer paperwork requirements for the new committer):

  • Define trust;

  • Maintain vendor/employer neutrality; and

  • Operate transparently (public and archived election).

Each project is entitled to define how it evaluates "[people] who have the trust of the Project’s Committers …​ [through] contributing and showing discipline and good judgment". This definition needs to be a transparent and public document on the project’s website (the top-level project charter may provide this). It is extremely important to publish these criteria to avoid any issues around cliques or "the in-crowd" preventing others from joining a project.

There must not be any hint of "we (company W) hired person X to work on project Y thus person X should elected a committer". Committer status is independent of employment; thereare well-supported mechanisms for contributors without commit-rights and thus committer status is not required for a team member to be effective. Additionally, the team will want to make sure that they have confidence in the candidate irrespective of employment and management because the committer status will continue even after moves to another job.

The nomination and election process for a new committer is for more than just the project team - it is also for the entire Eclipse community, current and future. The larger community uses the artifacts of elections as (one of many pieces of) evidence about the maturity of the project team, and thus quality of the frameworks.

Note

Nominations such as "we all know Bob, vote for him" may work within the team, but actually harm the project’s reputation in the larger Eclipse community: that larger community does not know Bob and does not understand why the project team trusts him with the source code.

What Should a Nomination Look Like?

A committer nomination should explain the candidate’s contributions to the project and thus why they should be elected as a committer. Cite the issues they have fixed via patches; cite the community forum postings they have answered; cite the dev-list design discussions to which they have contributed; etc. In all cases, provide urls to source material.

How does an Election work?

Use the Committer Tools  Nominate a Committer link on the corresponding project page and follow the workflow to start a committer election.

committer election2
The New Committer Nomination Form

Project committers will be notified to participate in the election via the project’s dev-list.

Note

Your project must have a dev-list specified in the project’s metadata and existing project team members must be subscribed to the list.

An election starts with a nomination by an existing committer.

elections overview
An overview of the Election Process

Only project committers may nominate a new committer or vote in a committer election. To be successful, the election must receive a minimum of three positive +1 votes. Any committer can veto the election by casting a -1 vote. For projects with three or fewer committers all committers must vote. Committer elections run for one week, but will end prematurely if all project committers vote +1.

Following a successful committer vote, the project’s PMC will review the election results and then either approve or veto the election. An election may be vetoed, for example, if the PMC feels that the merit statement is not strong enough.

The paperwork process will automatically be initiated following PMC approval of an election.

Project Lead Elections

Similar to a committer election, a project lead election starts with a statement of merit. The merit statement should, rather than focus on specific code contributions, focus instead on the leadership qualities expressed by the individual.

Example 1. Project Lead merit statement

Sounak has been part of the Ogee development since before the initial contribution. He played an important role ever since, as he is one of the key developers. With regards to the number of commits Sounak is currently the top committer of Ogee:

Apart from that Sounak took care of the project page and the build. For release 0.6 he also handled the review formalities for me. Finally I would like to mention a blog post he did at odata.org to promote Ogee in the OData community:

Project leads are normally also committers. A project may have more than one project lead (so-called co-leads).

Use the Committer Tools  Nominate a Project Lead link on the corresponding project page to start a project lead election.

Only project committers can nominate a new project lead or vote in a project lead election. To be successful, a project lead election must receive a minimum of three positive +1 votes. Any committer can veto the election by casting a -1 vote. For projects with three or fewer committers all committers must vote. Committer elections run for one week, but will end prematurely if all project committers vote +1.

Following a successful committer vote, the project’s PMC will review the election results and then either approve or veto the election. A PMC-approved election will be referred to the EMO/ED as a recommendation for appointment. The final decision rests with the EMO/ED.

PMC Member Elections

The manner in which a top-level project’s Project Management Committee (PMC) Member is appointed varies by PMC. Some PMCs are set up to have a representative from each of the projects in the top-level project. Other PMCs are more exclusive and run an election similar to that of a project lead election.

In all cases, the PMC Lead makes a recommendation to the EMO/ED to appoint a PMC Member. The final decision rests with the EMO/ED.

PMC Lead Appointments

PMC Leads are not elected. They are vetted by the EMO, approved by the Eclipse Board of Directors, and appointed by the EMO/ED.

Committer Retirement

A committer can retire themselves from a project. Retirement cannot be undone: to rejoin a project as a committer after being retired, a contributor must again be nominated and elected into the role.

Tip

To retire from a project, navigate to the project page, open the Who’s Involved tab, and click on your image in the committer list. Then, in the "Retire Committer Status" box on the on the project role page, check the checkbox and click the Submit button.

elections retire self

A project lead may also retire a committer. A project lead might, for example, retire a committer that has been inactive for an extended period of time (e.g., longer than a year). Before retiring a committer, the project’s community should be informed of the change and the committer must be given a chance to defend retaining their status via the project’s dev-list.

Note

A common practice is for the project lead to use the project’s dev-list to announce generically that they’re going to retire committers that have been inactive for some designated period of time and give the committers a chance to speak up before a deadline.

There is no means by which a committer can be forced out of a project if they have not done anything wrong (there is no notion of "voting a committer out" of a project). Leaving the company that sponsors the project, for example, is not a valid reason for retirement. On the other hand, that a committer has changed jobs or roles and can no longer continue to contribute the project is a completely valid reason for retirement.

Project Lead Retirement

A project lead can retire themselves from a project. Prior to retiring, a project lead should work with the project team to ensure the continuity of the role (e.g., in the case where a project’s sole project lead plans retirement, they should engage with the team to identify and elect a replacment). In the spirit of open source transparency, a retiring project lead should announce their retirement on the project’s dev-list.

Tip

To retire from a project, navigate to the project page, open the Who’s Involved tab, and click on your image in the project lead list. Then, in the "Retire Project Lead Status" box on the on the project role page, check the checkbox and click the Submit button.

elections retire pl

Retiring Other Roles

Connect with the PMC or EMO for assistance.

Frequently Asked Questions

  1. Do we really need to do this?

    Yes.

  2. Can I still be a committer if I change employers?

    Yes. Your status as a committer is not tied to your employment status. You may, however, require Committer Paperwork from your new employer (or if you become self-employed). If you change employers, please contact the EMO Records Team for help regarding paperwork requirements.

  3. What happens if committers don’t vote?

    If a project has three or fewer committers, then all committers must vote. If even one out of the three does not vote, then the election will end in failure. If the non-voting committer is also not active, then they can, perhaps, be retired by the project lead.

  4. How do we transfer committers from one project to another?

    Short answer: you don’t

    We have no concept of transferring committers. if committers need to move from one project to another, then they must be elected as committers to the new project and retire themselves from the old one.

  5. Can a project lead retire a disruptive committer?

    The EDP allows a project lead to retire a disruptive committer. This is basically the "nuclear" option and so should be used sparingly; we have only retired a few committers in this manner. Should a project lead decide to take this step, they should be prepared to provide evidence to back up the claim of disruption. The project lead should work with the PMC and EMO to determine how (or if) that evidence is tracked and disseminated.

Committer Paperwork

The Eclipse Foundation needs to ensure that all committers with write access to the code, websites, and issue tracking systems understand their role in the intellectual property process. The Eclipse Foundation also needs to ensure that we have accurate records of the people who are acting as change agents on the projects. To ensure that committers understand their role, and that the Eclipse Foundation has accurate records, committers must provide documentation asserting that they have read, understood, and will follow the committer guidelines. Committers must also gain their employers consent to their participation in Eclipse Foundation open source projects.

All committers must complete the Committer Paperwork Workflow, which includes the Committer Questionnaire and documentation as described below.

Committer Questionnaire

The Committer Questionnaire is an online form that must be completed by all new committers. This form offers two separate paths: one for committers who work for a member company that has provided a signed Member Committer and Contributor Agreement (MCCA), and one for everyone else.

committer questionnaire
The Committer Paperwork Workflow starts by asking for employment status.

The Committer Questionnaire is accessible only after an individual has been elected into the role of a committer on a project (note that all committer relationships are between an individual and a specific project), either as an initial committer on a new project, or via Committer Election on an existing project. New committers will be sent a link to the questionnaire via email.

Note

If you indicate that you are employed, you will be asked to identify your employer. Only member companies that have provided a signed MCCA will be listed as member companies in the Committer Questionnaire. If you work for a company that is not an Eclipse Foundation Member Company, or your employer has not provided the Eclipse Foundation with a MCCA you must list your employer as "Other".

Documents

The exact nature of the documentation required is dependent upon the employment status of the individual.

paperwork
What paperwork is required?

The new committer must download and print the documents, complete and sign them, and then provide them to the EMO Records Team. The new committer paperwork workflow provides a means of uploading these documents; alternatively, the team may ask you to provide them via email.

committer questionnaire2
Upload the ICA directly into the form

After all required documents have been received, the EMO Records Team will review them, contact the committer to resolve any issues that need to be addressed, and send a request to the Webmaster to provision a committer account.

Questions regarding this process should be addressed to the EMO Records Team.

Member Committer and Contributor Agreement

The Member Committer and Contributor Agreement (MCCA) is used by organizations that are members of the Eclipse Foundation to cover all of their employees who participate in Eclipse Foundation projects as committers.

Note

If your employer is a member of the Eclipse Foundation and has not already provided an MCCA, consult with your management team to determine who has the necessary authority to sign it on your company’s behalf. Provide the MCCA in advance of the completion of your committer election or new project creation to streamline the committer provisioning process. If you and your management team are not sure whether or not your employer has an MCCA, ask the EMO Records Team.

If the committer’s employer is a member of the Eclipse Foundation that cannot provide a signed MCCA, then the committer will have to complete an Individual Committer Agreement.

Individual Committer Agreement

The Individual Committer Agreement (ICA) is used by committers who are not covered by a MCCA.

An ICA is required when:

  • The committer works for a company that is not a member of the Eclipse Foundation;

  • The committer works for member company that has not signed a MCCA;

  • The committer is self employed or not employed; or

  • The committer is a student.

Existing Committer

If the individual is already a committer on an existing Eclipse Foundation project then additional paperwork may or may not be necessary. The EMO Records Team will ask for additional documentation if required.

Not Employed or Student

If the committer is not employed or is a student, they must send a note to the EMO Records Team explaining their status.

Frequently Asked Questions

  1. What is the difference between an Individual Committer Agreement, the Member Committer and Contributor Agreement, and the Eclipse Contributor Agreement?

    The Individual Committer Agreement (ICA) is for committers whose employers are either not members of the Eclipse Foundation or are members that have not signed the Member Committer and Contributor Agreement.

    The Member Committer and Contributor Agreement (MCCA) is used by organizations that are members of the Eclipse Foundation to cover all of their employees who participate in Eclipse Foundation open source projects as committers.

    The Eclipse Contributor Agreement (ECA) is for everybody else. The ECA covers contributors who are not otherwise covered for their contributions by an ICA or MCCA.

  2. What happens if I do not fill out the paperwork?

    If you do not fill out the paperwork, then you do not get your credentials for write-access to the source code repository(s) and other project resources.

  3. Where can I get help to discuss these documents with my management team?

    The EMO can talk to your management and senior executives about these (and other) legal documents to help them understand why these documents are the best risk reduction solution for everyone involved. Contact us at license@eclipse.org.

  4. What formats can be used to submit paper documentation?

    The EMO Records Team prefers a scanned document delivered via email. The documents may also be provided by fax or by post (the fax number and postal address are captured in the documents).

  5. What Email address should I use to send completed documents?

    emo-records@eclipse.org

  6. What if a I change employers?

    Edit your Eclipse Account Profile to update your employment status.

Specifications

The Eclipse Foundation Specification Process (EFSP) defines a means of creating specifications in open source. The EFSP defines specifications as a “…​ collection of Application Programming Interface (API) definitions, descriptions of semantic behavior, data formats, protocols, and/or other referenced specifications, along with its TCK, intended to enable the development and testing of independent Compatible Implementations.”

Under the EFSP, all specification work must be done in a designated specification project. Specification projects operate according to the Eclipse Foundation Development Process (EDP), just like "regular" Eclipse open source projects, but with special consideration for the intellectual property management differences that are inherent in specification development. Specifically, the flow of intellectual property license grants is a critical difference between open source software development and open source specification development that is addressed by the EFSP. Due to these differences in the intellectual property license grants, specification project committers must be covered by additional legal agreements and must engage in additional governance steps.

Unlike Eclipse open source software projects which have no formal association with Eclipse Foundation Working Groups (“working groups”), every specification project is aligned directly with an Eclipse Foundation working group and operates under the purview of that working group’s specification committee.

Note

Individual working groups may add requirements for specification projects over and above what is outlined in the EFSP. Many working groups, for example, extend the default period of time required for reviews.

Specification Project Reviews

The EDP defines a number of lifecycle reviews for Eclipse projects. All projects start with a creation review, but the most common type is the release review. In addition to those reviews defined by the EDP, the EFSP further defines plan reviews.

Specification project teams engage in reviews in the same manner as all Eclipse projects, with a few differences:

  • Prior to starting the release cycle, a specification team must engage in a successful plan review;

  • Specification project teams must engage in a release review prior to every release (including service releases);

  • Following a successful plan review, the project team must engage in either a release review or a progress review within one year; and

  • All creation, plan, release, and progress reviews require super-majority approval from the corresponding working group’s specification committee.

Note

Individual working groups may have additional requirements for some lifecycle events, and guidance for engaging in working group-specific processes. Those additional requirements will be captured and disseminated by the working group.

Super-majority approval of a particular review is obtained via a ballot that is initiated and tallied by the specification committee (typically by the specification committee chair or their designate).

The process described in the Progress and Release Reviews section is the same for specification projects.

Tip

In the lead up to a review, it is in the best interests of a specification project team to engage with the specification committee in their designated community/public channel to socialize plans and expectations. You must get super-majority approval from the specification committee before you can make an official release of your specification, so giving them every opportunity to understand and provide feedback on what they’ll be voting on is in your best interests. Besides, operating in an open and transparent manner is a critical success criteria for all open source projects.

Intellectual Property Flow

An important part of the specification process is the management of intellectual property flow, patent grants in particular.

Patent grants flow into a specification process through the committers. That is, the project committers (or, more likely, their employers) grant a patent license for any committed essential claim as described in the Eclipse IP Policy. Those patent grants are “locked in” whenever a specification project engages in a successful progress or release review. So, by virtue of holding committer status on a specification project at the time of successful completion of a progress or release review, license grants for those patents represented by the committer are locked into the specification project.

Those grants flow out of the project to a compatible implementation through the ratified final specification (as defined by the EFSP). That is, when an implementation of a specification is based on a final specification (i.e., the implementation implements all non-optional elements of the final specification, does not extend the API, and fulfills all the requirements of the corresponding TCK), those committed patent grants flow to the implementer.

To be clear, a compatible implementation must be based on a final specification (not, for example, the specification document source or a milestone build).

Participant Representative Committers

All participant members of the working group that do not already have committer representation on a specification project may appoint one. The intent behind the notion of a participant representative is to ensure continuity of the flow of intellectual property grants when an participating organization is found to be without representation.

Tip

There is no specific rule in this regard, but it considered good form to inform the working group’s specification committee about the appointment.

Following their appointment, participant representatives become indistinguishable from other committers on a specification project. As such, following appointment, participant representative committers are subject to the same rules as any other committer: they do not hold any special status or formal role beyond that of committer once appointed, and they retain their committer status if they change employers.

An organization’s specification committee representative may send a note to EMO with a request to appoint a participant representative.

Contributors

Anybody that contributes to an Eclipse specification project is a contributor. Contributors make pull requests against project repositories. Pull requests must be reviewed and merged by a committer.

specification contributors
What paperwork is required?

To become a contributor, an individual must:

  1. Create an Eclipse Foundation account;

  2. Sign the Eclipse Contributor Agreement (ECA);

  3. Contribute! (submit a pull request)

Note

If you are already a committer, your committer agreement includes an ECA; so you’re already covered. If your employer is a member of the Eclipse Foundation and your employer has signed the Member Committer and Contributor Agreement (MCCA), then you’re already covered. You can check your status on the Eclipse Foundation account page (your ECA status is in the top-right corner). If you’re not sure contact EMO Records for assistance.

Regular contributors of high quality content shoul be invited to join the specification project team as a committer (via committer election).

Committers

Committers are developers who have the ability to directly push (i.e., they have write access) their own contributions to the project’s Git repositories, and have the responsibility to review and merge the contributions of others. Committers are responsible for implementing the Eclipse Development Process and abiding by the Eclipse Intellectual Property Due Diligence Process.

Committer status is assigned on a project-by-project basis. That is, individuals have committer rights only on those projects for which they hold committer status. For all other projects, they are contributors.

Tip

In order to get committer rights on project repositories hosted on GitHub, you need to set your GitHub Id in your Eclipse Foundation account.

Specification Development Agreements

Due to the nature of specification project work, the committer agreements need to be augmented. For Eclipse open source software projects (i.e., those projects not engaged in specification development) the committer agreements (Member Committer and Contributor Agreement and Individual Committer Agreement) are sufficient. The complete set of required agreements are described below.

specification committers
What paperwork is required?

A committer who is self-employed, unemployed, or a student needs:

  • Individual Working Group Participation Agreement (WGPA), which includes:

    • Membership Agreement as a Committer Member, no dues

    • Individual Committer Agreement

A committer whose employer is either not an Eclipse Foundation Member; or is an Eclipse Foundation Member that is not a participant in the working group needs the following agreements:

  • Individual Working Group Participation Agreement (WGPA), which includes:

    • Membership Agreement as a Committer Member, no dues

    • Individual Committer Agreement

    • Employer Consent Agreement for Eclipse Specification Projects (“Consent Agreement”)

A committer who works for an Eclipse Foundation Member that is a working group participant needs: * No additional agreements are required.

Note

The Eclipse Foundation’s committer provisioning process is automated. As a new committer, you will—following your successful election—be contacted by the EMO Records team by email to engage in our agreement workflow which guides you through signing those agreements that you need. These agreements are all available for your review on our Legal Resources page. The working group-specific agreements are on our Explore our Working Groups page.

Working Group Participation Agreement

A WGPA is signed by an organization that wishes to participate in a particular working group. By signing the Working Group Participation Agreement (WGPA), an organization agrees to become a participant of the working group and to adhere to the terms outlined in by the working group’s charter.

WGPAs are working group specific; signing the agreement for a particular working group covers the employees of the organization operating in a committer role on one or more specification projects operating under the purview of that working group’s specification committee.

Participation in a working group requires that the organization commit to being a member of the Eclipse Foundation (at a level defined by the working group’s charter) and to commit to the terms of the Member Committer and Contributor Agreement (MCCA). Both of these commitments are explicitly made as part of the organization signing the WGPA.

Individual Working Group Participation Agreement

An IWGPA is signed by an individual that wishes to participate in a particular working group when their employer is not themselves a participant in the working group. By signing the Individual Working Group Participation Agreement (IWGPA), an individual agrees to become a participant of the working group and to adhere to the terms outlined in by the working group’s charter.

Like WGPAs, IWGPAs are working group specific; signing the agreement for a particular working group covers the individual to operate in a committer role on one or more specification projects that operate under the purview of that working group’s specification committee.

Participation in a working group requires that the individual commit to being a committer member (there are no fees associated with being a committer member) of the Eclipse Foundation and to commit to the terms of the Individual Committer Agreement (ICA). Both of these commitments are explicitly made as part of the individual signing the IWGPA.

The Employer Consent Agreement for Eclipse Foundation Specification Projects ("Employer Consent Agreement" or "Consent Agreement) is required for committers who work for a company that is not a participant in the working group. This agreement must be signed by the employer; that is, it must be signed by somebody with authority to enter the agreement on behalf of the committer’s employer.

Eclipse Foundation Specification License

The Eclipse Foundation takes copyright ownership of the specification document of every ratified Final Specification. By asserting copyright ownership on the specification documents, the Eclipse Foundation has the ability to protect the specifications in the event that a third party fails to follow the terms of the Eclipse Foundation Specification License.

The Eclipse Foundation Specification License is applied to the specification documents for all ratified final specifications. This action ensures that derivative works of those specification documents cannot be created, thus preventing their use as the basis for incompatible implementations.

Specification Project Lifecycle

Like regular Eclipse open source projects, a specification project starts life as a proposal with a description, scope, list of committers, and more; goes through an iterative development cycle that produces one or more milestone builds; and then engages in a release process.

specifications lifecycle
An overview of the Eclipse Foundation Specification Process

Specification Committee

Unlike a "regular" Eclipse open source project, a specification project must be aligned with exactly one working group. Each working group designates a specification committee that maintains and manages the specification process on the working group’s behalf. A specification project must get approval from the corresponding specification committee to pass key project lifecycle events.

The specification committee is responsible for ensuring that the specification teams keep within their defined scope, and generally ensure that the specification versions created by the specification project are implementable and serve the purposes of the working group.

Specification Committee Ballots

The specification committee is required to engage in a formal ballot to approve key milestones in the lifecycle of their specification projects. The exact means by which ballots are run varies by working group. The following lifecycle events require the approval of the working group’s specification committee:

  • Specification project creation;

  • Release plan;

  • Revision to the scope;

  • Progress and release reviews;

  • Service releases; and

  • Designation of a profile or platform.

By default all ballots require seven days. Some specification committees may increase the length of time for some or all ballots, or add additional constraints.

To succeed, a vote requires positive responses from a super-majority (defined as two-thirds) of the members of the specification committee. Votes to designate a specification as a profile or platform require positive responses from a super-majority of the specification committee members who represent the interests of Strategic Members of the Eclipse Foundation. It’s worth noting that there is no veto.

The criteria by which representatives decide how they’re going to vote varies by individual and according to the values of the individual and the organization that they represent (if applicable). Minimally, the specification committee is expected to use their vote to ensure that specification projects stay within scope. In the case of a progress review, the voters will need to consider whether or not the project is progressing in a manner that will eventually result in a successful vote on the eventual release review that gates the ratification of the final specification.

In the event of a failure, the specification committee will provide feedback regarding the reason for the failure to the project team, who will work to mitigate issues and then re-engage.

Creation Review

Creation reviews give the community a last opportunity to review and comment on a new project proposal before it is created.

The specification committee needs to approve of the creation of a specification project from a proposal by taking a role in the creation review. The expectation is that the specification committee members will consider the details of a proposed specification project (with particular focus on the scope) before making their decision. In addition to the requirements defined by the Eclipse Development Process (EDP), a super-majority ballot of the entire specification committee is required to approve a creation review.

Tip

Contact the EMO to initiate a creation review.

Following successful creation and provisioning of project resources, a specification project team begins development.

Specification Development

During the development cycle, the project team will produce one or more milestone builds to provide a means for the community to provide feedback.

Warning

A milestone build must never be used to claim compatibility with a specification. An implementation of a specification may only be considered compatible when it is based on a final specification.

A development cycle begins when a either a creation review or a plan review is declared successful. A specification project team must engage in a progress review when a development cycle exceeds one year in duration.

Progress Review

For a progress review, the Project Management Committee (PMC), and Eclipse Management Organization (EMO) validate that the specification project team is following the EDP and EFSP, and that the Eclipse Foundation’s Intellectual Property Policy is being correctly implemented. The EFSP requires that the specification committee approve a progress review by super-majority ballot.

Note

The intent of the progress review is to ensure that the specification project is progressing in a manner that will ultimately result in a successful release. A specification committee or project leadership may compel a specification project to engage in additional progress reviews.

Release Review

A specification project team must engage in a release review for every release (major, minor, and service).

At the end of every development cycle, the project team must produce a release candidate build that is designated as a specification version and then engage in a release review. For a release review, the PMC, EMO, and specification committee all engage in the same sorts of activities that they do for a progress review, but with the understanding that approval results in the ratification of the specification and promotion to an official status. The EFSP requires that the specification committee approve a release review by super-majority ballot.

Tip

To engage in a release review, create a release record (if one has not already been created as part of the planning process) and contact the EMO to schedule the review. Your PMC and specification committee may provide additional requirements and documentation that must be met to get their approval of the review.

Plan Review

Following a successful first release (and every subsequent release thereafter), and before engaging in any further development of the specification, the project team must assemble and present their Plan for review by the Specification Committee via Plan Review. The notion of a Plan Review is specific to the EFSP (since Plan Reviews are not part of the EDP, no formal involvement from the PMC is required). A Plan Review provides the Specification Committee with an opportunity to ensure that the plan for the next Specification Version is in-scope, fits within the overall vision of the Working Group, and is otherwise charting a path to eventual ratification and release. The EFSP requires that the Specification Committee approve a Plan Review by Super-majority vote.

The plan itself must be in-scope (i.e. all new work must fall within the bounds defined by the specification project’s scope) and must be developed in consideration of the concerns of stakeholders. It must, for example, take plans of the PMC or associated working group into consideration . The concerns of the project team must also be taken into consideration when creating a plan.

Tip

To engage in a plan review, create a release record and contact the EMO to schedule a review.

After the Plan is approved, the Project Team engages in Development as before.

Final Specification

Following a successful release review, the final release version of the specification artifacts are considered ratified and transmogrifies into what the EFSP refers to as a final specification. It is the final specification that must be used to build compatible implementations.

All versions of specifications that are referenced by a ratified final specification must themselves be ratified. The release review for related specification versions may be run concurrently.

Final Specifications and their associated artifacts are distributed under specific licenses. The specification document for the final specification must be distributed as read-only text (e.g., PDF) under the Eclipse Foundation Specification License. The ratified TCK in composite is distributed under the Eclipse Foundation TCK License. Other technical artifacts must be distributed under an open source license (normally the specification project’s license).

Compatible Implementations

At least one compatible implementation of a specification version under one of the designated open source licenses before it can be ratified as a final specification. Other compatible implementations may be created from the final specification and distributed under other licensing terms (as determined by respective vendors).

Compatible Implementations may only claim compatibility with a final specification. The intellectual property rights required to build a compatible implementation flow from the final specification. That is, in order to be considered a compatible implementation and benefit from the intellectual property protections provided by the Eclipse Foundation Specification Agreement, an implementation must be based on a final specification. No claims regarding compatibility may be made for an implementation milestone build or unratified specification version.

Frequently Asked Questions

  1. Do we need to engage in a release review for a service release?

    Yes, the specification project team must engage in a successful release review prior to issuing a release of any kind; this includes service releases.

  2. Can the specification committee block/veto a release?

    Yes. The specification committee’s super-majority approval of the release is an absolute requirement. Without their approval, there can be no ratification of the final specification, so there can be no release.

  3. Can you provide more information regarding why these agreements are necessary?

    Explaining these documents would be a form of legal advice, and we simply cannot provide that. The short version is that we need these agreements and if you want somebody to explain them to you, you’ll need to consult with your lawyer.

  4. Do I need to arrange for my employer to sign the Employer Consent Agreement for Eclipse Specification Projects?

    You do not need to arrange for your employer to sign the Employer Consent Agreement for Eclipse Specification Projects if you are unemployed, self-employed, or are a student.

    If, however, you are employed, and your employer is not a member of the working group, then you must arrange for your employer to sign the Employer Consent Agreement for Eclipse Specification Projects.

  5. Do I need to sign the ECA?

    If you are not a committer on an Eclipse open source project, to contribute (e.g., make pull requests) to that project, you need to be covered by an ECA. If you are already a committer on any Eclipse open source project, then you are already covered by an ECA through your committer agreement and do not need to sign the ECA separately. If your employer has signed the Member Committer and Contributor Agreement, then you are already covered by an ECA and you do not need to sign the ECA separately.

    If you are a committer on a project you do not need an ECA to contribute to that project.

  6. How do I know if I’m covered by an Eclipse Contributor Agreement?

    Visit your Eclipse Account page. Your Eclipse Contributor Agreement (ECA) status is shown in the top-right corner.

    For example, this contributor is covered by the ECA (and is a committer on one or more Eclipse Foundation open source projects).

    accounts status
  7. How do I know if my employer is a member of the Eclipse Foundation?

    If your employer is a member of the Eclipse Foundation, they will be listed on the Explore Our Members page.

  8. How do I know if my employer has signed the Member Committer and Contributor Agreement (MCCA)?

    If your employer is a participant in the working group, then they must have signed the Working Group Participation Agreement, which includes the Member Committer and Contributor Agreement.

    If you are unsure whether or not your employer has signed a particular document, please contact the EMO Records Team.

  9. What happens when I change employers?

    Your status as a committer is not tied to your employment status. Your committer status will not be revoked when you change employers, but it may be suspended while we resolve the legal status of your ability to contribute to Eclipse open source project. You may, for example, require new committer paperwork to reflect your new employment status. If you change employers, please contact the EMO Records Team for help regarding paperwork requirements.

  10. What if my employer will not sign the Employer Consent Agreement?

    If your employer is not a participant of the working group, your employer must sign the Employer Consent Agreement to provide the necessary legal coverage for you to be a committer on a specification project operating under the purview of that working group. Without this agreement, you cannot have a committer role on a specification project. You may, however, continue to operate as a (non-committer) contributor on specification projects. You may also assume a committer role on Eclipse open source projects that are not engaged in specification development.

Intellectual Property

The term intellectual property (IP) refers to any sort of creative work, be it literature, art, or software. In the realm of open source software, artifacts like source code, documentation, and images are considered intellectual property. Unless otherwise stated, intellectual property is the property of its creator, who may grant permission for others to use that intellectual property by providing a license.

The ease with which software can be copied and combined makes it challenging to know with confidence if content can be used without running into legal issues. Any sort of serious software development effort must be accompanied by a well-defined IP due diligence process that can ferret out issues and mitigate the risk of leveraging the work of others. IP due diligence is a time consuming process that requires specialized skills and a keen eye for detail.

There are different kinds of content (e.g., source code, documentation, and images) to consider. Project code (or project content) is content that is produced and maintained by the open source project committers and contributors. Third party content generally takes the form of libraries (e.g. modules, or components), source files, images, or other forms of IP that are produced and maintained outside of the scope of the open source project. To mitigate the risk associated with adopting open source in products, the project code and the third party content that it leverages need to be reviewed to ensure that the copyrights expressed are correct, licensing is valid and compatible, and that other issues have been uncovered and properly investigated.

The Eclipse Foundation has a well-defined IP Policy, corresponding IP Due Diligence Process, and an IP Team of dedicated professional IP specialists who perform the heavy lifting in the due diligence process. Committers, the software developers who decide what will become project code and how an Eclipse open source project will leverage third party content, are responsible for bringing IP issues to the attention of the Eclipse IP Team.

Most of the project code produced by committers can just be pushed into a project repository without any sort of legal review. However, at least in some cases, the IP Team needs to be engaged to review project code that comes from contributors (who are not committers); and there are some cases where even the work of committers needs to be reviewed. These cases are highlighted in the IP Due Diligence Process document.

The IP Due Diligence Process focuses on source content. For the purposes of the IP Due Diligence Process, the term source code (or source content) refers to the pre-compiled content, including programming language source, configuration and property files, as well as binary things that don’t have a pre-compiled form like icons. The IP Due Diligence Process is concerned with reviewing the IP that is either consumed (third party content) or produced (project code) by the Eclipse open source project. The process doesn’t generally focus on compiled content (e.g. the IP Team looks at source code, not JAR files).

The IP Due Diligence Process does not dictate how source code repositories are structured. When the IP Team signals that content can be used, the project team can put content into their repositories in whatever structure makes the most sense. Similarly, the IP Due Diligence Process is not concerned with how third party content is represented (e.g. how it is integrated into builds) or how it is disseminated.

Note

The Eclipse Development Process does restrict how content can be disseminated based on the state of the IP review. A Project team can create and distribute milestone builds of any content that has been granted check-in from the IP Team. All content must be approved by the IP Team before the project can engage in a formal release.

The entry point into the IP Due Diligence Process is the Contribution Questionnaire, or CQ. Project teams should create a single CQ for the initial contribution of project code. The initial contribution is a special type of project code contribution in the sense that it is the first thing that the IP Team will review on behalf of the project team.

IPZilla

IPZilla is a modified instance of Bugzilla that tracks the progress of the IP due diligence review and approval process. It is the main interaction point between committers and the IP Team. IPZilla is accessible only by committers, Eclipse Foundation member company representatives, and other specifically-designated individuals. Authorized users can review both completed and ongoing reviews via IPZilla.

Contribution Questionnaires

A Contribution Questionnaire (CQ) is the main interface between Eclipse committers and the IP Team.

A CQ is started when a committer completes a questionnaire regarding a project code contribution or third party content. In literal terms, a CQ is a record in IPZilla that tracks the progress of the approval process. The CQ record is the primary communication channel between the submitting committer and the IP Team. CQ records persist indefinitely.

Tip

Use the Create a Contribution Questionnaire tool on a specific project page in the Project Management Interface (PMI) to create a CQ.

All significant contributions of code to be maintained by an Eclipse project, as defined by the Eclipse IP Due Diligence Process require a CQ. Projects further require a CQ for every piece of third party content that project code makes direct use of (regardless of whether or not the content is directly distributed by the project.

CQs are not generally required for ongoing work done by project committers. Consult the IP Due Diligence Process document for more information.

Initial Contribution

Code provenance tracking is critical (the source of all code that ends up in Eclipse Foundation repositories must be well known). To that end, all new projects are required to make an initial contribution before any code is committed to a project’s source code repository.

ip ic overview
How The Initial Contribution Fits into the Project Creation Process

Following a successful Creation Review, the EMO will initiate the provisioning process (Committers provide required paperwork and the Webmaster creates project resources (Git, downloads, website, etc.);

The initial contribution, like any other project code contribution, should contain only project code/content. Any third party content that might be included in the existing source tree should be excluded from the initial contribution and submitted as separate CQs.

The IP Team will review the initial contribution to ensure that it hasn’t been copied inappropriately, that licenses are being used correctly, and so forth. As part of this process, the IP Team will research the source of all code; depending on the size of the contribution, this can be a time-consuming process.

Because a full review can be time-consuming, the IP Team will in most cases engage the Parallel IP Process. This starts with a cursory review of the content, and—​assuming that no significant issues are uncovered by that cursory review—​the IP Team will grant check-in indicated that the project team can push the initial contribution into their Git repository (or initiate the transfer of their existing repository) and start working while the IP team continues their review in parallel.

After check-in has been granted for the initial contribution, the project team should start the process of engaging the IP Team with their third party content review requests.

Any project committer can initiate the review process by creating a CQ.

Tip

Eclipse Foundation systems use email to inform and remind interested parties of the various steps in this process. Only the committer who creates a CQ is notified by default, but other committers can be added to a CQ’s CC list to be included in the communication.

The email address that is associated with your Eclipse Foundation account is used; be sure to check spam filters to ensure that these messages are not missed. Send a note to EMO if you are concerned that you are not receiving these notification.

A project cannot make a release until the due diligence on the IP contained in that release—​including project code contributions and third party content—​is complete.

The IP Team is not able to review the history of project code being moved to an Eclipse project. The IP Team will review a snapshot of the project code and that snapshot, the initial contribution, must be the first commit in the Eclipse repository. If your project uses an existing GitHub repository, the Eclipse Webmaster team will help you obscure the history into a hidden branch.

Project Code Contributions

In general, contributions made by project committers do not require review and can be pushed directly into a project repository (though, some project teams may impose additional review restrictions).

Some contributions of code to maintained by the project (i.e. committed to a project source code repository and maintained by the project team) must be reviewed by the IP Team. The IP Due Diligence Process provides help to determine whether or not the contribution needs to be reviewed by the IP Team (when uncertain, Project teams should connect with their project mentors or PMC for assistance).

All contributions of project code must be tracked in the project’s IP Log. This is done automatically when the author information is correctly specified in Git commit records.

Any project committer can create a CQ to submit a project code contribution for review by the IP Team. The project code must be attached to the CQ in source form.

Ownership

The author of a contribution (or their employer) retains ownership of the intellectual property contained in the contribution. As part of the contribution process, the contributor licenses their contribution under the project license.

Third Party Content

The sort of effort that the Eclipse IP Team brings to bear on third party content varies depending on the type. The Guidelines for the Review of Third Party Dependencies defines three different types: Prerequisite, Exempt Prerequisite, and Works With Dependency.

Note

The term contribution questionnaire is a bit misleading when it comes to third party content. Third party content is not a really a contribution to the project, but since the requirements for tracking project code and third party content is very similar, the same mechanism is used for both.

Prerequisites

The simplest form of third party content is the Prerequisite (or prereq). Prerequisites are required by the Eclipse project content to provide core functionality. Prerequisite content is not generally stored in an Eclipse project’s source code repositories, but is likely included in build scripts and referenced as runtime dependencies. Since adopters of Eclipse project content are compelled to adopt the Prerequisite content, that content must also be reviewed by the IP Team. The review requirement applies recursively: the entire transitive closure of a Prerequisite’s dependencies needs to reviewed (the dependencies of a Prerequisite are themselves Prerequisites).

prereq dependencies
Eclipse Project Dependencies

Examples of Prerequisite dependencies:

  • the Java/OSGi manifest for one of the project bundles makes a direct reference to third party content (either a bundle or package);

  • project code includes an import statement for a package from third party content;

  • project code imports a third party library’s header file;

  • project code uses reflection or other means to reference APIs and implementation;

  • project code uses OSGi Services to make a reference to a specific implementation of a service; or

  • project code invokes a command line interface.

This list is not intended to be exhaustive, but rather to provide common examples. Fundamentally, when project code makes some kind of use of third party content, then that content is likely a Prerequisite. Under certain conditions, the content may also be classified as an Exempt Prerequisite or a Works With Dependency (see below).

In the case where an Eclipse project references code from another Eclipse project that itself references Prerequisites, no further review of that chain of Prerequisites is required (the IP Team will have already reviewed it on behalf of the second project team). Eclipse project teams should take care to only reference release versions of other Eclipse projects in their own releases to ensure that the IP Due Diligence Process has been completed.

eclipse dependencies
Eclipse Project Dependencies

Any project committer can create a CQ to submit a Prerequisite for review by the IP Team. The source code that was used to build the content must be attached to the CQ.

Project teams must create a separate CQ for each source (e.g. open source project) of third party content. Source code must be provided for all Prerequisite CQs. CQs for Prerequisite content are version specific, so separate CQs are required for each different version.

Note

The project team can provide the IP Team with finer-grained requests if that’s easier. That is, a project team can ask the IP Team to review the source for specific subsets of content (e.g. individual JAR files or modules), or an entire source tree that’s used to build several components. The IP Team’s focus is on source content; they do not generally review built content or focus on how the source code is assembled (i.e. they don’t generally review JAR files).

Many third party libraries have already been approved by the IP Team. The first stage of the CQ creation process involves a search of existing content; if the content has already been approved, the project team can piggyback on the already-approved content (via a Piggyback CQ). Piggyback CQs are approved automatically and immediately.

Versions of Prerequisites

Reviews of Prerequisites are version specific. That is, project teams are required to engage the IP Team with each separate version of Prerequisite content they require. When the project team adopts a new version of some third party content, a new CQ with a new source attachment must be created and taken through the process.

This applies specifically to major and minor versions of Prerequisites.

Project teams are not required to engage with the IP Team to review service releases for third party content, provided that the service release is based on a release that has either been license certified or approved by the IP Team. A service release is defined as a release that is backwards compatible and contains only bug fixes. If a project team isn’t sure whether or not a particular release is a service release, they should submit the content for review and let the IP Team decide.

Due Diligence for Prerequisites

The Eclipse IP Policy defines two types of due diligence review for Prerequisites. These types are used to refer to the third party content itself, the type of the CQ, and to the overall process.

Type A Prerequisites are reviewed to ensure that the licenses contained in the content align with the project license. Successful application of the Type A Due Diligence Process results in a CQ that is license certified. Type B content undergoes a far more thorough due diligence process that validates license certification, confirms the provenance of the content, and scans for various anomalies; successful application of the Type B Due Diligence Process results in a CQ that is approved.

The notion of due diligence types extends to projects and releases. A project team may specify a default due diligence type for the project, which both indicates intent to the community, and specifies the default value (which may be overridden) when creating new CQs for the project. When a release makes reference to any Type A Prerequisite software, then the release must also be designated Type A. If all of the Prerequisites referenced by a release are Type B, then than release may be designated as Type B. A project team can decide what level of due diligence is required for each separate release. Hypothetically, a project team could opt to make several Type A releases followed by a Type B release, and then switch back (project teams that need to engage in short release cycles may adopt this sort of cycle).

Type A CQs are processed automatically by the Eclipse Genie process. When a single license is identified for all files in the source content attached to a Type A CQ, and that license is on the Eclipse Foundation’s Third Party Content Licenses White List, then the CQ is automatically marked license_certified, indicating the project team is free to use that content. When multiple licenses, blacklisted licenses, or otherwise problematic licenses are detected (i.e. anything other a single white listed license), then the CQ is sent to the Eclipse IP Team for further investigation.

Tip

The Eclipse IP Team encourages new project teams to start with one or two Prerequisites and then work with the IP Team to ensure that the process is well understood, so that the process can be engaged in as efficiently as possible (for all parties).

Exempt Prerequisites

When one follows a dependency graph all the way to the bottom, the entire runtime environment including virtual machines and the operating system are included in the transitive closure of dependencies. Clearly, having the IP team review virtual machines and operating systems is not a great use of time, and—​in the case of closed source operating systems—​just not be possible.

The Eclipse IP Due Diligence Process guidelines provide for a notion of Exempt Prerequisite dependencies, which are not subject to review. According to the guide, content may be considered exempt if it "is pervasive in nature, expected to be already on the user’s machine, and/or an IP review would be either impossible, impractical, or inadvisable." The Eclipse IP Team does not review the source code associated with an Exempt Prerequisite.

One of the key aspects of an Exempt Prerequisite is that the user or adopter is typically the one that actually installs the software and so is the one who must agree to the licensing terms. Content that is declared an Exempt Prerequisite should never be directly distributed by an Eclipse project or otherwise made available without some explicit action from the consumer.

Any project committer an create a CQ to submit an Exempt Prerequisite for review by the IP Team. Exempt Prerequisites must be approved by the Eclipse Foundation’s Executive Director.

Works With Dependencies

The Eclipse IP Due Diligence Process guidelines also define the notion of a Works With Dependency (commonly referred to simply as a Works With) that applies in two different cases. Third party content may be declared a Works With Dependency when:

  • the functionality of Eclipse project code is enhanced by the presence of the software, but is otherwise functional and useful without it; or

  • there are multiple choices and reviewing all of them is impractical or impossible.

A Works With Dependency is, literally, a dependency that the Eclipse project code will work with when it is available. The fundamental requirement is the Eclipse project code must be useful and adoptable without the Works With Dependency. That is, either the project code provides useful functionality without the Works With Dependency or the Works With Dependency is a suitable alternative for a Prerequisite.

prereq and workswith
Prerequisite and "Works with" Dependencies

As with an Exempt Prerequisite, a Works With Dependency should never be directly distributed or otherwise made available without some explicit action from the consumer. The consumer is responsible for making the Works With Dependency content available and otherwise agreeing to the terms for that content.

It’s enough to just create a CQ to register the use of Works With Dependency without seeking IP Team approval for its dependencies. Works With Dependencies must be approved by the Eclipse project’s PMC.

Piggyback CQs

Many third party libraries have already been approved for use in Eclipse projects. While these libraries have already been cleared for use by all projects, their use must be tracked so that—​in the event that a issue is uncovered following the due diligence process—​we can mitigate the impact of that issue.

A Piggyback CQ can be created on top of an existing resolved CQ. Piggyback CQs share the due diligence type of the CQ that they reference (when a CQ’s due diligence type changes, Piggyback CQs are also changed).

Piggyback CQs are generally approved very quickly as the due diligence work has already been completed.

Content from Other Eclipse Projects

IP Team review or approval is not required for an Eclipse open source project to use released content from another Eclipse open source project as part of a release (a project may use unreleased content from another project in milestone builds). A release of one project should never include unreleased content from another project.

A CQ is not required for third party content that is indirectly used by virtue of consuming content from another Eclipse open source project. If an Eclipse projects makes direct use of third party content inherited by consuming another Eclipse open source project, then a Piggyback CQ is required

CQ Workflow

The workflow for creating a CQ for third party content starts with a search of existing CQs. If an existing CQ can be found that is concerned with the same content and version, then a Piggyback CQ is created. Piggyback CQs are automatically and immediately approved.

If an existing CQ cannot be found, a new one must be created. Once created, the source code for the third party content must be attached to the record by the committer. The PMC must then approve the record. If the project is eligible to leverage the Parallel IP Process, the IP Team performs a cursory review of the record and—​if the CQ meets with the requirements—​tentatively approves the use of the content while the full review is undertaken in parallel.

The Eclipse IP team may require assistance from the project team it performs a deep analysis of the content. Once that analysis is complete and the Eclipse IP Team has made a decision, they will outline the next steps. These next steps may—​in the event that the content is rejected—​require that the content be removed from the project’s source code repository, or that some part be removed. Most often, the content is approved and the CQ is marked as such.

Be advised that this process may take a while. The actual amount of time that it takes to process a CQ depends on numerous factors including the size of the queue, and the nature and size of the contribution.

Parallel IP Process

The Parallel IP Process allows Eclipse projects to make use of project code contributions and third party content before they are fully approved by the IP Team. In practical terms, the Parallel IP Process permits—​with preliminary approval from the IP Team—​a project to check-in code contributions into their source code repository and run builds against third party content without having to wait for the full IP Due Diligence Process to compete.

Note

There is some risk associated with the Parallel IP Process. The IP Team will grant preliminary approval based on a cursory review of the contribution; but during their full review, they may uncover issues that require mitigation. This may require, for example, that some parts of a contribution be removed completely (history and all) from a source code repository.

To leverage the Parallel IP Process, projects still submit a CQ. The difference is that once a CQ has been reviewed for license compatibility, the project will be authorized via IPZilla to check-in the code and start working on it.

All IP must be fully resolved before it is included in a release.

IP Logs

An IP Log is a record of the intellectual property contributions to a project. This includes such as a list of all committers, past and present, that have worked on the code and (especially) those who have made contributions to the current code base.

Note

An IP Log is a record of intellectual property for an entire project. The purpose of the IP Log review is to confirm that the project team understands the Eclipse IP Policy and is implementing the supporting processes. An IP Log is not intended to reflect the intellectual property included with any particular release.

The IP Log is a big part of the official release cycle. You are required to submit your project’s IP Log prior to scheduling a release, or restructuring review. We encourage you to keep your IP log current rather than rushing at the end. The IP Log includes important information about your project that lets adopters know where all the code comes from, who owns the copyrights, and so forth.

Specifically, the log tracks:

  • Licenses;

  • Past and present committers;

  • Third party content; and

  • Contributions from outside the project (i.e. non-committers)

IP Log Generator

The Automated IP Log Tool automatically generates an IP Log using information that is available to the Eclipse Foundation. The list of contributors, for example is automatically generated using information extracted out of the project’s source code repositories.

The IP Log generator pulls information from multiple location to assemble the log:

ip log generator
Sources for the IP Log generator
  • The list of third party content used by the project comes from IPZilla;

  • The project source code repositories are scanned to identify non-committer authors of contributions; and

  • License information is obtained from the Foundation database

To fully leverage the value of the Automated IP Log Tool, the project team needs to:

The Automated IP Log tool populates the Contributors section with information gathered from the project’s source code repositories (source code repository paths specified in the the Source Repositories section in the project metadata). This section lists contributions from non-committers (this is time-sensitive, so contributions made by current committers before they became committers will also be included). Only non-committer contributions are recorded in the generated log.

Git commits contributed by non-committers are identified by the author credentials on the commit record; the Author field must be set to the identity of the actual author of the commit.

The Third Party Software section of the log is populated from IPZilla. The IP Team will mark your contributions in such a way that they will appear in the log. If third party software is not appearing properly, contact the EMO IP Team to make corrections.

Tip

Use the Generate IP Log tool on a specific project page in the Project Management Interface (PMI) to generate and submit the IP Log for review.

Frequently Asked Questions

  1. Can third party content be included in an Eclipse project’s source code repository?

    Yes. Third party content can be included in binary form (e.g. source and binary JAR files) in a project’s source code repository if that makes technical sense for the project.

    Third party content that is stored in the project repository is effectively a fork of that third party content. This is a bit of a grey area in that it is third party content that will be ultimately treated as project code (i.e. contributors may potentially modify it).

    Third party source code must be reviewed by the EMO IP Team (i.e., open a CQ) before it may be include in a project repository.

  2. The IP Due Diligence Process says that I need to create a CQ for project code contributions that exceed 1,000 lines of code; how do I calculate lines of code?

    The short version is that the Eclipse Foundation trusts the judgement of Eclipse committers regarding how lines of code should be calculated. What we’re interested in is net new intellectual property. With this in mind, it’s not generally correct to just add the number of lines added to the lines removed; it’s also not generally correct to use the difference of these numbers to determine the true number of lines in a contribution. Again, as a committer we trust your judgement.

    If a contribution contains significant new functionality, or if you are not certain of the provenance or are otherwise concerned that there may be intellectual property issues with a contribution (of any size), then the IP Team needs to be engaged.

    If you’re not sure, create the CQ.

  3. Can my release use unreleased content from another Eclipse open source project?

    No. A release may only use released content from other projects. A project may disseminate milestone builds that include unreleased content, but the upstream content must be released before a downstream project can include the content in their own release.

  4. Are project websites subject to the IP Due Diligence Process?

    Website content is separate from project code. Project teams are expected to respect licenses for all web site content, but are not required to submit website content (including third party libraries) for review by the IP Team.

  5. Can project code be license certified by the Type A due diligence process?

    No. Only third party Prerequisites can be license certified. Project code is reviewed using a process that is similar to that employed for Type B Prerequisite content.

  6. Is my project eligible to choose Type A level IP Review?

    Yes, all Eclipse projects are eligible to choose Type A or Type B for its Prerequisites by choosing the preferred option when creating a CQ.

  7. How does a Project Lead document their project as Type A?

    The Project Lead and all committers have the ability to designate their project as Type A via the project metadata.

  8. Can a project use a combination of Type A and Type B CQs?

    Yes. A project that has at least one Type A CQ must be designated Type A.

  9. Can a release use a combination of Type A and Type B CQs?

    Yes. A release that has at least one Type A CQ must be designated Type A.

  10. Can a Type A project have Type B releases?

    Yes. It is possible for a Type A project to have some subset of its CQs be Type B. When a particular release contains only Type B CQs, that release is Type B.

  11. If my project requests Type A review for a CQ, can we later change the request to Type B?

    Yes.

  12. How do I change a CQ from Type A to Type B?

    Add a comment to the CQ asking the IP Team to change the due diligence type. If you want to change multiple CQs from Type A to Type B, the Project Lead should contact the IP Team to coordinate and discuss scheduling and timelines.

  13. Can a project join a simultaneous release if it has chosen Type A due diligence?

    From the point of view of the Eclipse Foundation and the Eclipse Development Process, it is completely acceptable for a project to join a simultaneous release while leveraging Type A content. The parties that manage the simultaneous release, however, may impose additional restrictions.

  14. Can a project release and/or graduate if it has chosen Type A CQs?

    Yes. There is no barrier to releasing and/or graduating based on the IP due diligence type chosen.

  15. My project is new to the Eclipse Foundation, am I eligible for Type A or Type B?

    That is entirely up to the project. However, during the bootstrapping process, new projects will automatically be configured to employ Type A due diligence for all Prerequisite content in order to get the project up and running.

  16. Can a Type B only project consume other projects/releases that are Type A or combination Type A/B?

    This is an individual project choice. If a project decides this does not work for them, it is up to the projects work together to resolve any issue.

  17. Do I need to create a CQ for a service release of third party content?

    A CQ is not required for a service release that is based on an resolved version of third party content. That is, if one version of third party content is resolved as either license certified (Type A) or approved (Type B), then service releases that include only bug fixes that extend that release may be used without creating a CQ.

  18. Is an IP Log Type A or Type B?

    IP Logs are not themselves intellectual property and so are neither Type A nor B.

  19. The IP Log references Type A content, but my release is Type B. What should I do?

    The purpose of the IP Log review is to checkpoint the IP Due Diligence Process; an IP Log is not intended to be an accurate reflection of exactly what is in any particular release. If your project engages in a combination of Type A and Type B releases, then it is natural for the IP Log to include both. It is the project team’s responsibility to ensure that the content specifically associated with a a Type B Release includes only Type B Prerequisites.

  20. What do you do with the IP Log?

    IP Log reviews occur in two stages. In the first stage, the EMO performs a technical assessment to make sure that the artifacts produced by the project are properly accounted for in the IP log. You may be asked to assist with the resolution of any discrepancies found during this assessment. In the second stage, the IP Team reviews the log to ensure that it matches their records. The IP log review concludes with approval by the IP Team.

  21. When should I submit the IP Log for review?

    The IP Log should be submitted for review by the IP Team two weeks before the planned end date for a review or (if code moves are involved) a restructuring review. Note that the date of your review may be different from the date of the actual release.

  22. How precise must the "required by" date for the IP Log be?

    The "required by" date is intended to give the IP Team help to prioritize the processing of the IP Log against other requirements. The date selected should be at least one week in advance of the conclusion date any corresponding review.

  23. We submitted an IP Log for our release, but we’ve made some changes since then that will end up in the release, should we resubmit the IP Log?

    The purpose of the IP Log review is to checkpoint the IP Due Diligence Process and ensure that nothing is slipping through the cracks; an IP Log is not intended to be an accurate reflection of exactly what is in any particular release.

  24. Are there other reasons to submit the IP Log for review?

    Generally no. If the IP Team requires an IP Log review outside of the context of a release or restructuring review, they’ll ask for it. It is not generally necessary to submit an IP Log for review outside of the context of a review. It is, however, good practice to do your own review of the generated IP Log periodically to make sure that it accurately reflects the state of the project.

  25. How do I fix problems with the generated IP Log?

    The IP Log is generated based on data from Eclipse Foundation servers. If the log is being generated incorrectly, then the underlying data needs to be fixed. If you spot a problem, send a note to EMO.

Legal Documentation Requirements

The content developed and maintained by Eclipse Foundation open source projects is distributed via multiple channels, including distributed source code management systems, download servers, and software repositories. Further, open source project content is—​by design—​integrated into and distributed as part of the products of adopters. The legal obligations of the content must be observed in all forms of which the content is available.

Where possible we adopt standards and conventions in order to be good open source citizens. We use the Software Package Data Exchange® (SPDX®) specification for communicating the licenses associated with software packages.

Note

This document describes a set of general guidelines for legal documentation. Projects that implement Eclipse Platform Plug-ins and Features under the EPL-2.0 should follow the Legal Documentation for Eclipse Platform Plug-ins and Features.

Projects that implement Eclipse Platform Plug-ins and Features under the EPL-1.0 should follow the Guide to the Legal Documentation for Eclipse Plug-ins and Features under the EPL-1.0.

Source Code Repositories

Eclipse projects may have one or more source code repositories. Since it is possible for source code repositories to be cloned and rehosted, it is important that legal information is captured directly in the root of every repository.

As described below, license and notice files must be included in the root of every source code repository.

git.eclipse.org/project.git
 ├── LICENSE
 ├── NOTICE
 └── ...

Distribution

The distribution form of software artifacts (often in a compiled form) generated from a project’s source code repositories must also include legal information.

License and notice files, as described below, must be included in the root of every unit-level distribution artifact (e.g. JAR file). In the most general case, these files will appear in the root of distribution unit, but the exact location varies by technology type.

For content delivered as Java archive (JAR) files, for example, the legal files should be placed in the META-INF directory.

MyFile.jar
 ├── META-INF
 │   ├── NOTICE
 │   └── LICENSE
 └── ...
Note

This structure need not necessarily be reflected in the source tree. How a project’s build process includes this information is determined by the project team.

When the unit level of distribution is an individual file (e.g. JavaScript), the file must contain a header with copyright and license information, and the best effort must be undertaken to associate the file with the notices (e.g. a link to the source repository in the header).

Project teams should consult with their PMCs for input and advice regarding alternate names and locations for legal documentation.

End User Content

All products delivered by the project—including executables, websites, documentation, and help must include certain notices. An executable might, for example, provide this information in an About Dialog; documentation might include a notice in either the pre- or post-amble, or a website might provide this information in a common footer, or a dedicated page.

The notices must include one or more copyright statement, the assertion of trademarks owned by the Eclipse Foundation on behalf of the project, indication of third party trademarks in use, and—​if applicable—​a cryptography notice.

Example website notices

All material on this website is Copyright (c) 2017, Contributors to the Eclipse Foundation

Eclipse Dash and the Eclipse Dash project logo are trademarks of the Eclipse Foundation. Eclipse and the Eclipse logo are registered trademarks of The Eclipse Foundation.

Java and all Java-based trademarks are trademarks of Oracle Corporation in the United States, other countries, or both.

Content may contain encryption software. The country in which you are currently may have restrictions on the import, possession, and use, and/or re-export to another country, of encryption software. BEFORE using any encryption software, please check the country’s laws, regulations and policies concerning the import, possession, or use, and re-export of encryption software, to see if this is permitted.

Where possible, all source code, property files, and metadata files (including application, test, and generated source code as well as other types of files such as XML, HTML, etc.) should contain appropriate copyright and license notices as well as information on each contribution.

Copyright holders are legal entities: either individuals or companies. Note that employment contracts very often stipulate that the intellectual property developed by an employee is the property of the company (in this case, the company should be listed as the copyright holder, not the individual; the individual should still be listed as an author).

Note

An Eclipse Foundation open source project is not a legal entity. Further, the Eclipse Foundation does not assume ownership of contributions (the Eclipse Foundation is only a copyright holder in those cases where an employee of the Eclipse Foundation has authored the contribution).

Copyright statements take the form Copyright (c) {year} {owner}.

The {year} is the year in which the content was created (e.g. “2004”). The date may optionally be set to a range of years with the first and last years of the range separated by a comma (e.g. “2004, 2017”); in this case, the first year is when the content was first created and the last year is when the content was last modified.

The {owner} is the name of the copyright holder. If the content is subsequently modified and appended to by other copyright owners, the words "and others" are typically appended. So for example: "XYZ Corp." or "XYZ Corp. and others". The words "and others" are used to avoid having to list every copyright owner and because often, most of the content in the file was contributed by the initial copyright owner with subsequent modifications by others being smaller. However, especially if the number of copyright owners is small (e.g. two), there is nothing wrong with listing all of them especially if their contributions are more proportionately equal. For example: "XYZ Corp., John Smith, and ABC Enterprises."

Copyright headers can take one of two forms. In the traditional form, the identities of the copyright holders must be indicated in the copyright statement on the first line of the header.

Eclipse Public License 2.0 Copyright and License Header template
/********************************************************************************
 * Copyright (c) {year} {owner}[ and others] 1
 *
 * This program and the accompanying materials are made available under the 2
 * terms of the Eclipse Public License 2.0 which is available at
 * http://www.eclipse.org/legal/epl-2.0.
 *
 * SPDX-License-Identifier: EPL-2.0 3
 *
 * Contributors: 4
 *   {name} - initial API and implementation
 ********************************************************************************/
1 Name of the initial copyright owner (this must be a legal entity); other organizations that have contributed are either listed individually or grouped together by appending "and others". The year is expressed either as a single year or a range spanning the year of the initial creation and that of the most recent change.
2 Declared project licenses described in human readable form.
3 Declared project licenses indicated using SPDX codes and expressions.
4 The names of the contributors and the nature of their contribution (this section may be excluded).

Contributors should be consistent when expressing copyright on a particular file. In some legal circles, the exact form of the copyright message must be used in summaries, including punctuation (e.g. the "Copyright (c) 2017 My Company, Inc" and "Copyright (c) 2017 My Company, Inc." may be considered different and distinct because of the period).

Note

Older versions of this template included the sentence "All rights reserved." It is not wrong for this sentence to be included in the header; it is just not necessary. File headers that include this sentence do not need to be changed.

Alternatively, project teams can adopt a more generic copyright header for each file and include the identities of the copyright holders in the notice file.

Alternative Eclipse Public License 2.0 Copyright and License Header template
/********************************************************************************
 * Copyright (c) {year} Contributors to the Eclipse Foundation 1
 *
 * See the NOTICE file(s) distributed with this work for additional 2
 * information regarding copyright ownership.
 *
 * This program and the accompanying materials are made available under the 3
 * terms of the Eclipse Public License 2.0 which is available at
 * http://www.eclipse.org/legal/epl-2.0
 *
 * SPDX-License-Identifier: EPL-2.0 4
 ********************************************************************************/
1 The year is expressed as a single year or a range spanning the year of the very initial assertion and that of the most recent change.
2 Statement that indicates where the actual copyright information is located.
3 Declared project licenses described in human readable form.
4 Declared project licenses indicated using SPDX codes and expressions.
Note

The border, line breaks, etc. are not mandated in either form.

Incorporating the SPDX-License-Identifier tag in the header makes it easy for automated tools to discover and report the license of the content. More usefully, the SPDX expression syntax can be used to make it very explicit to automated tools how multiple licenses are combined.

In SPDX, disjunction is used to express dual licensing and conjunction is used to express that the content contains content that is distributed simultaneously under multiple licenses. For example, EPL-2.0 OR MIT expresses that the consumer may choose to accept the content under one of the licenses listed; and EPL-2.0 AND MIT indicates that the consumer must accept the content under both licenses (it may be the case that parts of the content are under one license and other parts are under the other).

Example Copyright and License Header for Dual-licensed Content
/********************************************************************************
 * Copyright (c) {year} {owner}[ and others]
 *
 * This program and the accompanying materials are made available under the
 * terms of the Eclipse Public License 2.0 which is available at
 * http://www.eclipse.org/legal/epl-2.0, or the Apache Software License 2.0
 * which is available at https://www.apache.org/licenses/LICENSE-2.0.
 *
 * SPDX-License-Identifier: EPL-2.0 OR Apache-2.0
 ********************************************************************************/

License File

The license file contains the exact text of the project’s declared licenses in human readable form. The declared licenses are those that the project team’s content is distributed under. This does not, for example, include the licenses of third party content or incidental fragments of code that is incorporated into the project content (the license of any such content should be indicated in the source file itself and the notice file that accompanies it).

If the project code is distributed under multiple licenses then the text of those licenses must be included. The file should start with a short paragraph that describes how the licenses are combined. This statement should in most cases, be exactly the same as the license statement in the file copyright and license headers (see the example below).

Use inclusive disjunction (OR) when talking about dual licenses (e.g. "choose one or the other (or both)").

The license file must be expressed in a human readable (plaintext) form; human readable markup languages may be used. The file is conventionally named LICENSE and may include a suffix (e.g. LICENSE.md).

Example License File (dual-licensed EPL-2.0 or Apache-2.0).
This program and the accompanying materials are made available under the
terms of the Eclipse Public License 2.0 which is available at
http://www.eclipse.org/legal/epl-2.0, or the Apache Software License
2.0 which is available at https://www.apache.org/licenses/LICENSE-2.0.

... Text of the Eclipse Public License 2.0 ...

... Text of the Apache Software License 2.0 ...

Notice Files

Notice files are expressed in human-readable plain text format; human readable markup languages may be used. The file is conventionally named NOTICE and may include a suffix (e.g. NOTICE.md).

The notice file must include basic project metadata, an expression of the declared project licenses, information regarding the licensing of any third party content, and a statement regarding the use of cryptography in cases where either the project code or third party content implements cryptography.

Project metadata provides the identity of the originating project, along with pointers to the project’s website and canonical source code repositories.

The declared licenses statement should in most case, be exactly the same as the license statement in the file copyright and license headers.

If cryptography is included with the content, then the following statement must be included in a comment in the notice file:

Cryptography Statement

Content may contain encryption software. The country in which you are currently may have restrictions on the import, possession, and use, and/or re-export to another country, of encryption software. BEFORE using any encryption software, please check the country’s laws, regulations and policies concerning the import, possession, or use, and re-export of encryption software, to see if this is permitted.

Other information, as deemed necessary by the project team may also be included.

Example NOTICE file
# Notices for Dash, Tools for Committers

This content is produced and maintained by the Eclipse Dash, Tools for
Committers project.

 * Project home: https://projects.eclipse.org/projects/technology.dash

## Trademarks

Eclipse Dash, Tools for Committers, and Dash, Tools for Committers are
trademarks of the Eclipse Foundation. Eclipse, and the Eclipse Logo are
registered trademarks of the Eclipse Foundation.

## Copyright

All content is the property of the respective authors or their employers.
For more information regarding authorship of content, please consult the
listed source code repository logs.

## Declared Project Licenses

This program and the accompanying materials are made available under the terms
of the Eclipse Public License v. 1.0 which is available at
http://www.eclipse.org/legal/epl-v10.html.

SPDX-License-Identifier: EPL-1.0

## Source Code

The project maintains the following source code repositories:

 * http://git.eclipse.org/c/dash/org.eclipse.dash.dashboard.git
 * http://git.eclipse.org/c/dash/org.eclipse.dash.handbook.git
 * http://git.eclipse.org/c/dash/org.eclipse.dash.m4e.tools.git
 * http://git.eclipse.org/c/dash/org.eclipse.dash.maven.git
 * http://git.eclipse.org/c/dash/org.eclipse.dash.repositories.git
 * http://git.eclipse.org/c/dash/org.eclipse.dash.test.git

## Third-party Content

ckeditor (3.0.1)

 * License: MPL 1.1, BSD
 * Project: http://ckeditor.com/
 * Source: http://ckeditor.com/download

commons-codec-1.3.jar (1.3)

 * License: Apache License, 2.0

commons-net (3.3)

 * License: Apache License, 2.0

commons-vfs2 (2.1)

 * License: Apache License, 2.0

Google Gson (2.2.4)

 * License: Apache License, 2.0

Google Guava (19.0)

 * License: Apache License, 2.0

Services_JSON (1.31)

 * License: Modified BSD
 * Project: http://pear.php.net/pepr/pepr-proposal-show.php?id=198
 * Source: http://mike.teczno.com/JSON/

Yahoo YUI (2.3.1)

 * License: New BSD license

YUI (2.6.0)

 * License: New BSD license

## Cryptography

Content may contain encryption software. The country in which you are currently
may have restrictions on the import, possession, and use, and/or re-export to
another country, of encryption software. BEFORE using any encryption software,
please check the country's laws, regulations and policies concerning the import,
possession, or use, and re-export of encryption software, to see if this is
permitted.
Note

The actual text of the project’s declared licenses should not be included in the notice file (they are provided in the license file). The terms of the other licenses included in the content, including third-party licenses, must be observed (e.g. some licenses require that the text of the license be included with the distribution; in this case, position the license text either in the notice file or as close to the corresponding content as possible).

Contributor Guide

While not strictly legal documentation, having concise and clear information how to get involved in a project is very important for building the community around a project. Therefore, to simplify adoption and encourage contributions it is recommended that projects maintain a Contributor Guide. The file is conventionally named CONTRIBUTING (or README) and may include a suffix (e.g. CONTRIBUTING.md).

Like legal documentation, a CONTRIBUTING file should be placed in the root of each repository. Keep the guide as concise as possible: it should contain a few words and a link to other documents for details and more information. Use plain text that can be easily consumed without being formally rendered.

Minimally, the CONTRIBUTING file should include:

  • The name and brief description of the project;

  • A link to the project’s website and documentation;

  • A link to the primary Communication channel (how do potential contributors contact the project team?);

  • A pointer to the canonical source code repositories;

  • Mechanics of how to actually contribute (pull requests accepted, via Gerrit, etc.);

  • Link to sign the ECA (https://www.eclipse.org/legal/ECA.php)

Additionally, the guide might include:

  • Link to downloads; and

  • Link to a more comprehensive project contribution guide (e.g. a website).

Setting up the Development Environment

The CONTRIBUTING file should make it easy for people who got interested in the project to start working with it. It should include:

  • Instructions for obtaining the sources;

  • Clear instructions for setting up any additional tools needed for the development;

  • A description of the dependencies of the project, or even better how to easily get all the necessary content the project depends on; and

  • A list of necessary steps to build the artifacts of the project (e.g. bundles, features, standalone products).

Contributing Code

The CONTRIBUTING file should make it very clear what are the steps a contributor needs to follow, so that their contribution reaches the project and may be accepted.

It should:

  • Include very specific instructions on how contributions are accepted;

  • Indicate whether or not the project will accept GitHub pull requests, along with the necessary steps to have the project honor those requests;

  • Describe the legal part of the process for accepting contributions, e.g. point to the the Eclipse Contributor Agreement (ECA) and Developer Certificate of Origin (DCO); and

  • Describe any project specific rules, which the contributors should know, for example:

    • preferences on code quality;

    • code formatting; and

    • processes for code review.

Projects may slightly different rules for contributing to different repositories. Make this clear to the contributors.

Help Wanted

The CONTRIBUTING file can optionally provide guidance for developers who want to help, but don’t have their own agenda. To help these developers, the guide may list ideas for improvements which the team already knows, or areas where help is needed.

Note

Keeping a help-wanted list up-to-date can be challenging. Consider including a query (e.g. for "helpwanted" issues) rather than (or in addition to) specific work area recommendations.

Frequently Asked Questions

  1. Do the license and notice files need to be named LICENSE and NOTICE?

    No. If there are technical limitations, for example, that require that you select different names, you can do so. But for the sake of consistency for our communities we prefer that this convention be followed. Format-specific file extensions (e.g. NOTICE.md) can be used.

  2. Can the license and notice files use Markdown?

    Yes. Any human-readable markup format may be used.

  3. Is the cryptography statement required?

    The cryptography statement is only required if the project code includes cryptography algorithms or other cryptographic content.

  4. What licenses should be listed in a build script (e.g. Maven pom.xml file)?

    The license(s) in the build should reflect what is being built, but typically not the license(s) of referenced third party content. The pom.xml file for project code, for example, should list the project license(s).

  5. In a multiple license scenario, do we use conjunction (AND) or disjunction (OR)?

    We follow the lead of the SPDX community with regard to the way in which we express the combination of licenses, and use inclusive disjunction. In the example of a dual licensing scenario, we make the content available under the terms of licenses A AND B, but the consumer accepts it under the terms of license A OR B or both. Think of it from the perspective of the consumer.

  6. How do I get help?

    If you have any questions or concerns, contact license@eclipse.org.

Releases

Releases are formal for Eclipse projects.

Releases are broadly categorized as:

  • Major releases include API changes (potential for downstream breakage);

  • Minor releases add new functionality, but are API compatible with previous versions; and

  • Service releases include bug fixes only and include no significant new functionality.

For many Eclipse projects, the release lifecycle follows the traditional pattern of every release being preceded by a release review. This is especially true for projects with release cycles that span a year or more.

release cycle
The Release Cycle

Every release cycle starts with a plan that is created in an open and transparent manner and made available the community both for review and to solicit input. The development process must be iterative, with the regular delivery of milestone builds to solicit feedback. The release cycle ends with the delivery of a final release candidate, a release review, and general availability of the products of the release.

A project team may declare official major or minor releases and distribute associated products for up to one year following a successful release or progress review. Reviews are not required for bug-fix/service releases.

Intellectual property must be properly accounted for and tracked at all times. The project team must engage in the Eclipse IP Due Diligence Process on an ongoing basis. The IP Log review and approval that occurs at the time of either a release review or progress review should be regarded as a means of confirming that intellectual property is being properly managed and not as a trigger to engage in a last minute clean up.

All tracking of project and third-party content must be current and correct at all times.

Release Plan

A project plan is required for each major and minor project release. The plan should lay out in broad terms what the goals are for the release. As plans are a valuable means for the community to get involved with your project, the plan should be created at the beginning of the release cycle. By establishing the plan early, you give prospective contributors help in determining how they can most usefully contribute, and adopters can prepare their own development schedule and themes. Plans can change during the release cycle.

Release records are used to capture a project plan. All project leads and committers can use the Create a new release command on their project page in the Project Management Interface (PMI) to create a new release record.

At the start of the release cycle, a plan should minimally include a release number, date, and short description. All aspects of a plan can change during the release cycle (including the date). If you do change the plan, make sure that the change is communicated via your project’s dev-list and other project channels.

Tip

Think of the description of the project plan as an elevator pitch: how would you describe the release in a fifteen second elevator ride?

The Plan tab in the release record contains numerous fields for capturing plan information. The amount of information that you should capture for a release plan varies by top-level project, so consult with your Project Management Committee (PMC) for advice.

Producing regular builds is an important part of the release cycle. Builds are an important means of engaging with the community: adopters can help you test your code and test their own so that they can be ready for the eventual release. Project teams should plan to produce at least one milestone build (more are better, depending on the length of your release cycle), and capture the planned date for that milestone in the release record. It is also common practice to generate nightly and weekly integration builds. Project teams must ensure that their project’s downloads page provides the information required for the community to obtain builds.

All requests for review of intellectual property contributions must be approved by the IP Team before the products of a release are pushed out onto distribution channels (this includes third party content and contributions of code to be maintained by the project).

Milestones and Release Candidates

Milestone builds and release candidates are not themselves official releases. Per the Eclipse Development Process, milestone and release candidate builds are intended to be consumed by a limited audience to solicit, gather, and incorporate feedback from leading edge consumers. A predictable schedule for the delivery of milestone builds is especially valuable when the period of time between formal releases spans multiple months.

Project teams should include at least one milestone build during every release cycle. The timing of milestone and release candidate builds should be included in release plans.

Progress and Release Reviews

Progress and release reviews differ only in timing. A progress review can be scheduled at any point in a project’s release cycle; a release review is scheduled at the end of the release cycle. A release review can be thought of as a formal announcement of a release to the community.

These reviews generally serve as a means for a project to engage in a retrospective of the progress made during the release, discover areas of potential improvement, demonstrate that the project is operating in an open and transparent manner, and ensure that the development process and intellectual due diligence processes have been followed.

Reviews run for a week and always conclude on a Wednesday.

Note

We schedule reviews to conclude on the first and third Wednesdays of the month. Your release date does not have to coincide with the review date (you can set the release date as necessary). The review must, however, conclude successfully before you can make the release official.

Release and progress reviews require review documentation and an intellectual property (IP) log check. The review process must be initiated at least two weeks in advance of the anticipated review date.

release review
Release review work flow

The project team must prepare the review documentation well in advance of the start of the review period. The release record which contains the project plan also includes a Review tab with appropriate fields for a review. As with the plan fields, all of the review fields are optional and the level of detail required varies by top-level project. Project teams can assemble review information during the release cycle (there’s no need to wait until the end)

The review materials must be approved by the PMC; the project lead or a designated project committer should send an email to the PMC’s mailing list with a request for approval. The PMC will respond with feedback or a simple +1 indicating approval.

Tip

Click the handy Committer Tools  Communication  Send Email to the PMC link on the release record page to connect with the PMC.

The IP Team must approve the IP Log before the EMO can schedule the review, so submitting this early is important. The IP Log generator automatically collects information based on the information that the project team has provided to the IP Team through contribution questionnaires in IPZilla, commits in the project’s source code repository, and other information in our databases. The project team should review the IP Log before submitting to the IP Team for their review.

Tip

Use the Generate IP Log tool on a specific project page in the Project Management Interface (PMI) to generate and submit the IP Log for review.

The information used to generate an IP Log should always be up-to-date (don’t wait until the end of the release cycle to make it right).

At any point in this process, the project lead or a designated committer can request that the review be initiated by clicking the Schedule a review for this release link that appears at the top of the release record page.

Note

The EMO will likely notice that you’ve created the release record, connected with your PMC, and submitted an IP Log for review by the IP team and will take steps to initiate the actual review. However, since there is a great deal of variability in this process, send an email to EMO stating your intent to release.

The EMO will conclude the review on the scheduled end date and advise the project team of the outcome.

Graduation Reviews

The purpose of a graduation review is to confirm that the project has a working and demonstrable code base of sufficiently high quality active and sufficiently diverse communities; has adopters, developers, and users operating fully in the open following the Eclipse Development Process; and is a credit to Eclipse and is functioning well within the larger Eclipse community

Graduation reviews are generally combined with a release review (typically, but not necessarily the 1.0 release). Upon successful completion of a graduation review, a project will leave the incubation phase and be designated as a mature project.

For a graduation review, release review documentation must be augmented to include demonstration of:

  • solid working code with stable APIs;

  • an established and growing community around the project;

  • diverse multi-organization committer/contributor/developer activity; and

  • operation in the open using open source rules of engagement.

The graduation review documentation should demonstrate that members have learned the ropes and logistics of being an Eclipse project. That is, the project "gets the Eclipse way".

Frequently Asked Questions

  1. Can a release review fail?

    Technically, yes. A release review can fail. In our history, however, this occurrs very rarely. We set up release reviews to succeed.

  2. Do we really need to do this?

    Yes.

  3. How often should we do releases?

    This depends very much on the nature of your project and the expectations of your community and stake holders. If you’re not sure, connect with your mentors and top-level project for guidance.

  4. How much effort should we put into this?

    The amount of effort varies based on the nature of the team, and expectations of the community and stake holders. Generally, though, a project team shouldn’t spend more than a couple of hours working directly on the formal aspects of the release review. If the amount of effort seems too onerous, you may be trying too hard. Connect with your project mentors, top-level project’s PMC, or the EMO for guidance.

  5. Do I need to engage in a release review?

    If the the project team wants to issue an official major or minor release and has not engaged in a release review (or progress review) within a year of the planned release date, then a release review is required.

  6. What is the difference between a release review and progress review?

    In practice, there is really no difference. The activities involved are the same and a project may create major and minor releases for an entire year following a successful release or progress review.

    Progress reviews were added to the Eclipse Foundation Development Process primarily to support the Eclipse Foundation Specification Process, which requires that specification project teams engage periodic reviews that do not necessarily align with releases.

    In cases where, for example, a project team has gone an extended period of time without having engaged in a review, the project leadership chain may compel the project team to engage in a progress review to ensure that the project team is following the processes and is generally engaging in the sorts of activities required for success.

  7. How do I submit the IP Log for review?

    Click the Submit button on the IP Log generator. You need to be logged in as project committer to have access to this button.

  8. Can I accept contributions after I submit the IP Log for review?

    The short answer is yes. Please do accept contributions. If you require a new contribution questionnaire (for either a third party library or code contribution) after submitting the IP Log for review, please ask the IP Team if they want you to resubmit the IP Log.

  9. How do I obtain PMC approval?

    Send the the PMC a note via the top-level project’s PMC mailing list with a link to the release record. Note that the release record page has a handy link labeled Committer Tools  Send Email the PMC.

  10. I need to do a release now. Can you fast-track the review?

    While we do try to be as accommodating as possible, the answer is no. We have a well-defined process with predictable dates. Please plan accordingly.

  11. Can a project in the incubation phase do releases?

    Yes. In fact, we encourage projects to do at least one release while in incubation phase.

  12. What restrictions are placed on version names for incubating projects?

    Projects in the incubation phase generally use version numbers that are less than 1.0. This is, however, a convention not a rule. If it makes sense for you community and adopters to use higher numbers, then do so. If you’re not sure, ask your top-level project PMC for advice.

  13. How do I name/number milestone builds?

    Milestone builds should contain the name/number of the release suffixed with "Mn" (e.g. the second milestone for EGit 3.2 may have a file named egit-3.2M2). Projects in the incubation phase may produce milestone builds for their graduation release, e.g myProject-1.0M2.

  14. How can I get help?

    Contact your mentors (for projects in the incubation phase), top-level project PMC, or the EMO.

Project Management Infrastructure (PMI)

The Eclipse Project Management Infrastructure (PMI) consolidates project management activities into a single consistent location and experience.

Project Management Infrastructure themes:

Improved consistency. Configuration/data-driven project web presence, direct linkage between releases, reviews, and plans. Information—​including basic project metadata, project plans, and review information—​is captured and retained in a consistent (and easily leveraged) data-based format (rather than in multiple documents in arbitrary formats).

All-in-one-place. Project leads and committers are able to edit information in place on the project information pages. Text/information in one place with links in another is eliminated where possible. Comments and discussion related to reviews, elections, etc. are connected directly to the item being discussed.

Get started faster. By default, projects are provided with a data-driven website that includes consistent links to project releases, reviews, downloads, etc. Projects can opt to override the default and provide their own customized web presence. Setting up a project presence is a matter of configuration, not PHP programming against proprietary APIs.

Project Metadata

Project committers and project leads are responsible for maintaining their project’s metadata. This information is an important part of being an Eclipse project.

Project metadata is:

  1. Relatively static structural information such as the project description and scope, the names of the project’s mailing lists and forums, the bugzilla products, source code repositories, etc.

  2. Historical information such as previous release downloads, review slides and IP logs, etc.

  3. Status and future looking information such as the project and milestone plans, the features scheduled for the current release, release dates, etc.

PMC members and the Eclipse Foundation staff also have the ability to make changes on behalf of a project.

Viewing

The complete listing of all current Eclipse projects provides one starting point for viewing projects. From here, you can link directly to a project page. Navigation options are provided to help you move from one project to another.

Project Pages

The PMI provides a website for every project based on the project metadata. This website includes an Overview page that shows basic information about the project, a Downloads page that provides links to downloads, a Developer Resources page that includes links to source code repositories, and more.

An example project page is shown below. The Overview page includes the name and description of the project, list of project licenses, a table of recent releases, and various charts and other information (note that more charts are displayed on the Who’s Involved page. The website also includes links to project-specific commands and tools when the user is logged in as a project committer.