Wayne, I’m unclear on service releases. How will you be picking up the latest service release, or do we need a release record for it?
Greg > On Aug 27, 2021, at 12:42 AM, Wayne Beaton > <wayne.bea...@eclipse-foundation.org> wrote: > > Greetings Folks. > > There's some potentially interesting content about reducing the burden of the > IP Due Diligence Process in this note. Please read to the bottom. > > I've created the Eclipse IDE 2021-09 Simultaneous Release Participation > <https://projects.eclipse.org/releases/2021-09> page. Please have a look to > ensure that I have the right version information for your project. > > Note that, Eclipse Generation Factories (EGF) has dropped out of this release > (as notified > <https://www.eclipse.org/mhonarc/lists/cross-project-issues-dev/msg18530.html> > by the project lead). I did notice that the aggrcon file for this project, > along with those for Eclipse XWT and Eclipse Papyrus (both of which dropped > out of the previous release) still exist in the aggregator repository. I have > a vague recollection that we are to expect at least one of them back, so I'll > defer to the repository managers to decide what to do with these files. > > As usual, I've tried to pick the version based on the date of the release. In > many/most cases, the page records that the same version that was included in > the last release is again included in this release. If your project's > contribution is a later release than what's indicated on the page, you will > need to create a release record for that later release (assuming that I > didn't just miss the one that's actually there), and let me know to use that > one instead. > > If your project is contributing a new release that is more than a service > release and the project has not engaged in either a release or progress > review since September 15/2020, then you need to engage in a review. Contact > e...@eclipse.org <mailto:e...@eclipse.org> at your very earliest convenience > to get started. There's more information regarding releases and reviews > <https://www.eclipse.org/projects/handbook/#release> in the handbook. > > As you know, we take intellectual property management very seriously. As > committers, you form the first line of defense in the Eclipse Foundation's IP > Due Diligence Process <https://www.eclipse.org/projects/handbook/#ip> and so > we depend on you to bring intellectual property issues to the IP Team's > attention. Even if your project does not require a review at this time, the > intellectual property included in and referred to by it (both project and > third party content) does need to be vetted in the usual manner. > > I am hopeful that you have heard about our initiative to attempt to automate > the review of third-party content. We already have several projects using > this successfully, including a handful that have integrated it into their > builds. I've been running the Eclipse Dash License Tool > <https://github.com/eclipse/dash-licenses> on many of the repositories from > projects participating in the simultaneous release over the past several > months with good results. > > One of the challenges that I'm having with the tool is that it only checks > dependencies, it does not discover them. I've had a lot of success using > build technology (e.g. Maven) to generate the list of dependencies, but have > encountered some cases where the dependency list generated by a build is > incomplete. It would be helpful if you could try the Eclipse Dash License > Tool on your builds and let me know (i.e., open an issue > <https://github.com/eclipse/dash-licenses>) where you encounter challenges > generating input to the tool. > > Note that there is an experimental feature that automatically creates review > requests for the IP Team via a repository on our new GitLab instance. It > would also be helpful to my team for you to try this out. > > Note also that the Eclipse Dash License Tool is intended to help committers > work through the Eclipse IP Due Diligence Process. It is not the final > authority on what does or does not need to be reviewed. As the first line of > defense in the IP Due Diligence Process, we depend on committers to interpret > the output of the tool and generally understand the nature of the project's > dependencies. Currently, for example, it doesn't handle "works with" > dependencies > <https://www.eclipse.org/projects/handbook/#ip-third-party-workswith> very > well; so if you know that something that the tool complains about is a "works > with" dependency, then you can ignore any warnings it gives. > > Taken from a different angle, the important thing is that intellectual > property is properly accounted for and vetted, not that the tool is happy > with what it finds. > > Thanks, > > Wayne > -- > Wayne Beaton > Director of Open Source Projects | Eclipse Foundation > _______________________________________________ > cross-project-issues-dev mailing list > cross-project-issues-dev@eclipse.org > To unsubscribe from this list, visit > https://www.eclipse.org/mailman/listinfo/cross-project-issues-dev
_______________________________________________ cross-project-issues-dev mailing list cross-project-issues-dev@eclipse.org To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/cross-project-issues-dev