> Wouldn't it be possible for your legals to verify _Harmony_, and not > just some specific SVN tag, and thus in effect set up some kind of > trust-relationship between you two? Maybe with yearly reviews or > something..?
I wish... :-) As I understand it, the process is set up because the different possible sources of 3rd party content may have different expectations on what constitutes acceptable due diligence. I imagine it would be possible for Eclipse and Apache to negotiate some sort of commons between the policies and approaches (since they are both fairly rigorous) but that does not exist today and would probably, unfortunately, take some serious doing to arrange. _In general_, if an Eclipse project uses a 3rd party component, they will probably only update it from release to release when a desirable feature comes online and not continuously. AFAIK, for better or worse, there is no mechanism for continuous due diligence of 3rd party components coming into Eclipse today and the 3rd party component needs to be locked down into a released state to be formally approved for inclusion in an Eclipse project release. There is a bit more flexibility during the engineering phase where a contributor is evaluating such inclusion but the release itself forces a checkpoint. In Eclipseland, it is possible to request approval to use _modified_ 3rd party content (we considered this approach) but as I understand it, this only approves splitting the codebase of the 3rd party content (i.e., Harmony verifier in this case) and doing the modifications under an Eclipse license in the Eclipse project from there on. Splitting Harmony is not really a goal. I don't think right now there is a mode to allow Eclipse and 3rd party content to evolve in parallel (except possibly for projects in incubation) which provides a bit more flexibility. Thanks, Chris -----Original Message----- From: Endre Stølsvik [mailto:[EMAIL PROTECTED] Sent: Monday, April 14, 2008 11:52 AM To: [email protected] Cc: Yaffe, Asaf Subject: Re: [drlvm][verifier] Using the Harmony verifier code for computing the StackMapTable attribute Elford, Chris L wrote: > Hi Endre, Hi Chris, thanks for taking the time to answer that rant! > > In addition to providing a great license :-), Eclipse Foundation > manages a set of open source projects... Kindof like Apache. For those > projects managed directly in Eclipse, the foundation does IP review of > any 3rd party content coming into the project. As do Apache.. > I'm not a lawyer so I > don't know all the ends and outs and I don't know the exact set of > checks that are performed. I do know the source code is reviewed via > some mechanism though. Review depends on the source of the material but > always happens EVEN for integration of components with a compatible > license such as Apache. The thing that I really found amazing is that this review have to happen for a project that already, AFAIU, was reviewed. As you wrote it, it seems like a full, new round of whatever has to happen on each and every check-in into Harmony's SVN. This is seriously weird, IMO. Wouldn't it be possible for your legals to verify _Harmony_, and not just some specific SVN tag, and thus in effect set up some kind of trust-relationship between you two? Maybe with yearly reviews or something..? Regards, Endre.
