Greetings Folks.
There's some potentially interesting content about reducing the burden of the IP Due Diligence Process in this note. Please read to the bottom.
Note that, Eclipse Generation Factories (EGF) has dropped out of this release (as
notified by the project lead). I did notice that the aggrcon file for this project, along with those for Eclipse XWT and Eclipse Papyrus (both of which dropped out of the previous release) still exist in the aggregator repository. I have a vague recollection that we are to expect at least one of them back, so I'll defer to the repository managers to decide what to do with these files.
As usual, I've tried to pick the version based on the date of the release. In many/most cases, the page records that the same version that was included in the last release is again included in this release. If your project's contribution is a later release than what's indicated on the page, you will need to create a release record for that later release (assuming that I didn't just miss the one that's actually there), and let me know to use that one instead.
If your project is contributing a new release that is more than a service release and the project has not engaged in either a release or progress review since September 15/2020, then you need to engage in a review. Contact
emo@xxxxxxxxxxx at your very earliest convenience to get started. There's more information regarding
releases and reviews in the handbook.
As you know, we take intellectual property management very seriously. As committers, you form the first line of defense in the Eclipse Foundation's
IP Due Diligence Process and so we depend on you to bring intellectual property issues to the IP Team's attention. Even if your project does not require a review at this time, the intellectual property included in and referred to by it (both project and third party content) does need to be vetted in the usual manner.
I am hopeful that you have heard about our initiative to attempt to automate the review of third-party content. We already have several projects using this successfully, including a handful that have integrated it into their builds. I've been running the
Eclipse Dash License Tool on many of the repositories from projects participating in the simultaneous release over the past several months with good results.
One of the challenges that I'm having with the tool is that it only
checks dependencies, it does not
discover them. I've had a lot of success using build technology (e.g. Maven) to generate the list of dependencies, but have encountered some cases where the dependency list generated by a build is incomplete. It would be helpful if you could try the Eclipse Dash License Tool on your builds and let me know (i.e., open an
issue) where you encounter challenges generating input to the tool.
Note that there is an experimental feature that automatically creates review requests for the IP Team via a repository on our new GitLab instance. It would also be helpful to my team for you to try this out.
Note also that the Eclipse Dash License Tool is intended to
help committers work through the Eclipse IP Due Diligence Process. It is not the final authority on what does or does not need to be reviewed. As the first line of defense in the IP Due Diligence Process, we depend on committers to interpret the output of the tool and generally understand the nature of the project's dependencies. Currently, for example, it doesn't handle
"works with" dependencies very well; so if you know that something that the tool complains about is a "works with" dependency, then you can ignore any warnings it gives.
Taken from a different angle, the important thing is that intellectual property is properly accounted for and vetted, not that the tool is happy with what it finds.
Thanks,
Wayne
--
Wayne Beaton
Director of Open Source Projects | Eclipse Foundation