-------- Forwarded Message --------
Okay, yeah.
Looks like if we’re not distributing HDF-Java, the whole
thing will have to be submitted for review. If we
do distribute it, then we can narrow it down to 5
JARs and 2 DLLs/SOs (I think).
Anna
Hi
Anna,
No
worries on the name front - you’ve likely dealt with Sharon
previously on IP matters and just got the two names mixed
up. I don’t offend that easily
J
Here’s
a high level summary of our discussion to date that may
help:
There
are two high level cases:
A)
Dependencies you distribute; and
B)
Dependencies that you do not distribute as part of the
Project. These in turn are characterized as either: i)
workswith; or ii) pre-req dependencies.
Full
review is required for A and B(ii). We document but do not
review B(i).
Regarding
A - In order to manage our workload, we ask projects to
reduce the scope of the material we need to review so that
only the material they need is included (often extraneous
material that is not needed may be included in an open
source distribution). CQs would be opened for the
component parts you need, but not for those that you do not
need. In order to ensure that only code that has been
reviewed is distributed as part of your project, we would
also ask that you reduce the distribution to only those
component parts that you need and we have reviewed.
The
foregoing is relatively straightforward in the case of A.
The situation I think you began to address in your November
19, 6:05 email was a situation where you have a
pre-requisite that a user needs to download, but that for
your Project’s purposes, only pieces of that dependency are
required. That’s not a situation we encounter very often,
or perhaps not one that is directly highlighted very often.
Regarding
B(ii) - These require full review, and since you don’t
control the download, we would need to review the full
package – which would include the parts that your Project
needs as well as those that your Project does not need.
It’s at this point I pause and contemplate the scope of
work involved in the review. If it is massive, then it may
be a situation where we ask ourselves whether it should
reasonably be considered exempt under the policy [1].
Alternatively, if your Project (for example) only needs 3
of 40 dependencies, I may be inclined to ask you to consider
distributing the content, and we would limit our review to
the 3 dependencies.
I
realize there’s a lot to take in. Feel free to ask more
questions.
Cheers,
Janet
[1]
https://eclipse.org/org/documents/Eclipse_Policy_and_Procedure_for_3rd_Party_Dependencies_Final.pdf