[ice-dev] Fwd: FW: 3rd party dependency CQ

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[ice-dev] Fwd: FW: 3rd party dependency CQ

From: Jay Jay Billings <billingsjj@xxxxxxxx>
Date: Fri, 21 Nov 2014 08:44:48 -0500
Delivered-to: ice-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/ice-dev>
List-help: <mailto:ice-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/ice-dev>, <mailto:ice-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/ice-dev>, <mailto:ice-dev-request@eclipse.org?subject=unsubscribe>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:33.0) Gecko/20100101 Thunderbird/33.0

-------- Forwarded Message --------

Subject:	FW: 3rd party dependency CQ
Date:	Thu, 20 Nov 2014 17:13:49 -0500
From:	Wojtowicz, Anna <wojtowicza@xxxxxxxx>
To:	Billings, Jay Jay <billingsjj@xxxxxxxx>

Okay, yeah. Looks like if we’re not distributing HDF-Java, the whole thing will have to be submitted for review. If we do distribute it, then we can narrow it down to 5 JARs and 2 DLLs/SOs (I think).

Anna

From: Janet Campbell [mailto:janet.campbell@xxxxxxxxxxx]
Sent: Thursday, November 20, 2014 4:48 PM
To: Wojtowicz, Anna
Subject: RE: 3rd party dependency CQ

Hi Anna,

No worries on the name front - you’ve likely dealt with Sharon previously on IP matters and just got the two names mixed up. I don’t offend that easily J

Here’s a high level summary of our discussion to date that may help:

There are two high level cases:

A) Dependencies you distribute; and

B) Dependencies that you do not distribute as part of the Project. These in turn are characterized as either: i) workswith; or ii) pre-req dependencies.

Full review is required for A and B(ii). We document but do not review B(i).

Regarding A - In order to manage our workload, we ask projects to reduce the scope of the material we need to review so that only the material they need is included (often extraneous material that is not needed may be included in an open source distribution). CQs would be opened for the component parts you need, but not for those that you do not need. In order to ensure that only code that has been reviewed is distributed as part of your project, we would also ask that you reduce the distribution to only those component parts that you need and we have reviewed.

The foregoing is relatively straightforward in the case of A. The situation I think you began to address in your November 19, 6:05 email was a situation where you have a pre-requisite that a user needs to download, but that for your Project’s purposes, only pieces of that dependency are required. That’s not a situation we encounter very often, or perhaps not one that is directly highlighted very often.

Regarding B(ii) - These require full review, and since you don’t control the download, we would need to review the full package – which would include the parts that your Project needs as well as those that your Project does not need. It’s at this point I pause and contemplate the scope of work involved in the review. If it is massive, then it may be a situation where we ask ourselves whether it should reasonably be considered exempt under the policy [1]. Alternatively, if your Project (for example) only needs 3 of 40 dependencies, I may be inclined to ask you to consider distributing the content, and we would limit our review to the 3 dependencies.

I realize there’s a lot to take in. Feel free to ask more questions.

Cheers,

Janet

[1] https://eclipse.org/org/documents/Eclipse_Policy_and_Procedure_for_3rd_Party_Dependencies_Final.pdf

Follow-Ups:
- Re: [ice-dev] Fwd: FW: 3rd party dependency CQ
  - From: Jordan Deyton

Prev by Date: [ice-dev] Fwd: RE: HDF distribution
Next by Date: Re: [ice-dev] Fwd: FW: 3rd party dependency CQ
Previous by thread: [ice-dev] Fwd: RE: HDF distribution
Next by thread: Re: [ice-dev] Fwd: FW: 3rd party dependency CQ
Index(es):
- Date
- Thread

Breadcrumbs