-------- Forwarded Message --------
Okay, yeah.
Looks like if we’re not distributing HDF-Java, the whole
thing will have to be submitted for review. If we do
distribute it, then we can narrow it down to 5 JARs and 2
DLLs/SOs (I think).
Anna
Hi
Anna,
No
worries on the name front - you’ve likely dealt with
Sharon previously on IP matters and just got the two names
mixed up. I don’t offend that easily J
Here’s
a high level summary of our discussion to date that may
help:
There
are two high level cases:
A)
Dependencies you distribute; and
B)
Dependencies that you do not distribute as part of the
Project. These in turn are characterized as either: i)
workswith; or ii) pre-req dependencies.
Full
review is required for A and B(ii). We document but do
not review B(i).
Regarding
A - In order to manage our workload, we ask projects to
reduce the scope of the material we need to review so that
only the material they need is included (often extraneous
material that is not needed may be included in an open
source distribution). CQs would be opened for the
component parts you need, but not for those that you do
not need. In order to ensure that only code that has
been reviewed is distributed as part of your project, we
would also ask that you reduce the distribution to only
those component parts that you need and we have reviewed.
The
foregoing is relatively straightforward in the case of A.
The situation I think you began to address in your
November 19, 6:05 email was a situation where you have a
pre-requisite that a user needs to download, but that for
your Project’s purposes, only pieces of that dependency
are required. That’s not a situation we encounter very
often, or perhaps not one that is directly highlighted
very often.
Regarding
B(ii) - These require full review, and since you don’t
control the download, we would need to review the full
package – which would include the parts that your Project
needs as well as those that your Project does not need.
It’s at this point I pause and contemplate the scope of
work involved in the review. If it is massive, then it
may be a situation where we ask ourselves whether it
should reasonably be considered exempt under the policy
[1]. Alternatively, if your Project (for example) only
needs 3 of 40 dependencies, I may be inclined to ask you
to consider distributing the content, and we would limit
our review to the 3 dependencies.
I
realize there’s a lot to take in. Feel free to ask more
questions.
Cheers,
Janet
[1]
https://eclipse.org/org/documents/Eclipse_Policy_and_Procedure_for_3rd_Party_Dependencies_Final.pdf