Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [ice-dev] Fwd: FW: 3rd party dependency CQ
This was the impression I got with the jME dependencies. Basically, I reduced it down to maybe 10 jME-specific jar files and two jars with native libraries (LWJGL and bullet). If we were to decide to distribute jME, only these jars and the two native libraries would require CQs.

I still haven't heard back about LWJGL, though. I think I opened a can of worms...

Jordan
Jordan Deyton
Oak Ridge National Laboratory
Telephone: (865) 574-1091
Email: deytonjh@xxxxxxxx
On 11/21/2014 8:44 AM, Jay Jay Billings wrote:



-------- Forwarded Message --------
Subject: FW: 3rd party dependency CQ
Date: Thu, 20 Nov 2014 17:13:49 -0500
From: Wojtowicz, Anna <wojtowicza@xxxxxxxx>
To: Billings, Jay Jay <billingsjj@xxxxxxxx>


Okay, yeah. Looks like if we’re not distributing HDF-Java, the whole thing will have to be submitted for review. If we do distribute it, then we can narrow it down to 5 JARs and 2 DLLs/SOs (I think).

 

Anna

 

From: Janet Campbell [mailto:janet.campbell@xxxxxxxxxxx]
Sent: Thursday, November 20, 2014 4:48 PM
To: Wojtowicz, Anna
Subject: RE: 3rd party dependency CQ

 

Hi Anna,

 

No worries on the name front - you’ve likely dealt with Sharon previously on IP matters and just got the two names mixed up.  I don’t offend that easily  J

 

Here’s a high level summary of our discussion to date that may help:

 

There are two high level cases:

A)  Dependencies you distribute; and

B)  Dependencies that you do not distribute as part of the Project.  These in turn are characterized as either:  i) workswith; or ii) pre-req dependencies.

 

Full review is required for A and B(ii).  We document but do not review B(i).

 

Regarding A - In order to manage our workload, we ask projects to reduce the scope of the material we need to review so that only the material they need is included (often extraneous material that is not needed may be included in an open source distribution).    CQs would be opened for the component parts you need, but not for those that you do not need.   In order to ensure that only code that has been reviewed is distributed as part of your project, we would also ask that you reduce the distribution to only those component parts that you need and we have reviewed.

 

The foregoing is relatively straightforward in the case of A.  The situation I think you began to address in your November 19, 6:05 email was a situation where you have a pre-requisite that a user needs to download, but that for your Project’s purposes, only pieces of that dependency are required.  That’s not a situation we encounter very often, or perhaps not one that is directly highlighted very often. 

 

Regarding B(ii) - These require full review, and since you don’t control the download, we would need to review the full package – which would include the parts that your Project needs as well as those that your Project does not need.   It’s at this point I pause and contemplate the scope of work involved in the review.  If it is massive, then it may be a situation where we ask ourselves whether it should reasonably be considered exempt under the policy [1].  Alternatively, if your Project (for example) only needs 3 of 40 dependencies, I may be inclined to ask you to consider distributing the content, and we would limit our review to the 3 dependencies.   

 

I realize there’s a lot to take in.  Feel free to ask more questions.

 

Cheers,

Janet

 

[1]  https://eclipse.org/org/documents/Eclipse_Policy_and_Procedure_for_3rd_Party_Dependencies_Final.pdf

 





_______________________________________________
ice-dev mailing list
ice-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/ice-dev

Back to the top