Hi Eike.
As I indicated, the tool has limitations and is provided exclusively
as a tool to assist in the assessment process. There is a note to
this effect on the page itself. As I mentioned, this is page is
accessible only by committers to mitigate the risk that the
uninitiated may take away a mistaken impression.
The current version uses pattern matching to identify JARs. I'm
clearly missing mappings from incquery (which was recently merged
into VIATRA), userstorage and stp. I'm not sure why I haven't mapped
stp yet, but I'll make that happen.
The P2 IU directory (e.g [1]) seems to be throwing off the scanner.
These aren't actual JARs AFAICT.
Wayne
[1]
/home/data/httpd/download.eclipse.org/oomph/index/org.eclipse.equinox.p2.iu/
On 04/05/16 01:02 AM, Eike Stepper
wrote:
Hi
Wayne,
For
https://www.eclipse.org/projects/tools/downloads.php?id=tools.oomph
it indicates that we offer almost everything from Eclipse. That
can't be right.
Cheers
/Eike
----
http://www.esc-net.de
http://thegordian.blogspot.com
http://twitter.com/eikestepper
Am 04.05.2016 um 05:34 schrieb Wayne Beaton:
Hey folks!
There is a tool accessible from your project page that provides
a list (generated from your project downloads) of the
third-party libraries that are used by your project. The scanner
searches through everything in project's directory on the
download server, including archive files. For every JAR file it
finds, it attempts to identify a corresponding CQ. Any file that
cannot be mapped to a CQ is highlighted in red. Click on an
entry to show where that file is located.
e.g.
https://www.eclipse.org/projects/tools/downloads.php?id=technology.dash
The tool only considers JAR files and it does its best work with
OSGi bundles that follow the standard OSGi bundle naming
pattern.
The tool is intended to *assist* with the process of ensuring
that projects are distributing only approved libraries. It is
far from perfect. The tool does report--at least for some
projects--many false negatives (especially for JAR files that do
not include version information in the file name). *Don't panic*
if your project page shows a lot of red. This is one of the
reasons why we make this page accessible only to committers and
don't advertise it widely. If something jumps out at you, please
try to mitigate. I'll help with mitigation when the time comes
to do your first/next release. If something that you know you
know is approved is showing up red, let me know.
You can access the tool from your project's "PMI" page by
expanding the "Committer Tools" section and clicking on the
"Review Downloads" link (you'll have to login). It takes you
here:
https://www.eclipse.org/projects/tools/downloads.php?id=<project.name>
(where <project.name> is your project's full id, e.g.
'technology.dash')
We have started work on a new version of the tool that will do a
far better job.
Note that the approval of third-party libraries is
version-specific. If your project has approval for one version
of a library but your build pulls in a newer version, you must
either fix your build to pull only the approved version, or
create a CQ for the new version.
There is more information about contribution questionnaires
(CQs) in the Eclipse Project Handbook [1] (and the PolarSys [2]
and LocationTech [3] variants).
HTH,
Wayne
[1] https://www.eclipse.org/projects/handbook/#ip-cq
[2]
https://www.eclipse.org/projects/handbook/polarsys.html#ip-cq
[3] https://www.locationtech.org/documentation/handbook#ip-cq
--
Wayne Beaton
@waynebeaton
The Eclipse Foundation
EclipseCon France 2016
<http://www.eclipsecon.org/france2016>
_______________________________________________
incubation mailing list
incubation@xxxxxxxxxxx
To change your delivery options, retrieve your password, or
unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/incubation
_______________________________________________
incubation mailing list
incubation@xxxxxxxxxxx
To change your delivery options, retrieve your password, or
unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/incubation
--
Wayne Beaton
@waynebeaton
The Eclipse Foundation
|