[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [incubation] Project downloads scanner
|
Am 04.05.2016 um 19:40 schrieb Wayne Beaton:
Hi Eike.
As I indicated, the tool has limitations and is provided exclusively as a tool to assist in the assessment process.
There is a note to this effect on the page itself. As I mentioned, this is page is accessible only by committers to
mitigate the risk that the uninitiated may take away a mistaken impression.
Our list of Eclipse projects seems completely wrong / too big. Maybe it's because of our "index" directory (see below)...
The current version uses pattern matching to identify JARs. I'm clearly missing mappings from incquery (which was
recently merged into VIATRA), userstorage and stp. I'm not sure why I haven't mapped stp yet, but I'll make that happen.
Out of curiosity, why do most projects on https://www.eclipse.org/projects/tools/downloads_source.php list two identical
locations? Very few list only one locations, e.g., modeling.emf-parsley, modeling.emf.mwe.
The P2 IU directory (e.g [1]) seems to be throwing off the scanner. These aren't actual JARs AFAICT.
No, the files in there are named after p2 IUs and there's a type of IU which, by convention, ends in ".feature.jar". The
entire directory tree under /home/data/httpd/download.eclipse.org/oomph/index does not contain code jars. If you
excluded it from your analysis, would that bring our list of Eclipse projects (from 152) down to a reasonable set?
Cheers
/Eike
----
http://www.esc-net.de
http://thegordian.blogspot.com
http://twitter.com/eikestepper
Wayne
[1] /home/data/httpd/download.eclipse.org/oomph/index/org.eclipse.equinox.p2.iu/
On 04/05/16 01:02 AM, Eike Stepper wrote:
Hi Wayne,
For https://www.eclipse.org/projects/tools/downloads.php?id=tools.oomph it indicates that we offer almost everything
from Eclipse. That can't be right.
Cheers
/Eike
----
http://www.esc-net.de
http://thegordian.blogspot.com
http://twitter.com/eikestepper
Am 04.05.2016 um 05:34 schrieb Wayne Beaton:
Hey folks!
There is a tool accessible from your project page that provides a list (generated from your project downloads) of
the third-party libraries that are used by your project. The scanner searches through everything in project's
directory on the download server, including archive files. For every JAR file it finds, it attempts to identify a
corresponding CQ. Any file that cannot be mapped to a CQ is highlighted in red. Click on an entry to show where that
file is located.
e.g.
https://www.eclipse.org/projects/tools/downloads.php?id=technology.dash
The tool only considers JAR files and it does its best work with OSGi bundles that follow the standard OSGi bundle
naming pattern.
The tool is intended to *assist* with the process of ensuring that projects are distributing only approved
libraries. It is far from perfect. The tool does report--at least for some projects--many false negatives
(especially for JAR files that do not include version information in the file name). *Don't panic* if your project
page shows a lot of red. This is one of the reasons why we make this page accessible only to committers and don't
advertise it widely. If something jumps out at you, please try to mitigate. I'll help with mitigation when the time
comes to do your first/next release. If something that you know you know is approved is showing up red, let me know.
You can access the tool from your project's "PMI" page by expanding the "Committer Tools" section and clicking on
the "Review Downloads" link (you'll have to login). It takes you here:
https://www.eclipse.org/projects/tools/downloads.php?id=<project.name> (where <project.name> is your project's full
id, e.g. 'technology.dash')
We have started work on a new version of the tool that will do a far better job.
Note that the approval of third-party libraries is version-specific. If your project has approval for one version of
a library but your build pulls in a newer version, you must either fix your build to pull only the approved version,
or create a CQ for the new version.
There is more information about contribution questionnaires (CQs) in the Eclipse Project Handbook [1] (and the
PolarSys [2] and LocationTech [3] variants).
HTH,
Wayne
[1] https://www.eclipse.org/projects/handbook/#ip-cq
[2] https://www.eclipse.org/projects/handbook/polarsys.html#ip-cq
[3] https://www.locationtech.org/documentation/handbook#ip-cq
--
Wayne Beaton
@waynebeaton
The Eclipse Foundation
EclipseCon France 2016 <http://www.eclipsecon.org/france2016>
_______________________________________________
incubation mailing list
incubation@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/incubation
_______________________________________________
incubation mailing list
incubation@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/incubation
--
Wayne Beaton
@waynebeaton
The Eclipse Foundation
EclipseCon France 2016 <http://www.eclipsecon.org/france2016>
_______________________________________________
incubation mailing list
incubation@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/incubation