Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [ee4j-build] [websocket-dev] Generated Legal Documents and incorrect Third-Party Content in NOTICE
I've submitted an issue to the eclipse-ee4j/tyrus group to get confirmation.


Hopefully this can be resolve soon, as the Oct 1st deadline is approaching quickly.

- Joakim

On Wed, Sep 19, 2018 at 10:57 PM Wayne Beaton <wayne.beaton@xxxxxxxxxxxxxxxxxxxxxx> wrote:
AFAICT, the https://github.com/eclipse-ee4j/websocket-api build does not require any of the third party dependencies for which the project has CQs.

If these really belong with Eclipse Tyrus, then please ask the IP Team to move the CQs to that project.

Wayne

On Wed, Sep 19, 2018 at 10:34 PM Joakim Erdfelt <joakim.erdfelt@xxxxxxxxx> wrote:
Inline responses ...

On Wed, Sep 19, 2018 at 8:05 PM Ed Bratt <ed.bratt@xxxxxxxxxx> wrote:

Joakim:

It is my understanding that these files are generated, based on the third party contribution details, which we submit as part of the initial contribution. Prior to submission, the dependencies were generated from Maven dependency analysis reports and may include direct and indirect dependencies.

Committers can search the ipzilla bug database to determine if the dependencies do, or do not match what has been recorded in Eclipse back-end IP catalog. For example, All WebSocket IP details can be viewed by searching for the component: ee4j.websocket

That list includes:

  • 16060 - Google Guava Version: 18.0 (PB Orbit CQ12184)
  • 16061 - atinject (Package javax.inject) Version: 1.0 (PB Orbit CQ3578)
  • 16062 - javax.validation:validation-api:jar:1.1.0.Final (PB CQ15114 Type A)


These dependencies appear to be coming from Tyrus (the websocket-api RI).
Which is a different project at https://github.com/eclipse-ee4j/tyrus
 

It is plausible this is a mistake, but let's see what the committer says (Roman Grigordi) before taking any action. I agree, there is a bit of a question because in the initial CQ, Roman indicates there are no third party dependencies (see 15333). I'm not sure where these came into the picture.


Yep, Romans comment #6 in IP/CQ #15333 is correct for the https://github.com/eclipse-ee4j/websocket-api project.
It's truly is as simple as a project could get, with nothing it depends on.
There's not even a dependency on another eclipse-ee4j project.

To be totally clear, the only reference in websocket-api to another project is 2 lines in javadoc that point out behaviors within the Servlet API.
 

In short, I think the idea is that the NOTICE file should be generated properly. I don't have enough experience to say if, once it's generated -- can it be updated. If it is frequently regenerated, adding custom text might be a problem. Let's see what Roman says about these.

Thanks!

-- Ed


So once we have Roman's update on this, then it's possible that IPZilla's need updating and the websocket-api project would need to regenerate the NOTICE file.
Seems easy enough.

- Joakim
 
_______________________________________________
websocket-dev mailing list
websocket-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/websocket-dev


--
Wayne Beaton
Director of Open Source Projects
The Eclipse Foundation
_______________________________________________
websocket-dev mailing list
websocket-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/websocket-dev

Back to the top