Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

Open Source governance and the Eclipse Foundation, OW2online, June 2020

159 Aufrufe

Veröffentlicht am

Presentation by Gael Blondelle, Managing Director at Eclipse Foundation.
Abstract:
In this talk, we will cover two complementary topics: The different Eclipse projects related to Open Source governance, like Eclipse SW360, SW360 Antenna, and Eclipse Steady, as well as the opportunity to leverage SW360 as the core of a larger Open Source governance initiative.
The Eclipse IP Process that has been applied to hundreds of Eclipse projects for more than 15 years and is going through a modernization process that involves both simplification from the developer point of view, and openness to new source of trusted data like Clearly Defined.

Veröffentlicht in: Technologie
  • Als Erste(r) kommentieren

  • Gehören Sie zu den Ersten, denen das gefällt!

Open Source governance and the Eclipse Foundation, OW2online, June 2020

  1. 1. COPYRIGHT (C) 2020, ECLIPSE FOUNDATION, INC. | THIS WORK IS LICENSED UNDER A CREATIVE COMMONS ATTRIBUTION 4.0 INTERNATIONAL LICENSE (CC BY 4.0)1 Open Source Software Governance Gaël Blondelle, Vice President, Ecosystem Development Sharon Corbett, Manager, Intellectual Property COPYRIGHT (C) 2020, ECLIPSE FOUNDATION, INC. | THIS WORK IS LICENSED UNDER A CREATIVE COMMONS ATTRIBUTION 4.0 INTERNATIONAL LICENSE (CC BY 4.0)
  2. 2. 2 COPYRIGHT (C) 2020, ECLIPSE FOUNDATION, INC. | THIS WORK IS LICENSED UNDER A CREATIVE COMMONS ATTRIBUTION 4.0 INTERNATIONAL LICENSE (CC BY 4.0)2 Eclipse Intellectual Property Management > Goal: Consume with Confidence for Commercial Adoption > Due Diligence Review Process • Full review of project code (license, provenance, scanning for anomalies) • License compliance model review for leveraged third party libraries > Board Approved IP Policy https://www.eclipse.org/org/documents/Eclipse_IP_Policy.pdf > Legal Agreements for committers, contributors and working group participants > Formal Contribution Mechanism
  3. 3. 3 COPYRIGHT (C) 2020, ECLIPSE FOUNDATION, INC. | THIS WORK IS LICENSED UNDER A CREATIVE COMMONS ATTRIBUTION 4.0 INTERNATIONAL LICENSE (CC BY 4.0)3 Enhanced Approach 2019/2020 > Streamlined review of third party content to a license compliance model to support: • Agile development • New technologies • Project success: • Lightweight and automated • Software development activity • Faster Service/Increase project velocity • Provide greater flexibility/predictability for projects • Reduce administrivia While remaining Risk Focused!
  4. 4. 4 COPYRIGHT (C) 2020, ECLIPSE FOUNDATION, INC. | THIS WORK IS LICENSED UNDER A CREATIVE COMMONS ATTRIBUTION 4.0 INTERNATIONAL LICENSE (CC BY 4.0) License Compliance Model - Third Party Content > License compatibility and licensing compliance focus for third party dependency libraries > Driven by a Board approved license whitelist https://www.eclipse.org/legal/licenses.php > Eclipse Projects enabled to self validate during development (trust but verify) > Full IP clearance required prior to formal releases > Leverage and trust other sources of license information 44
  5. 5. 5 COPYRIGHT (C) 2020, ECLIPSE FOUNDATION, INC. | THIS WORK IS LICENSED UNDER A CREATIVE COMMONS ATTRIBUTION 4.0 INTERNATIONAL LICENSE (CC BY 4.0) Trusted Sources of License Data > Eclipse Database (IPzilla) • Painstakingly built database over the lifespan of the EF • Deeply vetted • Vast amount of data (>20,000 records) > ClearlyDefined (OSI Initiative) • License data including source location and attribution • Harvested and curated data • Crowd Sourced > Eclipse works closely with ClearlyDefined • Curation (Spirit of Contributing Back) • Participation
  6. 6. 6 COPYRIGHT (C) 2020, ECLIPSE FOUNDATION, INC. | THIS WORK IS LICENSED UNDER A CREATIVE COMMONS ATTRIBUTION 4.0 INTERNATIONAL LICENSE (CC BY 4.0) Automated Tooling License Extraction Tool (Prototype at https://github.com/eclipse/dash-licenses) > Eclipse created an open source tool using CLI which generates a dependency file that maps against two sources of truth to resolve license information: • IPzilla (own database) • ClearyDefined’s service (score of 75 or higher/approved license(s)) • If dependencies are resolved as approved, no further action required by project • Unresolved license information or “restricted” content only requires closer scrutiny by the Eclipse IP Team > ScanCode Toolkit, Fossology and ClearlyDefined are also utilized directly by the IP Team
  7. 7. 7 COPYRIGHT (C) 2020, ECLIPSE FOUNDATION, INC. | THIS WORK IS LICENSED UNDER A CREATIVE COMMONS ATTRIBUTION 4.0 INTERNATIONAL LICENSE (CC BY 4.0) Best Practices > License compliance as part of the open source software development process > Bill of Materials Creation > Document license information • SPDX Identifiers usage • Copyright and License headers in source files • Readme, Notice and License File(s) included in repositories > Crowd Source with the greater open source community
  8. 8. 8 COPYRIGHT (C) 2020, ECLIPSE FOUNDATION, INC. | THIS WORK IS LICENSED UNDER A CREATIVE COMMONS ATTRIBUTION 4.0 INTERNATIONAL LICENSE (CC BY 4.0) Eclipse Projects - Open Source Compliance Eclipse Steady Secure use of open source components during application development. Discover, assess and mitigate known vulnerabilities with Eclipse Steady Eclipse SW360 Software catalogue application to provide a central place to share information on software components in the following areas: Component, License, Project, Vulnerability Eclipse SW360 Antenna Antenna scans artifacts of a project, downloads sources for dependencies, validates sources and licenses and creates dependencies with licenses as artifacts
  9. 9. 9 COPYRIGHT (C) 2020, ECLIPSE FOUNDATION, INC. | THIS WORK IS LICENSED UNDER A CREATIVE COMMONS ATTRIBUTION 4.0 INTERNATIONAL LICENSE (CC BY 4.0) Thank You COPYRIGHT (C) 2020, ECLIPSE FOUNDATION, INC. | THIS WORK IS LICENSED UNDER A CREATIVE COMMONS ATTRIBUTION 4.0 INTERNATIONAL LICENSE (CC BY 4.0)9 Questions - license@eclipse.org More Information can be read here

×