Eclipse Foundation Projects Calendar

The Eclipse Foundation Projects Team schedules events to discuss the Eclipse Foundation Development Process, the Eclipse Foundation Intellectual Property Policy Policy and Eclipse Foundation Due Diligence Process, and other related topics.

Upcoming events (all times are UTC) [iCal]:

Office Hours Recordings

The EMO hosts a monthly call to discuss the Eclipse Foundation Development Process, changes to the Eclipse IP Policy and Due Diligence Process, and other related topics. All Eclipse open source project committers are invited to join. The format is flexible: we generally start with a very short presentation followed by a question and answer session. Bring your questions and the Eclipse Management Organization team will try to provide answers.

We record only the formal presentation part of our "Office Hours" sessions.

We're tracking the evolution of this concept via EMO Issue #402. Post questions on that issue, or connect with the EMO via email at emo@eclipse-foundation.org.

Future Topics

These are tentative topics for future sessions. We reserve the right to change these plans.

Eclipse Projects and SLSA: Supply Chain Levels for Software Artifacts (SLSA) is a security framework that helps ensure the integrity of software artifacts.

Intellectual Property Due Diligence

Recorded on November 9, 2023

During this week's (online) office hours, we spent a few minutes reminding committers of the services that we make available for Eclipse committers to help reduce the burden of intellectual property management. Specifically, we discussed the processes and tools that we have in place to help with due diligence review of project code and the third party content that leverage. Naturally, this discussion covered some usage scenarios of the Eclipse Dash License Tool and IPLab. We also spoke a little bit about SBOMs.

Notes

Open Source distributions in a cloud-native world: from a technical to a legal point of view [EclipseCon 2023] [recording]
The Eclipse Dash License Tool
Manually create IP review requests via IPLab
SBOM Best Practices
Wayne is not a lawyer

SBOMs and Project Metadata

Recorded on October 12, 2023

Generating SBOMs directly as part of your build, and (at least in the case of Maven) sharing them to the software repository is relatively straightforward. To really leverage the the tools to generate SBOMs, however, we need your help to tighten up the metadata captured in your build scripts (e.g., capture license information as SPDX expressions in your pom.xml file) and update your builds to generate the SBOMs.

Notes

SBOM Best Practices

Eclipse Otterdog

Recorded on September 14, 2023

Thomas Neidhart from the Eclipse Foundation's Security Team will present Otterdog: a tool to manage GitHub organizations at scale using a configuration as code approach.

Notes:

Otterdog on GitLab

Request assistance with Otterdog

2023 Committer Survey Hightlights

Recorded on August 10, 2023

Maria Teresa provides an overview of what we learned from our recent (2023) committer survey.

Progress Reviews

Recorded on June 8, 2023

Progress reviews are a fundamental bit of governance that Eclipse open source project teams engage in periodically (generally annually). By engaging in a progress review, an open source project team can push out official releases for a full year. For long-time Eclipse Committers... progress reviews are fundamentally the same as release reviews (the primary difference being that release reviews tend to be aligned with a specific release). Note that specification projects are required to engage in release reviews for every release.

The EMO doesn't tend to think of reviews as pass/fail events. Rather, these reviews are an opportunity for the EMO and PMC to make sure that Eclipse project teams understand their responsibilities under the Eclipse Foundation Development Process and the Eclipse IP Due Diligence Process, and are generally engaging in vendor neutral open, transparent, and meritocratic practices to attract contribution and participation.

Notes:

One thing that we forgot to mention in the talk is how to actually initiate a progress review. To initiate a progress review, send a note to EMO and the team will lead you through the process. Note that the EMO does periodically initiate progress reviews on behalf of a project.

Progress Reviews in the Eclipse Foundation Project Handbook;
Documentation Generator (accessible by committers only);
The Eclipse Dash License Tool;
Generating SBOM for Eclipse Projects

May 2023 Update

Recorded on May 11, 2023

In ths session, we delivered status updates on various efforts that we've been engaged in, including: progress reviews; the Eclipse Dash License Tool; and generating SBOMs for Eclipse Projects.

Notes:

Someone Reports a Security Issue in my Project! Now What?

Recorded on April 24, 2023

Special Extra! This session was recorded as part of the Virtual Eclipse Community Meetups.

All projects have bugs. Some of them have a security impact and can be used to cause harm. We call them vulnerabilities. Because of the possible impact of security issues, we handle them differently. This talk will guide the audience through the Eclipse Foundation processes of reporting and managing vulnerabilities with new tooling. As a bonus, Marta will show resources for your project, like a SECURITY.md template.

Notes:

Managing and Reporting Vulnerabilities

AI and Contribution

Recorded on April 13, 2023

This presentation is intended to start a conversation about what our policy/position should be with regard to how we deal with contributions of content generated by an AI.

Note that our current policy is that we do not accept contributions generated by an AI as doing so is--at least--in conflict with the ECA/DCO (note that an AI cannot sign the ECA).