| <?php |
| /******************************************************************************* |
| * Copyright (c) 2005,2012 Eclipse Foundation and others. |
| * All rights reserved. This program and the accompanying materials |
| * are made available under the terms of the Eclipse Public License v1.0 |
| * which accompanies this distribution, and is available at |
| * http://www.eclipse.org/legal/epl-v10.html |
| * |
| * Contributors: |
| * Mike Milinkovich (Eclipse Foundation)- initial API and implementation |
| *******************************************************************************/ |
| require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/app.class.php"); |
| require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/nav.class.php"); |
| require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/menu.class.php"); |
| $App = new App(); |
| $Nav = new Nav(); |
| $Menu = new Menu(); |
| include($App->getProjectCommon()); |
| |
| $pageTitle = "Committer Due Diligence Guidelines"; |
| $pageKeywords = "legal, foundation, committer, committers, diligence, guidelines, IP, intellectual property, policy, procedure"; |
| $pageAuthor = "Mike Milinkovich"; |
| |
| ob_start(); ?> |
| |
| <div id="midcolumn"> |
| <div class="homeitem3col"> |
| <h1><?php echo $pageTitle; ?></h1> |
| <p>Last updated: September 29, 2014</p> |
| <p><b>Introduction</b></p> |
| <p>Eclipse Committers play a very important role in the operation of the |
| Eclipse Foundation open source projects. This document outlines the responsibilities |
| and explains some of the basic concepts Eclipse Committers need to understand |
| in their role as a committer. If you are an Eclipse Committer, should |
| you have any questions after reading this document, your questions should |
| be submitted to your Project Management Committee (PMC) or the Eclipse |
| Management Organization (<a href="mailto:emo@eclipse.org">EMO</a>). </p> |
| <p><b>Contributors and Committers</b></p> |
| <p>Anyone who makes contributions to the Eclipse Foundation website and |
| to Eclipse Foundation projects are considered to be Contributors. These |
| Contributors submit contributions such as code, documentation, and other |
| materials, through a number of channels including the <a |
| href="/forums/" target="_top">forums</a>, |
| <a href="/mail/" target="_top">mailing lists</a>, |
| <a href="https://git.eclipse.org/r/">Gerrit code review system</a>, |
| and <a href="https://bugs.eclipse.org/bugs/">Bugzilla bug |
| reporting system</a>. In general, anyone may have access to these systems, |
| although passwords may be used for spam control puproses. Contributions |
| made through the forums and mailing lists are generally made when |
| users chat and exchange ideas. Contribution of code is very rarely made |
| through these channels. Code contributions would more likely be found |
| attached to a Bugzilla report.</p> |
| <p>Contributors that have made significant contributions to Eclipse Foundation |
| projects may be promoted to Committer status. A Contributor may become |
| a Committer once having been nominated and voted in by other Committers. |
| However, the appointment of a new Committer is subject to confirmation |
| by the relevant PMC. Committers have a responsibility to help ensure that |
| all content redistributed on the Eclipse Foundation servers is appropriate. |
| In the case of forum and mailing list posts and Bugzilla reports, |
| it is possible for Contributors to submit inappropriate content without |
| the knowledge of Committers. If a Committer finds content on one of these |
| systems that does not seem appropriate, based on the standards set out |
| in this document or based on the Committer’s good judgement and experience, |
| they should contact the <a href="mailto:emo@eclipse.org">EMO</a> or a |
| PMC member immediately.</p> |
| <p>Committers receive write-access to Eclipse Foundation systems that contributors |
| do not have. Depending on the nature of their participation, this may |
| include write-access to the <a href="http://git.eclipse.org/c/">source code |
| repositories</a>, the <a href="/downloads/">download |
| servers</a>, and the <a href="/" target="_top">web |
| site</a>. Committed content in the source code repository becomes immediately |
| available to Eclipse Foundation visitors and users. More importantly, |
| this content is used to create daily builds that may be downloaded by |
| thousands of people each day and may be incorporated into many free and |
| commercially-available software products. Due to the potential for downstream |
| redistribution, Committers are required to help ensure that inappropriate |
| content is not placed in the source code repository. Content contributed to the |
| webpages on the Eclipse Foundation web site are less likely to be incorporated |
| into software products. However, by their nature, they may be seen by |
| visitors to the web site and their impact is generally more immediate.</p> |
| <p>Committers are usually contributors as well. In addition to incorporating |
| and releasing content contributed by others, Committers may commit, often |
| significant, contributions which they have developed themselves. Some |
| Committers may never commit any other content other than what they have |
| authored themselves. Even though they may be more confident in the pedigree |
| of their own contributions, they still need to ensure that their content |
| is appropriate.</p> |
| |
| <p><b>How Content is Received</b></p> |
| <p>All content submitted through any of the channels existing on the Eclipse |
| Foundation website such as, the <a |
| href="/forums/" target="_top">forums</a>, |
| <a href="/mail/" target="_top">mailing |
| lists</a>, <a href="https://git.eclipse.org/r/">Gerrit code review system</a>, |
| and <a href="https://bugs.eclipse.org/bugs/">Bugzilla bug |
| reporting system</a> or any of the other services, are licensed to others |
| under the terms and conditions of the <a href="termsofuse.php">Eclipse.org |
| Terms of Use</a> (or one or more of the agreements or licenses it refers |
| to). All content submitted through any channel other than the Eclipse Foundation |
| website must be approved by the PMC, and submitted to the EMO, via the |
| <a href="http://wiki.eclipse.org/Development_Resources/Contribution_Questionnaire">Contribution Questionnaire</a>, |
| for due diligence approval, prior to being committed to the source code repository. It is |
| highly recommended that each committer review and understand the Eclipse |
| <A href="EclipseLegalProcessPoster.pdf">Due Diligence Process</A>.</p> |
| |
| <p><b>How Content is Distributed</b></p> |
| <p>Users and recipients of content distributed by the Eclipse Foundation |
| are granted rights to the content by the various licenses used by the |
| Eclipse Foundation, primarily the EPL. The <a href="epl/notice.php">Eclipse Foundation Software |
| User Agreement</a> is the primary document used for distributing content. It is an umbrella |
| agreement that defers to various notices and licenses including the EPL. </p> |
| |
| <a name="Due_Diligence"></a><h2>Due Diligence Procedures</h2> |
| |
| <p>Also please see this Eclipse Legal process <a href="EclipseLegalProcessPoster.pdf"> |
| overview document</a> which provides a pictorial representation of the due diligence process.</p> |
| |
| <p><strong>Receiving contributions</strong></p> |
| <p>IMPORTANT NOTE: Committers should never accept a contribution received via a private |
| communication such as e-mail. |
| It is important that all contributions are received through one of the channels described |
| above to ensure that all necessary licenses are granted and that there is a public, |
| timestamped, and archived record of the submission.</p> |
| <p>Before accepting each contribution, the Committer must check the following: |
| <ol> |
| <li>The Contributor(s) must have an Eclipse Foundation <a href="CLA.php">Contributor License |
| Agreement</a> (CLA) on file. It is the responsibility of the Committer to verify that there is |
| a valid CLA on file for the author(s) of each contibution.</li> |
| <li>The Contributor must have signed-off the Contribution, indicating that they are |
| in compliance with the <a href="CoO.php">Eclipse Foundation Contributor’s Certificate of Origin</a>. |
| </ol></p> |
| |
| <p><strong>Appropriateness of Contributions</strong></p> |
| <p>A Committer cannot always assume that contributed content can be freely |
| used or redistributed. Committers are obligated to ensure the appropriate |
| due diligence has been completed before incorporating and redistributing |
| content received from others. The process for performing due diligence depends on whether |
| the contribution is deemed to be a “significant” one. A "significant" |
| contribution is a substantial amount of code or content that introduces major new functionality |
| into the code base, or any code or module which will be distributed under any license other than the EPL. |
| Any contribution greater than 1000 lines of code is deemed to be "significant". |
| If necessary, the EMO can assist in determining whether a contribution should be classified as |
| “significant”.</p> |
| |
| <p>For “significant” contributions, the following three steps should be used |
| in determining if the contributed content is suitable for committing to |
| an Eclipse Foundation project,</p> |
| <ol> |
| <li>The Committer, possibly with assistance from the Contributors, must complete the Eclipse Foundation |
| <a href="http://wiki.eclipse.org/Development_Resources/Contribution_Questionnaire">Contribution Questionnaire</a> ("CQ").</li> |
| <li>The PMC must approve of the content’s suitability for the Eclipse Foundation |
| project, and indicate their approval on the CQ. The analysis performed by the PMC is usually |
| one of a purely technical nature.</li> |
| <li>The EMO must approve or not approve the contribution. This decision will be based upon the EMO’s |
| due diligence review of the contribution’s content and licensing. </li> |
| </ol> |
| <p>For simple bug fixes and minor enhancements contributed under the <a href="epl/notice.php">Eclipse Foundation Terms of Use</a>, |
| PMC and EMO approval is not required. However, the Committer is expected to ensure the appropriateness of the contribution |
| and its availability for redistribution and modification by the Eclipse Foundation. There are many factors in making these |
| determination, including things like license compatibility, confidentiality, copyright rights, patents, export control laws, |
| no profanity, acceptable standards of code quality and coding style, etc. If a Committer has any concerns on these topics, |
| they should seek assistance from the EMO.</p> |
| <p> If the contribution has any “legal” terms or conditions associated with |
| it whatsoever (other than a simple statement saying the contribution is |
| licensed under the EPL) the contribution must be approved by the |
| appropriate PMC before being utilized. Possible “legal” terms or |
| conditions include anything referring to “copyright”, “patent”, “trade |
| secret”, “confidential”, “license” or “rights,” or any other language |
| purporting to grant or reserve any rights to use or distribute the contribution, |
| or limit public distribution of the contribution. The PMC (with assistance from the EMO as necessary) will determine |
| if the “legal” language is consistent with the EPL as applicable.</p> |
| <p>Given the amount of time required to complete the due diligence process |
| on these packages, the Committer should allow sufficient time for the |
| appropriate review process to complete. </p> |
| <p><b>Cryptography</b></p> |
| <p>If the contribution is known or is believed to contain any type of encryption |
| or decryption software, the contribution must be approved by the appropriate |
| PMC before being utilized.</p> |
| <p>Cryptographic content from the Eclipse Foundation has been given a classification |
| as Export Commodity Control Number (ECCN) 5D002.C.1 by the U.S. Government |
| Department of Commerce, Bureau of Export Administration, and is deemed |
| eligible for export under License Exception ENC Technology Software Unrestricted |
| (TSU) for object code and (cryptographic) source code. However, under |
| this license exception, the content may not contain cryptanalytic functionality, |
| such as a cryptographic codebreaker. It is the Committer’s obligation |
| to ensure that the content does not contain functionality that would require |
| a change in export classification.</p> |
| <p>Any modifications, additions or removal of cryptographic code, should |
| be brought to the PMC’s attention.</p> |
| <p>Any Contributions containing Cryptography should have information regarding |
| the Cryptography documented in the “About” file for the plug-in that will |
| contain the Contribution (<a href="epl/about.php">example About file</a>). The Committer |
| should work with the EMO to ensure the About file has the appropriate |
| documentation before the contribution is committed to the source code repository.</p> |
| <p><b>Code Quality and Style</b></p> |
| <p>Each project may have its own standards for quality and style. However, |
| any profanity found in the code or its comments are considered unacceptable |
| and should be removed before the content is contributed. For more details |
| on the project’s standards, please consult with the PMC.</p> |
| <p><b>Legal Documentation</b></p> |
| <p>It is very important that all content contains the correct legal documentation. |
| Please read the <a href="guidetolegaldoc.php">Guide to legal documentation for Eclipse-based content</a>.</p> |
| |
| <p>If you require assistance in preparing any of this documentation, contact |
| your PMC or the <a href="mailto:emo@eclipse.org">EMO</a>. All legal documentation |
| should be approved by the EMO prior to committing the content.</p> |
| |
| <p><b>Third-Party Content</b></p> |
| <p>There are cases where content redistributed at the Eclipse Foundation |
| is not received as a contribution under the default license(s) of the project |
| (which is typically the EPL). Rather, the |
| content was obtained from another source and is redistributed under another |
| license. The most common case is a Committer who wishes to redistribute |
| content maintained by another open source project, outside of the Eclipse |
| Foundation. Some examples of such packages currently being redistributed |
| by the Eclipse Foundation are projects maintained by <a |
| href="http://www.apache.org" target="_blank">The Apache Software Foundation</a>, |
| <a href="http://www.mozilla.org" target="_blank">Mozilla</a>, <a |
| href="http://www.gtk.org" target="_blank">GTK+</a>, <a |
| href="http://www.junit.org" target="_blank">JUnit</a>, <a |
| href="http://www.jcraft.com" target="_blank">JCraft</a>, and others.</p> |
| <p>Before any such package can be redistributed by the Eclipse Foundation, |
| the Committer must create a <a href="http://wiki.eclipse.org/Development_Resources/Contribution_Questionnaire">Contribution Questionnaire</a>, |
| providing details of the package to the EMO and the PMC. The package will |
| then be reviewed as follows: |
| |
| <li>The PMC will decide whether the package’s |
| functionality is required, and approve it for use by the project, </li> |
| <li>The EMO will decide on the compatibility of the contribution’s |
| license with the EPL (or other default license(s) for the project), and</li> |
| <li>The EMO will initiate the <a href="EclipseLegalProcessPoster.pdf"> |
| IP due diligence review</a>.</li> |
| </ul> |
| |
| |
| <p><b>Tracking Contributions</b></p> |
| <p>Tracking of each contribution within a project is very important from |
| a legal point of view. As well, it allows for the appropriate aknowledgement |
| of each contributor. Currently at the Eclipse Foundation, this information |
| about each contribution is typically maintained within the standard |
| <a href="copyrightandlicensenotice.php">copyright |
| and license notice</a> contained within the source files. However, it |
| is advisable that each project maintain a Project IP Log file to track the |
| summary information about each contribution and links to related Bugzilla |
| reports within a project. A well maintained Project IP Log will be a |
| valuable piece of information in anticipation of a major release. See <a href="http://wiki.eclipse.org/Development_Resources/Automatic_IP_Log#Contributors"> |
| Using the IPLog+ Flag in Bugzilla</a> for helpful hints on maintaining your |
| Project IP Log. To find out about the Project IP Log file related to your project, |
| contact your PMC. </p> |
| |
| <p><b>Summary</b></p> |
| <p>To avoid downstream problems, it is a necessity to exercise the appropriate |
| due diligence. In addition to these specific standards, the community |
| relies on Committers to exercise their own judgment with respect to other |
| factors that may deem the contribution to be inappropriate for use. If |
| a Committer has doubts about the appropriateness of the contribution for |
| any reason, then that Committer should investigate and consult with the |
| applicable PMC, who will call on or direct you to EMO resources if necessary. |
| <br/> |
| </p> |
| </div> |
| </div> |
| |
| <!-- <div id="rightcolumn"> |
| <div class="sideitem"> |
| <h6>Related Links</h6> |
| <ul> |
| <li><a href="https://projects.eclipse.org/user/cla/validate>CLA Validator Tool</a></li> |
| </ul> |
| </div> |
| </div> --> |
| |
| <?php |
| $html = ob_get_contents(); |
| ob_end_clean(); |
| $App->generatePage($theme, $Menu, $Nav, $pageAuthor, $pageKeywords, $pageTitle, $html); |
| |
| ?> |