Google Git
Sign in
eclipse / www.eclipse.org / legal / 4f143bb3d230ed920e7c910a3c186b18ffa332bc / . / committerguidelines.php
blob: 1a1e9f251b5d5f13f0d7c887add7b89ba490b5a5 [file] [log] [blame]
<?php
/*******************************************************************************
* Copyright (c) 2005,2012 Eclipse Foundation and others.
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the Eclipse Public License v1.0
* which accompanies this distribution, and is available at
* http://www.eclipse.org/legal/epl-v10.html
*
* Contributors:
* Mike Milinkovich (Eclipse Foundation)- initial API and implementation
*******************************************************************************/
require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/app.class.php");
require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/nav.class.php");
require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/menu.class.php");
$App = new App();
$Nav = new Nav();
$Menu = new Menu();
include($App->getProjectCommon());
$pageTitle = "Committer Due Diligence Guidelines";
$pageKeywords = "legal, foundation, committer, committers, diligence, guidelines, IP, intellectual property, policy, procedure";
$pageAuthor = "Mike Milinkovich";
ob_start(); ?>
<div id="midcolumn">
<div class="homeitem3col">
<h1><?php echo $pageTitle; ?></h1>
<p>Last updated: September 29, 2014</p>
<p><b>Introduction</b></p>
<p>Eclipse Committers play a very important role in the operation of the
Eclipse Foundation open source projects. This document outlines the responsibilities
and explains some of the basic concepts Eclipse Committers need to understand
in their role as a committer. If you are an Eclipse Committer, should
you have any questions after reading this document, your questions should
be submitted to your Project Management Committee (PMC) or the Eclipse
Management Organization (<a href="mailto:emo@eclipse.org">EMO</a>). </p>
<p><b>Contributors and Committers</b></p>
<p>Anyone who makes contributions to the Eclipse Foundation website and
to Eclipse Foundation projects are considered to be Contributors. These
Contributors submit contributions such as code, documentation, and other
materials, through a number of channels including the <a
href="/forums/" target="_top">forums</a>,
<a href="/mail/" target="_top">mailing lists</a>,
<a href="https://git.eclipse.org/r/">Gerrit code review system</a>,
and <a href="https://bugs.eclipse.org/bugs/">Bugzilla bug
reporting system</a>. In general, anyone may have access to these systems,
although passwords may be used for spam control puproses. Contributions
made through the forums and mailing lists are generally made when
users chat and exchange ideas. Contribution of code is very rarely made
through these channels. Code contributions would more likely be found
attached to a Bugzilla report.</p>
<p>Contributors that have made significant contributions to Eclipse Foundation
projects may be promoted to Committer status. A Contributor may become
a Committer once having been nominated and voted in by other Committers.
However, the appointment of a new Committer is subject to confirmation
by the relevant PMC. Committers have a responsibility to help ensure that
all content redistributed on the Eclipse Foundation servers is appropriate.
In the case of forum and mailing list posts and Bugzilla reports,
it is possible for Contributors to submit inappropriate content without
the knowledge of Committers. If a Committer finds content on one of these
systems that does not seem appropriate, based on the standards set out
in this document or based on the Committer&rsquo;s good judgement and experience,
they should contact the <a href="mailto:emo@eclipse.org">EMO</a> or a
PMC member immediately.</p>
<p>Committers receive write-access to Eclipse Foundation systems that contributors
do not have. Depending on the nature of their participation, this may
include write-access to the <a href="http://git.eclipse.org/c/">source code
repositories</a>, the <a href="/downloads/">download
servers</a>, and the <a href="/" target="_top">web
site</a>. Committed content in the source code repository becomes immediately
available to Eclipse Foundation visitors and users. More importantly,
this content is used to create daily builds that may be downloaded by
thousands of people each day and may be incorporated into many free and
commercially-available software products. Due to the potential for downstream
redistribution, Committers are required to help ensure that inappropriate
content is not placed in the source code repository. Content contributed to the
webpages on the Eclipse Foundation web site are less likely to be incorporated
into software products. However, by their nature, they may be seen by
visitors to the web site and their impact is generally more immediate.</p>
<p>Committers are usually contributors as well. In addition to incorporating
and releasing content contributed by others, Committers may commit, often
significant, contributions which they have developed themselves. Some
Committers may never commit any other content other than what they have
authored themselves. Even though they may be more confident in the pedigree
of their own contributions, they still need to ensure that their content
is appropriate.</p>
<p><b>How Content is Received</b></p>
<p>All content submitted through any of the channels existing on the Eclipse
Foundation website such as, the <a
href="/forums/" target="_top">forums</a>,
<a href="/mail/" target="_top">mailing
lists</a>, <a href="https://git.eclipse.org/r/">Gerrit code review system</a>,
and <a href="https://bugs.eclipse.org/bugs/">Bugzilla bug
reporting system</a> or any of the other services, are licensed to others
under the terms and conditions of the <a href="termsofuse.php">Eclipse.org
Terms of Use</a> (or one or more of the agreements or licenses it refers
to). All content submitted through any channel other than the Eclipse Foundation
website must be approved by the PMC, and submitted to the EMO, via the
<a href="http://wiki.eclipse.org/Development_Resources/Contribution_Questionnaire">Contribution Questionnaire</a>,
for due diligence approval, prior to being committed to the source code repository. It is
highly recommended that each committer review and understand the Eclipse
<A href="EclipseLegalProcessPoster.pdf">Due Diligence Process</A>.</p>
<p><b>How Content is Distributed</b></p>
<p>Users and recipients of content distributed by the Eclipse Foundation
are granted rights to the content by the various licenses used by the
Eclipse Foundation, primarily the EPL. The <a href="epl/notice.php">Eclipse Foundation Software
User Agreement</a> is the primary document used for distributing content. It is an umbrella
agreement that defers to various notices and licenses including the EPL. </p>
<a name="Due_Diligence"></a><h2>Due Diligence Procedures</h2>
<p>Also please see this Eclipse Legal process <a href="EclipseLegalProcessPoster.pdf">
overview document</a> which provides a pictorial representation of the due diligence process.</p>
<p><strong>Receiving contributions</strong></p>
<p>IMPORTANT NOTE: Committers should never accept a contribution received via a private
communication such as e-mail.
It is important that all contributions are received through one of the channels described
above to ensure that all necessary licenses are granted and that there is a public,
timestamped, and archived record of the submission.</p>
<p>Before accepting each contribution, the Committer must check the following:
<ol>
<li>The Contributor(s) must have an Eclipse Foundation <a href="CLA.php">Contributor License
Agreement</a> (CLA) on file. It is the responsibility of the Committer to verify that there is
a valid CLA on file for the author(s) of each contibution.</li>
<li>The Contributor must have signed-off the Contribution, indicating that they are
in compliance with the <a href="CoO.php">Eclipse Foundation Contributor&rsquo;s Certificate of Origin</a>.
</ol></p>
<p><strong>Appropriateness of Contributions</strong></p>
<p>A Committer cannot always assume that contributed content can be freely
used or redistributed. Committers are obligated to ensure the appropriate
due diligence has been completed before incorporating and redistributing
content received from others. The process for performing due diligence depends on whether
the contribution is deemed to be a &ldquo;significant&rdquo; one. A &quot;significant&quot;
contribution is a substantial amount of code or content that introduces major new functionality
into the code base, or any code or module which will be distributed under any license other than the EPL.
Any contribution greater than 1000 lines of code is deemed to be &quot;significant&quot;.
If necessary, the EMO can assist in determining whether a contribution should be classified as
&ldquo;significant&rdquo;.</p>
<p>For &ldquo;significant&rdquo; contributions, the following three steps should be used
in determining if the contributed content is suitable for committing to
an Eclipse Foundation project,</p>
<ol>
<li>The Committer, possibly with assistance from the Contributors, must complete the Eclipse Foundation
<a href="http://wiki.eclipse.org/Development_Resources/Contribution_Questionnaire">Contribution Questionnaire</a> ("CQ").</li>
<li>The PMC must approve of the content&rsquo;s suitability for the Eclipse Foundation
project, and indicate their approval on the CQ. The analysis performed by the PMC is usually
one of a purely technical nature.</li>
<li>The EMO must approve or not approve the contribution. This decision will be based upon the EMO&rsquo;s
due diligence review of the contribution&rsquo;s content and licensing. </li>
</ol>
<p>For simple bug fixes and minor enhancements contributed under the <a href="epl/notice.php">Eclipse Foundation Terms of Use</a>,
PMC and EMO approval is not required. However, the Committer is expected to ensure the appropriateness of the contribution
and its availability for redistribution and modification by the Eclipse Foundation. There are many factors in making these
determination, including things like license compatibility, confidentiality, copyright rights, patents, export control laws,
no profanity, acceptable standards of code quality and coding style, etc. If a Committer has any concerns on these topics,
they should seek assistance from the EMO.</p>
<p> If the contribution has any &#147;legal&#148; terms or conditions associated with
it whatsoever (other than a simple statement saying the contribution is
licensed under the EPL) the contribution must be approved by the
appropriate PMC before being utilized. Possible &#147;legal&#148; terms or
conditions include anything referring to &#147;copyright&#148;, &#147;patent&#148;, &#147;trade
secret&#148;, &#147;confidential&#148;, &#147;license&#148; or &#147;rights,&#148; or any other language
purporting to grant or reserve any rights to use or distribute the contribution,
or limit public distribution of the contribution. The PMC (with assistance from the EMO as necessary) will determine
if the &#147;legal&#148; language is consistent with the EPL as applicable.</p>
<p>Given the amount of time required to complete the due diligence process
on these packages, the Committer should allow sufficient time for the
appropriate review process to complete. </p>
<p><b>Cryptography</b></p>
<p>If the contribution is known or is believed to contain any type of encryption
or decryption software, the contribution must be approved by the appropriate
PMC before being utilized.</p>
<p>Cryptographic content from the Eclipse Foundation has been given a classification
as Export Commodity Control Number (ECCN) 5D002.C.1 by the U.S. Government
Department of Commerce, Bureau of Export Administration, and is deemed
eligible for export under License Exception ENC Technology Software Unrestricted
(TSU) for object code and (cryptographic) source code. However, under
this license exception, the content may not contain cryptanalytic functionality,
such as a cryptographic codebreaker. It is the Committer&rsquo;s obligation
to ensure that the content does not contain functionality that would require
a change in export classification.</p>
<p>Any modifications, additions or removal of cryptographic code, should
be brought to the PMC&rsquo;s attention.</p>
<p>Any Contributions containing Cryptography should have information regarding
the Cryptography documented in the &ldquo;About&rdquo; file for the plug-in that will
contain the Contribution (<a href="epl/about.php">example About file</a>). The Committer
should work with the EMO to ensure the About file has the appropriate
documentation before the contribution is committed to the source code repository.</p>
<p><b>Code Quality and Style</b></p>
<p>Each project may have its own standards for quality and style. However,
any profanity found in the code or its comments are considered unacceptable
and should be removed before the content is contributed. For more details
on the project&rsquo;s standards, please consult with the PMC.</p>
<p><b>Legal Documentation</b></p>
<p>It is very important that all content contains the correct legal documentation.
Please read the <a href="guidetolegaldoc.php">Guide to legal documentation for Eclipse-based content</a>.</p>
<p>If you require assistance in preparing any of this documentation, contact
your PMC or the <a href="mailto:emo@eclipse.org">EMO</a>. All legal documentation
should be approved by the EMO prior to committing the content.</p>
<p><b>Third-Party Content</b></p>
<p>There are cases where content redistributed at the Eclipse Foundation
is not received as a contribution under the default license(s) of the project
(which is typically the EPL). Rather, the
content was obtained from another source and is redistributed under another
license. The most common case is a Committer who wishes to redistribute
content maintained by another open source project, outside of the Eclipse
Foundation. Some examples of such packages currently being redistributed
by the Eclipse Foundation are projects maintained by <a
href="http://www.apache.org" target="_blank">The Apache Software Foundation</a>,
<a href="http://www.mozilla.org" target="_blank">Mozilla</a>, <a
href="http://www.gtk.org" target="_blank">GTK+</a>, <a
href="http://www.junit.org" target="_blank">JUnit</a>, <a
href="http://www.jcraft.com" target="_blank">JCraft</a>, and others.</p>
<p>Before any such package can be redistributed by the Eclipse Foundation,
the Committer must create a <a href="http://wiki.eclipse.org/Development_Resources/Contribution_Questionnaire">Contribution Questionnaire</a>,
providing details of the package to the EMO and the PMC. The package will
then be reviewed as follows:
<li>The PMC will decide whether the package&rsquo;s
functionality is required, and approve it for use by the project, </li>
<li>The EMO will decide on the compatibility of the contribution&rsquo;s
license with the EPL (or other default license(s) for the project), and</li>
<li>The EMO will initiate the <a href="EclipseLegalProcessPoster.pdf">
IP due diligence review</a>.</li>
</ul>
<p><b>Tracking Contributions</b></p>
<p>Tracking of each contribution within a project is very important from
a legal point of view. As well, it allows for the appropriate aknowledgement
of each contributor. Currently at the Eclipse Foundation, this information
about each contribution is typically maintained within the standard
<a href="copyrightandlicensenotice.php">copyright
and license notice</a> contained within the source files. However, it
is advisable that each project maintain a Project IP Log file to track the
summary information about each contribution and links to related Bugzilla
reports within a project. A well maintained Project IP Log will be a
valuable piece of information in anticipation of a major release. See <a href="http://wiki.eclipse.org/Development_Resources/Automatic_IP_Log#Contributors">
Using the IPLog+ Flag in Bugzilla</a> for helpful hints on maintaining your
Project IP Log. To find out about the Project IP Log file related to your project,
contact your PMC. </p>
<p><b>Summary</b></p>
<p>To avoid downstream problems, it is a necessity to exercise the appropriate
due diligence. In addition to these specific standards, the community
relies on Committers to exercise their own judgment with respect to other
factors that may deem the contribution to be inappropriate for use. If
a Committer has doubts about the appropriateness of the contribution for
any reason, then that Committer should investigate and consult with the
applicable PMC, who will call on or direct you to EMO resources if necessary.
<br/>
</p>
</div>
</div>
<!-- <div id="rightcolumn">
<div class="sideitem">
<h6>Related Links</h6>
<ul>
<li><a href="https://projects.eclipse.org/user/cla/validate>CLA Validator Tool</a></li>
</ul>
</div>
</div> -->
<?php
$html = ob_get_contents();
ob_end_clean();
$App->generatePage($theme, $Menu, $Nav, $pageAuthor, $pageKeywords, $pageTitle, $html);
?>