Eclipse IP Management Modernization Sharon Corbett MODERNIZATION

Eclipse IP Management Modernization Sharon Corbett MODERNIZATION

Eclipse IP Management Modernization Sharon Corbett MODERNIZATION ● Eclipse IP - About ● Issue Statement WELCOME ● Objectives/Benefits ● License Compliance ● Self Service ● New Process Overview ● Futures ● Best Practices ● OSCM ● Wrap Up Eclipse Intellectual Property Management > Eclipse IP Policy (Board Approved) ○ Defines mechanism for accepting and licensing the intellectual property developed and leveraged by Eclipse projects > Legal Agreements ○ Formal - ECA, Committer Agreements, Working Group Participation Agreements > Due Diligence Review Process ○ Provenance, License Compatibility, Scanning for Anomalies ○ IP Ticket (CQ) > Commercial Adoption (Confidence/Safe) > High Bar, Rigorous, Well Respected COPYRIGHT (C) 2019, ECLIPSE FOUNDATION, INC. | MADE AVAILABLE UNDER THE ECLIPSE PUBLIC LICENSE 2.0 (EPL-2.0) What’s at Issue? > Eclipse IP Policy and Procedures (2004) > Significant changes over time > Cannot support agile development nor continuous delivery > Impossible to scale to modern day technology (Node.JS, Electron, NPM, etc.) > Burdensome - Lack of Automation COPYRIGHT (C) 2019, ECLIPSE FOUNDATION, INC. | MADE AVAILABLE UNDER THE ECLIPSE PUBLIC LICENSE 2.0 (EPL-2.0) The Time has Arrived ... > Bring Eclipse IP Policy and Process in line with contemporary expectations! COPYRIGHT (C) 2019, ECLIPSE FOUNDATION, INC. | MADE AVAILABLE UNDER THE ECLIPSE PUBLIC LICENSE 2.0 (EPL-2.0) Eclipse IP Governance Approach (Redefined) > Revise the IP Review requirements for third party content > Update IP Policy ○ Change due diligence approach for third party content ○ Streamline Definitions ■ Project content ■ Third party content ■ Official Release=Distributed Content (NOT git commits, milestone, nightly, etc.) > IP Advisory Committee Review > Board Approval (October 21, 2019) COPYRIGHT (C) 2019, ECLIPSE FOUNDATION, INC. | MADE AVAILABLE UNDER THE ECLIPSE PUBLIC LICENSE 2.0 (EPL-2.0) Objective > Focus on License Compliance Model only for third party content (leveraged only; not otherwise produced or managed by Eclipse projects) > Reduce burden/lower barriers > Shift focus to other areas of high value > Trust “other” sources of information > Remain WELL RESPECTED and RISK FOCUSED COPYRIGHT (C) 2019, ECLIPSE FOUNDATION, INC. | MADE AVAILABLE UNDER THE ECLIPSE PUBLIC LICENSE 2.0 (EPL-2.0) Objective > Remove gate based on IP delays (faster service) > Increase project velocity > Provide flexibility and predictability > Reduce administrivia > Parallel IP (standard) > New projects bring history (no review) COPYRIGHT (C) 2019, ECLIPSE FOUNDATION, INC. | MADE AVAILABLE UNDER THE ECLIPSE PUBLIC LICENSE 2.0 (EPL-2.0) Objective > Removal of Type A/B Stigma (Release vs Project) > Allow project teams to adopt license compatible third party content during development cycle > IP team certification prior to formal release > Provide training/education > Engagement with broader intellectual property community (leadership) COPYRIGHT (C) 2019, ECLIPSE FOUNDATION, INC. | MADE AVAILABLE UNDER THE ECLIPSE PUBLIC LICENSE 2.0 (EPL-2.0) License Compliance Model > Eclipse Foundation will stop performing deep copyright provenance reviews of Third Party Content > Focus on license compatibility (standard) and licensing compliance > Licenses driven by Board Approved Whitelist > Leverage and trust “other” third party license sources (eg. ClearlyDefined) > Enable projects to validate license compliance during development (trust but verify) COPYRIGHT (C) 2019, ECLIPSE FOUNDATION, INC. | MADE AVAILABLE UNDER THE ECLIPSE PUBLIC LICENSE 2.0 (EPL-2.0) Applies to Third Party Content ONLY! COPYRIGHT (C) 2019, ECLIPSE FOUNDATION, INC. | MADE AVAILABLE UNDER THE ECLIPSE PUBLIC LICENSE 2.0 (EPL-2.0) New Model COPYRIGHT (C) 2019, ECLIPSE FOUNDATION, INC. | MADE AVAILABLE UNDER THE ECLIPSE PUBLIC LICENSE 2.0 (EPL-2.0) Self Service Validation ClearlyDefined BoM License A License Whitelist 5 B 1 Service C D Overrides 2 BoM A (EPL-v2.0) B (MIT) C (Apache-2.0) D (?) 4 3 IP Team Review Project Team Eclipse IP Team COPYRIGHT (C) 2019, ECLIPSE FOUNDATION, INC. | MADE AVAILABLE UNDER THE ECLIPSE PUBLIC LICENSE 2.0 (EPL-2.0) New Process Overview 4 Develop and Self Service 1 Build Validation 2 3 IP Team IP Team Certification Resolution and Verification Release COPYRIGHT (C) 2019, ECLIPSE FOUNDATION, INC. | MADE AVAILABLE UNDER THE ECLIPSE PUBLIC LICENSE 2.0 (EPL-2.0) Engagement with the IP Team > IP Ticket (CQ) request only when/if required > IP Ticket (CQ) if the dependency contains cryptography (declaration model) > Projects must engage prior to a formal release for final IP clearance! COPYRIGHT (C) 2019, ECLIPSE FOUNDATION, INC. | MADE AVAILABLE UNDER THE ECLIPSE PUBLIC LICENSE 2.0 (EPL-2.0) COPYRIGHT (C) 2019, ECLIPSE FOUNDATION, INC. | MADE AVAILABLE UNDER THE ECLIPSE PUBLIC LICENSE 2.0 (EPL-2.0) CQ REQUIREMENT FOR THIRD PARTY CONTENT ONLY WHEN/IF REQUIRED! COPYRIGHT (C) 2019, ECLIPSE FOUNDATION, INC. | MADE AVAILABLE UNDER THE ECLIPSE PUBLIC LICENSE 2.0 (EPL-2.0) What does this really mean for me? > Project onus will be fairly lightweight > Compliance Report will identify any IP violations > Projects are relieved of the responsibility to request IP review for every third party package requirement > Projects should take care to only introduce dependencies that are subject to compatible licenses COPYRIGHT (C) 2019, ECLIPSE FOUNDATION, INC. | MADE AVAILABLE UNDER THE ECLIPSE PUBLIC LICENSE 2.0 (EPL-2.0) Again, what does this really mean for me? > NO piggyback/reuse CQs > NO CQ before Adding to Orbit > NO CQ before you start leveraging a certain library > Periodic checks to ensure projects are on the right path COPYRIGHT (C) 2019, ECLIPSE FOUNDATION, INC. | MADE AVAILABLE UNDER THE ECLIPSE PUBLIC LICENSE 2.0 (EPL-2.0) Tracking Dependencies Current Process New Approach Tracking via IP Tickets (CQs) Tracking via Bill of Materials Submitted by Committers Ideally generated from build; e.g. Maven, Gradle, NPM dependency list, etc. IP Log Generated (IP Tickets/CQs) IP Log Generated (Bill of Materials) IP Log Review IP Log Review IP Log Approval IP Log Approval Project Release Project Release COPYRIGHT (C) 2019, ECLIPSE FOUNDATION, INC. | MADE AVAILABLE UNDER THE ECLIPSE PUBLIC LICENSE 2.0 (EPL-2.0) Next Steps > Prototype development/testing ○ Several projects in experimental drive > Implementation roll out prior to end of year ○ Current infrastructure ○ Updates to documentation, committer handbook, front end systems, etc. > Futures: ○ Build level Integration/automation ○ Automate an end-to-end system ○ Replace IPzilla ○ Security vulnerabilities COPYRIGHT (C) 2019, ECLIPSE FOUNDATION, INC. | MADE AVAILABLE UNDER THE ECLIPSE PUBLIC LICENSE 2.0 (EPL-2.0) Community Engagement COPYRIGHT (C) 2019, ECLIPSE FOUNDATION, INC. | MADE AVAILABLE UNDER THE ECLIPSE PUBLIC LICENSE 2.0 (EPL-2.0) IP Best Practices > Include copyright and license headers on source files > Include license text file in repository > Include notice file (third party content information, versions, licenses, any other information in order to comply with license terms, etc. > Include contributing file (formal or non-formal) > Identify project license on Github landing page (readme) COPYRIGHT (C) 2019, ECLIPSE FOUNDATION, INC. | MADE AVAILABLE UNDER THE ECLIPSE PUBLIC LICENSE 2.0 (EPL-2.0) Trust Other Sources > Leverage other sources of license data > Donate our curated license data > Crowd source with the greater community COPYRIGHT (C) 2019, ECLIPSE FOUNDATION, INC. | MADE AVAILABLE UNDER THE ECLIPSE PUBLIC LICENSE 2.0 (EPL-2.0) Open Source Compliance Movement SPDX - open standard for communicating software bill of material information (components, licenses, copyrights and security references) https://spdx.org/ (Adoption) ClearyDefined - crowd sourced OSI Initiative to help FOSS projects; the project focuses on source location, clarifies applicable licensing and address security vulnerabilities https://clearlydefined.io/about (Engagement) CISQ - Standardized tool-to-tool Software Bill of Materials (SBOM) https://www.it-cisq.org/software-bill-of-materials/index.htm Reuse Software - choose license, add copyright and license information to each file, confirm REUSE Compliance https://reuse.software/ OpenChain - Its specification identifies the key requirements of a quality open source compliance program and show organizations how to meet the requirements https://www.openchainproject.org/ COPYRIGHT (C) 2019, ECLIPSE FOUNDATION, INC. | MADE AVAILABLE UNDER THE ECLIPSE PUBLIC LICENSE 2.0 (EPL-2.0) THANKS! Contact: emo-ip-team@eclipse-foundation.org Helpful Links: https://www.eclipse.org/org/documents/Eclipse_IP_Policy.pdf https://www.eclipse.org/legal/ https://www.eclipse.org/legal/licenses.php COPYRIGHT (C) 2019, ECLIPSE FOUNDATION, INC. | MADE AVAILABLE UNDER THE ECLIPSE PUBLIC LICENSE 2.0 (EPL-2.0).

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    26 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us