Intellectual Property Policy Changes Implementation
You’ve likely heard about the introduction of a new type of intellectual property (IP) due diligence for third party content. The short version is that our Type A Due Diligence involves a license certification only and our Type B Due Diligence provides our traditional license certification, provenance check, and code scan for various sorts of anomalies. I’ve been blogging about it: take a look at my blog’s Intellectual Property category for more information.
Vulnerability Reporting Process Tweaks
I’ve been working on some updates to our policy and procedures regarding security issues and vulnerability reporting.
Committers should familiarize themselves with the Eclipse Security Policy. The policy describes a means for tracking discussion on sensitive issues without immediately disclosing them to the public via a “committer only” designation in Bugzilla. Unfortunately, GitHub Issues does not have a means of privately discussing issues between committers, so we’ve set up a solution that uses the Eclipse Bugzilla instance. The Eclipse Webmaster created a generic bucket for capturing vulnerability reports and we are putting the pieces together to ensure that issue reports get directed correctly (e.g. assign them to the right project lead).
We’ve included a handy link on the security page to make it easy to create bug reports in the right state (i.e. with the committers only flag turned on). I encourage project teams (especially those working on runtime technology) to consider including a project-specific link for reporting vulnerabilities.
Note that it is our policy that all vulnerabilities eventually get disclosed, so issue privacy should be considered as short term state to give a project team an opportunity to get ahead of a vulnerability.
Google Summer of Code
From the Google Summer of Code Student Manual:
Google Summer of Code (GSoC) is a global program that matches students up with open source, free software and technology-related organizations to write code and get paid to do it! The organizations provide mentors who act as guides through the entire process, from learning about the community to contributing code. The idea is to get students involved in and familiar with the open source community and help them to put their summer break to good use.
Project teams that intend to participate in the Google Summer of Code should visit our Information Page, sign up for the soc-dev mailing list, and add student project ideas to the Ideas Page. You may also consider marking some of your bugs as helpwanted or bugday.
Note that we’re still in the mentoring organization application stage; we’ll let you know when it’s time to sigh up as a mentor or student.
There are some reviews concluding on February 15, 2017:
We have several proposals open for community review:
Please add your comments either directly on the proposal or in the Proposals forum.
We run reviews ending on the first and third Wednesday of each month. Our next scheduled review dates are March 1, 2017 and March 15, 2017.
For more information about releases and reviews, please see the Eclipse Project Handbook.
Eclipse Foundation Projects Team at Eclipse Converge and Devoxx US
The Eclipse Foundation Projects Team will be at Eclipse Converge and Devoxx US in March. We’ll be there to answer your questions, and help you work through any process-related issues. We’ll be hanging out the Eclipse Foundation’s Booth. Join us there!