| Re: [eclipse.org-architecture-council] License Checker Tool |
Wayne,
Since there were only 30 CQs which had gotten a PMC -1, I took a
spin through them. A small number (including one from my project)
had incompatible licenses, a few were -1'ed in favor of piggy-back
CQs, and only 3 were -1'ed since in 2018 and after. (Half of the
30 were from one working group, most of those from one project.)
I wonder if the PMCs are considering the technical merits of dependencies. If they are, then as a group, we've gotten pretty good at asking for the right dependencies.
I like the idea of the technical review, but it either isn't commonly producing rejections 'cause open source quality has gone up or we're all just approving each others CQs...
Are there other ways we could be automating the review? I really like the idea of managing things in the Java ecosystem by Maven GAVs with ClearlyDefined. If we started putting together a set of rules around that we may be able to get more lift and achieve the goal of a technical review.
For instance, GitHub is inspecting poms and telling repo admins
about CVE vulnerabilities. In a similar vein, if we had a way to
maintain a committer-managed database of info about a given GAV,
we maybe could get some lift.
If you try to ask for a common library, maybe you could get a
suggestion about alternatives. For instance, importing Guava just
to get null checks is asking for it years down the road... Maybe
there'd be a way to search for usage of a given library. (E.g.,
could you find everyone's favorite csv library or whatnot?)
Cheers,
JimThe first step is to have the tool recognise that a CQ is required and help the committer create CQs. Having some sort of automation would be cool.
Note that ClearlyDefined automatically harvests data, so it's possible that subsequent invocations of the tool will have better results. At this point, I don't know how quickly their harvester finds new information, and expect that we're still going to have to actually create CQs for content that we don't have good vetted license information for.
Like I said, this is a half-baked implementation and input is appreciated.
Wayne
On Wed, Feb 26, 2020 at 3:43 PM Julien Viet <julien@xxxxxxxxxxxxxx> wrote:
are there plans to have a CLI for managing CQ's ?_______________________________________________
On 26 Feb 2020, at 21:10, Wayne Beaton <wayne.beaton@xxxxxxxxxxxxxxxxxxxxxx> wrote:
Thanks for noticing. We're trying to put new CQs into the right state from the get-go (e.g., make IPzilla stop asking for code attachments for workswith CQs). Please bear with us (and do report bugs) as we wrestle with these changes.
Wayne
On Mon, Feb 24, 2020 at 5:49 AM Mickael Istria <mistria@xxxxxxxxxx> wrote:
By the way, I just tried to open a new CQ from the form and see the form was enriched with much more contextual help and information to take the best decision with less efforts, that's great!_______________________________________________
eclipse.org-architecture-council mailing list
eclipse.org-architecture-council@xxxxxxxxxxx
https://www.eclipse.org/mailman/listinfo/eclipse.org-architecture-council
IMPORTANT: Membership in this list is generated by processes internal to the Eclipse Foundation. To be permanently removed from this list, you must contact emo@xxxxxxxxxxx to request removal.
--
_______________________________________________Wayne BeatonDirector of Open Source Projects | Eclipse Foundation, Inc.
eclipse.org-architecture-council mailing list
eclipse.org-architecture-council@xxxxxxxxxxx
https://www.eclipse.org/mailman/listinfo/eclipse.org-architecture-council
IMPORTANT: Membership in this list is generated by processes internal to the Eclipse Foundation. To be permanently removed from this list, you must contact emo@xxxxxxxxxxx to request removal.
eclipse.org-architecture-council mailing list
eclipse.org-architecture-council@xxxxxxxxxxx
https://www.eclipse.org/mailman/listinfo/eclipse.org-architecture-council
IMPORTANT: Membership in this list is generated by processes internal to the Eclipse Foundation. To be permanently removed from this list, you must contact emo@xxxxxxxxxxx to request removal.
--
Wayne Beaton
Director of Open Source Projects | Eclipse Foundation, Inc.
_______________________________________________ eclipse.org-architecture-council mailing list eclipse.org-architecture-council@xxxxxxxxxxx https://www.eclipse.org/mailman/listinfo/eclipse.org-architecture-council IMPORTANT: Membership in this list is generated by processes internal to the Eclipse Foundation. To be permanently removed from this list, you must contact emo@xxxxxxxxxxx to request removal.