Eclipse Management Organization's blog

Denis Roy, the Eclipse Foundation’s IT Director, delivered a brief presentation on the latest IT updates, followed by a Q&A session.

In this session, we discuss marketing services offered to Eclipse open source projects

In this session, guest speaker Marta Rybczynska from the Eclipse Security Team started with a refresher on the vulnerability reporting and handling process from the committer’s perspective. Then she reviewed take-aways from the new CNA rules covering common situations, including how you determine whether or not a specific bug is...

Recent changes to the code signing services, specifically for JAR signing and Windows Authenticode, have led to performance issues in CI builds. Let’s explore strategies to mitigate these issues and outline our remediation plan. The Eclipse Foundation will soon enable GitHub configuration self-service (also known as Eclipse OtterDog) for all...

In this session, we presented the Eclipse Foundation’s Generative Artificial Intelligence Usage Guidelines for Eclipse Committers. There is some discussion about copyright in the context of GPT technologies, but the primary focus is the guidelines themselves. Bear in mind that Wayne is not a lawyer, and nothing that we present...

During this session, we tackled some frequently asked questions, including discussion of merit for committer elections, various roles that are (and are not) part of the Eclipse Foundation Development Process, and more. Notes Committer Elections Project Roles

IPLab is what we call the combination of the GitLab repository that we’ve set up for committers to use to engage in intellectual property due diligence review and the automated processes that support the IP due diligence process. In this session, we focus on manual creation of reviews, which is...

Our topic this month was a general update in which we touched briefly on multiple topics including project metadata, our IP due diligence process, the Eclipse Dash License Tool, IPLab, SBOMs, security and more.

During this week’s (online) office hours, we spent a few minutes reminding committers of the services that we make available for Eclipse committers to help reduce the burden of intellectual property management. Specifically, we discussed the processes and tools that we have in place to help with due diligence review...

Generating SBOMs directly as part of your build, and (at least in the case of Maven) sharing them to the software repository is relatively straightforward. To really leverage the the tools to generate SBOMs, however, we need your help to tighten up the metadata captured in your build scripts (e.g...