org.eclipse.dash.handbook issueshttps://gitlab.eclipse.org/eclipse/technology/dash/org.eclipse.dash.handbook/-/issues2020-11-25T19:37:31Zhttps://gitlab.eclipse.org/eclipse/technology/dash/org.eclipse.dash.handbook/-/issues/136Provide help to determine whether or not a CVE is warranted2020-11-25T19:37:31ZEclipse WebmasterProvide help to determine whether or not a CVE is warranted## Submitted by Wayne Beaton `@wbeaton`
**[Link to original bug (#558854)](https://bugs.eclipse.org/bugs/show_bug.cgi?id=558854)**
## Description
A CVE is generally warranted when a vulnerability is identified in released code. The ...## Submitted by Wayne Beaton `@wbeaton`
**[Link to original bug (#558854)](https://bugs.eclipse.org/bugs/show_bug.cgi?id=558854)**
## Description
A CVE is generally warranted when a vulnerability is identified in released code. The converse is that a CVE is generally not warranted for a vulnerability detected in a random commit or milestone build; though, there is some grey area.
We need more here.https://gitlab.eclipse.org/eclipse/technology/dash/org.eclipse.dash.handbook/-/issues/135Update content regarding the Eclipse DockerHub organization2020-11-25T19:37:29ZEclipse WebmasterUpdate content regarding the Eclipse DockerHub organization## Submitted by Wayne Beaton `@wbeaton`
**[Link to original bug (#558443)](https://bugs.eclipse.org/bugs/show_bug.cgi?id=558443)**
## Description
Per [Bug 500937](https://bugs.eclipse.org/bugs/show_bug.cgi?id=500937) Comment 14, the...## Submitted by Wayne Beaton `@wbeaton`
**[Link to original bug (#558443)](https://bugs.eclipse.org/bugs/show_bug.cgi?id=558443)**
## Description
Per [Bug 500937](https://bugs.eclipse.org/bugs/show_bug.cgi?id=500937) Comment 14, the process by which we manage the Eclipse DockerHub organization has changed. We need to update the documentation accordingly. Setting this to major as the information in the handbook is currently incorrect.
### Depends on
* [Bug 500937](https://bugs.eclipse.org/bugs/show_bug.cgi?id=500937)https://gitlab.eclipse.org/eclipse/technology/dash/org.eclipse.dash.handbook/-/issues/134Update the IP Due Diligence Process documentation in light of October 2019 IP...2020-11-25T19:37:27ZEclipse WebmasterUpdate the IP Due Diligence Process documentation in light of October 2019 IP Policy updates## Submitted by Wayne Beaton `@wbeaton`
**[Link to original bug (#553649)](https://bugs.eclipse.org/bugs/show_bug.cgi?id=553649)**
## Description
We need to update the documentation.
The gist is:
* Generate a dependency list
* Sca...## Submitted by Wayne Beaton `@wbeaton`
**[Link to original bug (#553649)](https://bugs.eclipse.org/bugs/show_bug.cgi?id=553649)**
## Description
We need to update the documentation.
The gist is:
* Generate a dependency list
* Scan the list to flag those entries that are "problematic"
* Engage with the IP Team to resolve those problematic entries
* Profit.
Obviously, more detail is required. I'll capture that detail here.
We intend to support the scanning part (bullet #2) by providing a tool. This is tracked in [Bug 553016](https://bugs.eclipse.org/bugs/show_bug.cgi?id=553016). I may make that bug a blocker (theoretically, we can do this without a tool, but a tool will certainly make it easier).
### Blocking
* [Bug 552967](https://bugs.eclipse.org/bugs/show_bug.cgi?id=552967)https://gitlab.eclipse.org/eclipse/technology/dash/org.eclipse.dash.handbook/-/issues/133Provide guidance regarding what constitutes "cryptography"2020-11-25T19:37:26ZEclipse WebmasterProvide guidance regarding what constitutes "cryptography"## Submitted by Wayne Beaton `@wbeaton`
**[Link to original bug (#552763)](https://bugs.eclipse.org/bugs/show_bug.cgi?id=552763)**
## Description
We are required to report use of cryptography to the US government. In order to do thi...## Submitted by Wayne Beaton `@wbeaton`
**[Link to original bug (#552763)](https://bugs.eclipse.org/bugs/show_bug.cgi?id=552763)**
## Description
We are required to report use of cryptography to the US government. In order to do this, we must track the use of cryptography. Currently, we do this via IPzilla by marking project code and third party CQs with the cryptography keyword.
Use of cryptography takes two forms: either the project implements a cryptographic algorithm itself or it leverages third party content that does.
At this point, I'm not quite sure how to expand on that, but we need something better than "I'll know cryptography when I see it".
We need to add content to the handbook to discuss what constitutes cryptography and how to keep track of it (open a CQ).https://gitlab.eclipse.org/eclipse/technology/dash/org.eclipse.dash.handbook/-/issues/132Add content supporting specification projects to the handbook2020-11-25T19:37:24ZEclipse WebmasterAdd content supporting specification projects to the handbook## Submitted by Wayne Beaton `@wbeaton`
**[Link to original bug (#552040)](https://bugs.eclipse.org/bugs/show_bug.cgi?id=552040)**
## Description
For example...
For release reviews, specification projects require a ballot of the sp...## Submitted by Wayne Beaton `@wbeaton`
**[Link to original bug (#552040)](https://bugs.eclipse.org/bugs/show_bug.cgi?id=552040)**
## Description
For example...
For release reviews, specification projects require a ballot of the specification committee. My current thinking is that the EMO will request that the specification committee initiate the ballot.
Project teams should also anticipate the extra time required to complete the release review. Ballots require a minimum of two weeks and may be extended to 30 days.https://gitlab.eclipse.org/eclipse/technology/dash/org.eclipse.dash.handbook/-/issues/131Consider moving Committer Due Diligence Guidelines into the handbook2020-11-25T19:37:22ZEclipse WebmasterConsider moving Committer Due Diligence Guidelines into the handbook## Submitted by Wayne Beaton `@wbeaton`
**[Link to original bug (#549686)](https://bugs.eclipse.org/bugs/show_bug.cgi?id=549686)**
## Description
The Committer Due Diligence Guidelines content is likely a good fit for the handbook.## Submitted by Wayne Beaton `@wbeaton`
**[Link to original bug (#549686)](https://bugs.eclipse.org/bugs/show_bug.cgi?id=549686)**
## Description
The Committer Due Diligence Guidelines content is likely a good fit for the handbook.https://gitlab.eclipse.org/eclipse/technology/dash/org.eclipse.dash.handbook/-/issues/130Projects names may use a Working Group's brand2020-11-25T19:37:21ZEclipse WebmasterProjects names may use a Working Group's brand## Submitted by Wayne Beaton `@wbeaton`
**[Link to original bug (#549231)](https://bugs.eclipse.org/bugs/show_bug.cgi?id=549231)**
## Description
The handbook states (in part):
--
The primary branding for any project name is fully-...## Submitted by Wayne Beaton `@wbeaton`
**[Link to original bug (#549231)](https://bugs.eclipse.org/bugs/show_bug.cgi?id=549231)**
## Description
The handbook states (in part):
--
The primary branding for any project name is fully-qualified formal name which includes the "Eclipse" prefix
--
The fully-qualified formal name may, with approval from a working group, use that working group's brand (e.g. "Jakarta Batch"). So... the formal name must have *an* Eclipse Foundation brand as a prefix.https://gitlab.eclipse.org/eclipse/technology/dash/org.eclipse.dash.handbook/-/issues/129Describe the charts that we render for each project2020-11-25T19:37:19ZEclipse WebmasterDescribe the charts that we render for each project## Submitted by Wayne Beaton `@wbeaton`
**[Link to original bug (#544357)](https://bugs.eclipse.org/bugs/show_bug.cgi?id=544357)**
## Description
We should describe, for example, that only member companies are listed and that commit...## Submitted by Wayne Beaton `@wbeaton`
**[Link to original bug (#544357)](https://bugs.eclipse.org/bugs/show_bug.cgi?id=544357)**
## Description
We should describe, for example, that only member companies are listed and that committers who do not work for a member company are listed as "unaffiliated".
Q: what do I do if my contributions are not being properly attributed to my company?
A: Set your company affiliation in accounts.eclipse.orghttps://gitlab.eclipse.org/eclipse/technology/dash/org.eclipse.dash.handbook/-/issues/128Add advice regarding releasing parts of a project2020-11-25T19:37:17ZEclipse WebmasterAdd advice regarding releasing parts of a project## Submitted by Wayne Beaton `@wbeaton`
**[Link to original bug (#544297)](https://bugs.eclipse.org/bugs/show_bug.cgi?id=544297)**
## Description
It's relatively rare, but some projects need to release parts of their project. Projec...## Submitted by Wayne Beaton `@wbeaton`
**[Link to original bug (#544297)](https://bugs.eclipse.org/bugs/show_bug.cgi?id=544297)**
## Description
It's relatively rare, but some projects need to release parts of their project. Projects that make a habit of this sort of behaviour should probably consider refactoring (i.e. if you're releasing components on different schedules, should those components be separate projects?).
Here's part of an email that I sent to a committer.
--
To do a formal release, you need to first create a release record. You can put arbitrary text into the release name, so you could, for example, call a release "glassfish-doc-plugin 1.0" and then engage in the release process with that. The only real challenge in this is to ensure that it doesn't confuse the community or the development team.
Note that we made a change to the EDP in December that lets a project push out releases for a year after engaging in a successful Release or Progress Review. So you don't actually need to submit an IP Log for review or engage in a Release Review. Just create the release record and push out your bits. Any IP reviews associated with the content that you're pushing out need to be fully resolved before you push out anything that is considered an official release.
FWIW, you can also just build and push the new content to Maven labeled as a "milestone" build (or "alpha", "beta", "SNAPSHOT", whatever) of the forthcoming Eclipse GlassFish 5.2 release (e.g. set the version of the Maven record to "5.2M1" or something).
From a process point-of-view, you could also create an "Eclipse GlassFish 5.1.1" release that includes all of the exact same versions of software Eclipse GlassFish 5.1 has plus this plug-in. There's no rule that says that you have to rebuild everything, or that every software component share the same version as the associated Eclipse Project release (for example, the Eclipse IDE project only builds new versions of their plug-ins that actually change; "Eclipse IDE 4.10" includes plug-ins with a very wide range of version numbers). Again, it's really all about managing community confusion.
--
Eclipse MicroProfile also does this, so there might be an opportunity to scavenge some text from email exchanges with that team.
--https://gitlab.eclipse.org/eclipse/technology/dash/org.eclipse.dash.handbook/-/issues/127Add content describing how project team can receive (significant) code contri...2020-11-25T19:37:16ZEclipse WebmasterAdd content describing how project team can receive (significant) code contributions## Submitted by Wayne Beaton `@wbeaton`
**[Link to original bug (#543503)](https://bugs.eclipse.org/bugs/show_bug.cgi?id=543503)**
## Description
Starting point:
--
1) Contributors make some sort of public announcement that the con...## Submitted by Wayne Beaton `@wbeaton`
**[Link to original bug (#543503)](https://bugs.eclipse.org/bugs/show_bug.cgi?id=543503)**
## Description
Starting point:
--
1) Contributors make some sort of public announcement that the content will be delivered to the project
2) If the source code is not already in a public repository, it will have to be delivered to an existing project committer in some way
3) The source needs to be handed off to the IP Team for their review as a "project code" contribution to an existing project
4) Any developers who are coming to the project along with the code need to be voted in as committers
5) When the IP Team gives the go-ahead, either the existing public repository needs to be moved to the Eclipse Foundation, or a new repository can be created and used as a home for the code.
--https://gitlab.eclipse.org/eclipse/technology/dash/org.eclipse.dash.handbook/-/issues/126Add content to help committers with hosted services/Google Analytics on a pro...2022-06-16T21:06:33ZEclipse WebmasterAdd content to help committers with hosted services/Google Analytics on a project website## Submitted by Wayne Beaton `@wbeaton`
**[Link to original bug (#542526)](https://bugs.eclipse.org/bugs/show_bug.cgi?id=542526)**
## Description
We should include more information about hosted services in general and the use of Goo...## Submitted by Wayne Beaton `@wbeaton`
**[Link to original bug (#542526)](https://bugs.eclipse.org/bugs/show_bug.cgi?id=542526)**
## Description
We should include more information about hosted services in general and the use of Google Analytics in particular to the Eclipse Project Handbook. This probably fits best in the "Resources" section.
Useful resources:
* Mike's statement on the topic [0]
* Chris' blog entry on the topic [1]
* Eclipse Foundation Hosted Services Privacy and Acceptable Usage Policy [2]
I'll take a pass at working Chris' blog post and Mike's statement into handbook content.
[0] https://bugs.eclipse.org/bugs/show_bug.cgi?id=534384#c6
[1] https://blogs.eclipse.org/post/christopher-guindon/eclipse-foundation-hosted-services-privacy-and-acceptable-usage-policy
[2] https://www.eclipse.org/org/documents/eclipse-foundation-hosted-services-privacy-and-acceptable-usage-policy.pdfhttps://gitlab.eclipse.org/eclipse/technology/dash/org.eclipse.dash.handbook/-/issues/125Migrate "Changing Leadership" content to the Handbook2020-11-25T19:37:13ZEclipse WebmasterMigrate "Changing Leadership" content to the Handbook## Submitted by Wayne Beaton `@wbeaton`
**[Link to original bug (#539976)](https://bugs.eclipse.org/bugs/show_bug.cgi?id=539976)**
## Description
I'm not sure how much additional information is on this page, but we should move anyth...## Submitted by Wayne Beaton `@wbeaton`
**[Link to original bug (#539976)](https://bugs.eclipse.org/bugs/show_bug.cgi?id=539976)**
## Description
I'm not sure how much additional information is on this page, but we should move anything that is useful to the handbook.https://gitlab.eclipse.org/eclipse/technology/dash/org.eclipse.dash.handbook/-/issues/124Cannot submit a CQ for WTP from the PMI (but I can submit for a subproject)2020-11-25T19:37:11ZEclipse WebmasterCannot submit a CQ for WTP from the PMI (but I can submit for a subproject)## Submitted by Nick Boldt
**[Link to original bug (#539759)](https://bugs.eclipse.org/bugs/show_bug.cgi?id=539759)**
## Description
So, I read through the instructions here [1] and tried to find the "Committer Tools › Intellectual ...## Submitted by Nick Boldt
**[Link to original bug (#539759)](https://bugs.eclipse.org/bugs/show_bug.cgi?id=539759)**
## Description
So, I read through the instructions here [1] and tried to find the "Committer Tools › Intellectual Property" section on the WTP [2] site but despite being a committer on those projects I was unable to get a link to the CQ submission process.
[1] https://www.eclipse.org/projects/handbook/#pmi-commands-cq
[2] https://projects.eclipse.org/projects/webtools
Turns out the issue is that I'm not a committer for WTP, but for several of its subprojects, such as Dali [3].
[3] https://projects.eclipse.org/projects/webtools.dali
So perhaps it should be mentioned in the Projects Handbook that you might have to navigate down to a subproject before you can submit a CQ?https://gitlab.eclipse.org/eclipse/technology/dash/org.eclipse.dash.handbook/-/issues/123Describe how to obsolete CQs2020-11-25T19:37:09ZEclipse WebmasterDescribe how to obsolete CQs## Submitted by Wayne Beaton `@wbeaton`
**[Link to original bug (#539638)](https://bugs.eclipse.org/bugs/show_bug.cgi?id=539638)**
## Description
Over time, it is natural for third party dependencies that had been used by a project ...## Submitted by Wayne Beaton `@wbeaton`
**[Link to original bug (#539638)](https://bugs.eclipse.org/bugs/show_bug.cgi?id=539638)**
## Description
Over time, it is natural for third party dependencies that had been used by a project to become obsolete. We need to describe how to mark these obsolete CQs.
The current process is to inform the IP Team and they'll update the records.
We need to describe this in the handbook.https://gitlab.eclipse.org/eclipse/technology/dash/org.eclipse.dash.handbook/-/issues/122Update the Bylaws link2020-11-25T19:37:07ZEclipse WebmasterUpdate the Bylaws link## Submitted by Wayne Beaton `@wbeaton`
**[Link to original bug (#538667)](https://bugs.eclipse.org/bugs/show_bug.cgi?id=538667)**
## Description
Once we've confirmed the new permanent address for the Bylaws, let's update the handbo...## Submitted by Wayne Beaton `@wbeaton`
**[Link to original bug (#538667)](https://bugs.eclipse.org/bugs/show_bug.cgi?id=538667)**
## Description
Once we've confirmed the new permanent address for the Bylaws, let's update the handbook.
### Depends on
* [Bug 499704](https://bugs.eclipse.org/bugs/show_bug.cgi?id=499704)https://gitlab.eclipse.org/eclipse/technology/dash/org.eclipse.dash.handbook/-/issues/121Include instructions for building a Hugo-based project website in the handbook2020-11-25T19:37:05ZEclipse WebmasterInclude instructions for building a Hugo-based project website in the handbook## Submitted by Wayne Beaton `@wbeaton`
**[Link to original bug (#538665)](https://bugs.eclipse.org/bugs/show_bug.cgi?id=538665)**
## Description
Cribbed from a thread on the incubation mailing list:
--
I recommend using our eclips...## Submitted by Wayne Beaton `@wbeaton`
**[Link to original bug (#538665)](https://bugs.eclipse.org/bugs/show_bug.cgi?id=538665)**
## Description
Cribbed from a thread on the incubation mailing list:
--
I recommend using our eclipsefdn-hugo-solstice-theme to get started since it includes all the Eclipse Foundation project website requirements such as our cookie consent banner and our google tag manager ID.
Hugo is very flexible content management system. For example, iot.eclipse.org is now built using our eclipsefdn-hugo-solstice-theme without the usual EF look and feel.
If you are looking for example on how to setup your project, I would recommend taking a look at the following website git repos:
jakarta.ee https://github.com/jakartaee/jakartaee.github.io
iot.eclipse.org https://github.com/EclipseFdn/iot.eclipse.org
Our Hugo projects are using NPM to manage dependencies, such as our theme:
https://www.npmjs.com/package/eclipsefdn-hugo-solstice-theme
You can install the latest version of the theme via the following command:
npm install eclipsefdn-hugo-solstice-theme --save
The source code of our theme includes a website example via the exampleSite folder:
https://github.com/EclipseFdn/hugo-solstice-theme/tree/master/exampleSite
If you chose to install our theme using NPM, you will need to update the themeDir variable in your config.toml file to let Hugo know where to find your theme:
themesDir = "node_modules/"
--https://gitlab.eclipse.org/eclipse/technology/dash/org.eclipse.dash.handbook/-/issues/120Add the Eclipse Foundations project server policy to the handbook2024-01-15T20:53:51ZEclipse WebmasterAdd the Eclipse Foundations project server policy to the handbook## Submitted by Eclipse Webmaster `@webmaster`
**[Link to original bug (#538607)](https://bugs.eclipse.org/bugs/show_bug.cgi?id=538607)**
## Description
We've created the following policy for virtual machines provided by the Eclipse...## Submitted by Eclipse Webmaster `@webmaster`
**[Link to original bug (#538607)](https://bugs.eclipse.org/bugs/show_bug.cgi?id=538607)**
## Description
We've created the following policy for virtual machines provided by the Eclipse Foundation.
`<----- Begin Policy ---->`
Project Server Policy
By operating a virtual server hosted either directly by the Eclipse Foundation or provided via the Eclipse Foundation’s funding in support of an Eclipse Foundation open source project to which you are a committer, you agree to the following:
1)To respond within 30 days to written requests eclipse.org-gdpr@eclipse.org to delete accounts or make user data available to the specific user in question. Server maintainers must subscribe to this list.
2)To collect only as much information is required to process the user’s request and to securely dispose of it when no longer required.
3)To make the contents of the server available for auditing should the need arise, and to provide support as required in order to carry out the audit process.
4)To take reasonable security precautions to prevent unauthorized access, and to notify the Eclipse Foundation (via privacy@eclipse.org) immediately if you suspect a security breach of any kind. Be sure to include the nature and scope of the suspected breach.
5)To ensure all web pages related to operation of the server use either the standard Eclipse.org footer template, or a footer that prominently contains a copyright notice, and the following set of links:
1) Main Eclipse Foundation website (http://www.eclipse.org)
2) Privacy policy (http://www.eclipse.org/legal/privacy.php)
3) Website terms of use (http://www.eclipse.org/legal/termsofuse.php)
4) Copyright agent (http://www.eclipse.org/legal/copyright.php)
5) Legal (http://www.eclipse.org/legal)
6)To ensure explicit consent has been given by the user before you can start using cookies. This requirement also includes cookies used by 3rd party services such as, but not limited to: Google Tag Manager, and social media widgets.
7)To ensure webpages related to the services being offered are fully compliant with the GDPR regulations
8)To not collect or track user activity on Eclipse Foundation-owned domains.
9)Google Analytics codes that do not belong the the Eclipse Foundation are prohibited
Failure to comply with this Policy may result in the server or funding in question being terminated without notice.
`<-------- End Policy ------>`
### Blocking
* [Bug 534384](https://bugs.eclipse.org/bugs/show_bug.cgi?id=534384)
### See also
* https://bugs.eclipse.org/bugs/show_bug.cgi?id=552136https://gitlab.eclipse.org/eclipse/technology/dash/org.eclipse.dash.handbook/-/issues/119Add a section that describes how to be a member of the Architecture Council2020-11-25T19:37:02ZEclipse WebmasterAdd a section that describes how to be a member of the Architecture Council## Submitted by Wayne Beaton `@wbeaton`
**[Link to original bug (#538428)](https://bugs.eclipse.org/bugs/show_bug.cgi?id=538428)**
## Description
It would be handy to have some content to help Architecture Council members understand...## Submitted by Wayne Beaton `@wbeaton`
**[Link to original bug (#538428)](https://bugs.eclipse.org/bugs/show_bug.cgi?id=538428)**
## Description
It would be handy to have some content to help Architecture Council members understand their role.
e.g.
What does a project mentor do?
How do I become a project mentor?https://gitlab.eclipse.org/eclipse/technology/dash/org.eclipse.dash.handbook/-/issues/118Add discussion regarding trademarks to the "Starting an Open Source Project a...2024-01-15T20:35:32ZEclipse WebmasterAdd discussion regarding trademarks to the "Starting an Open Source Project at Eclipse Foundation" section## Submitted by Wayne Beaton `@wbeaton`
**[Link to original bug (#537997)](https://bugs.eclipse.org/bugs/show_bug.cgi?id=537997)**
## Description
We do have some discussion regarding trademarks in the document (e.g. [1]) and the "St...## Submitted by Wayne Beaton `@wbeaton`
**[Link to original bug (#537997)](https://bugs.eclipse.org/bugs/show_bug.cgi?id=537997)**
## Description
We do have some discussion regarding trademarks in the document (e.g. [1]) and the "Starting an Open..." section [2] does touch on the subject, but more detail will be valuable.
We should, for example, describe the trademark review and transfer process, offer some specific guidance regarding how to select a name, and ensure that the reader is aware that they will need to sign related domain names to the Eclipse Foundation.
It might be valuable to talk about expectations regarding technical namespaces (e.g. that projects should use "org.eclipse.*" for their Java namespace when technically feasible).
[1] https://www.eclipse.org/projects/handbook/#trademarks
[2] https://www.eclipse.org/projects/handbook/#startinghttps://gitlab.eclipse.org/eclipse/technology/dash/org.eclipse.dash.handbook/-/issues/117Project Handbook - reference to employer consent2020-11-25T19:36:57ZEclipse WebmasterProject Handbook - reference to employer consent## Submitted by Mike Milinkovich `@mmilinkovich`
**[Link to original bug (#537539)](https://bugs.eclipse.org/bugs/show_bug.cgi?id=537539)**
## Description
The Project Handbook states:
"Committers must also gain their employers ...## Submitted by Mike Milinkovich `@mmilinkovich`
**[Link to original bug (#537539)](https://bugs.eclipse.org/bugs/show_bug.cgi?id=537539)**
## Description
The Project Handbook states:
"Committers must also gain their employers consent to their participation in Eclipse Foundation open source projects."
This is, of course, true in general. But I just had an interaction with a member company representative that seemed to believe that this mandated the use of the employer consent form. Since we no longer require the ECF, perhaps we could re-word this sentence?