Skip to main content

TRG 7.04 - IP checks for 3rd party content

StatusCreatedPost-History
Active13-Apr-2023Moved from OSS Development

Why

Eclipse Tractus-X is an open source project hosted by the Eclipse Foundation licensed under the Apache License 2.0. The legal obligations of the content must be observed in all forms of which the content is available.

This page contains information about legal obligations and checks of your 3rd party content. The source of truth is always the Eclipse Foundation Project Handbook.

info

The requirements described here must be met for each contribution.

Description

The term third-party content refers to any content that is leveraged by the Eclipse project that is not produced and/or maintained as an asset of the project. This includes content from other Eclipse projects. See the complete explanation of third-party content.

All third-party content has to be checked and approved by the Eclipse Foundation IP Team. There are two ways:

  • Creating an IP issue manually (e.g. fonts, images, ...)
  • Using the Eclipse Dash License Tool to creat IP issues in an automated way (libraries)

All third party content used has to be documented in the NOTICE file or in the DEPENDENCY file. Further information

info

Only project committers can open IP issues, manually or via the Dash Tool!

Checking libraries using the Eclipse Dash License Tool

You can request the status of your used libraries via the Dash Licence Tool, see also the handbook.

Steps:

  • Download the latest version: README => Get It => Download Link
  • For every repository / technology:
    • Create the list of transitive dependencies, see the README
    • Run the Dash Tool with the parameters "-project automotive.tractusx" and "-summary DEPENDENCIES" (or use the maven plugin)
  • Check for libraries with status "rejected" in the DEPENDENCIES file, if present, the dependency cannot be used and has to be removed.
  • Check for libraries with status "restricted", if so request checks by automatically creating issues via the Dash Tool:
    • include the -review option;
    • pass the API token via the -token option; and
    • pass the project id via the -project option.
  • Create an issue in YOUR repository with the links to the IP Lab issues, Example
  • Track your issues
  • Provide support if an issue is labeled with "Help wanted"
  • Add the summary as DEPENDENCY file to the according repository (root level)

Example usage:

Make sure to also include test dependencies. For a maven-based java project you can configure the maven plugin as follows to include test-dependencies:

      <pluginRepositories>
        <pluginRepository>
          <id>dash-licenses</id>
          <url>https://repo.eclipse.org/content/repositories/dash-licenses/</url>
          <snapshots>
            <enabled>true</enabled>
          </snapshots>
        </pluginRepository>
      </pluginRepositories>
      <!-- other stuff -->
      <build>
        <plugin>
          <groupId>org.eclipse.dash</groupId>
          <artifactId>license-tool-plugin</artifactId>
          <!-- see https://repo.eclipse.org/content/repositories/dash-licenses/org/eclipse/dash/license-tool-plugin/ -->
          <version>1.0.2</version>
          <configuration>
            <projectId>automotive.tractusx</projectId>
            <!-- name of dependencies file -->
            <summary>DEPENDENCIES</summary>
            <!-- include test dependencies -->
            <includeScope>test</includeScope>
          </configuration>
          <executions>
            <execution>
              <id>license-check</id>
              <goals>
                <goal>license-check</goal>
              </goals>
            </execution>
          </executions>
        </plugin>
      </build>

You then can invoke the plugin from command line as follows:

# same directory as you pom.xml
mvn org.eclipse.dash:license-tool-plugin:license-check

Important Notes:

  • Get your API Token (see README of the Dash Tool), note that only committers can get an API Token
  • Do NOT share your API Token!
  • DO NOT integrate into automatic builds the "Automatic IP Team Review Requests" (creation of ip tickets: " -review option") via your personal API Token
  • To integrate in your automatic builds: request a dash-bot via the EF Helpdesk.

Checking other content (fonts, images, ...)

Other 3rd party content, e.g. fonts, icons, images has also to be approved by the Eclipse Foundation IP Team. See here for more information to create an IP issue manually.

If the content is approved add the information to the NOTICE file.

Example for third party icons:

feather (4.29)
    * License: MIT License
    * Licence Path: https://github.com/feathericons/feather/blob/master/LICENSE
    * Project URL: https://feathericons.com/
    * Source URL: https://github.com/feathericons/feather

Example for a third party library:

jcl-over-slf4j-1.7.25.jar (1.7.25)
    * License: MIT License
    * Licence Path: https://www.slf4j.org/license.html
    * Project URL:  https://www.slf4j.org
    * Source URL:   https://github.com/qos-ch/slf4j