Hi Wayne, Thanks for that - in the end I decided, for this release at least, to stick with full due diligence, and just push it back a bit.
But doing a mix of release types in the future sounds interesting. How would that work in practice? Say, we do release 1.0 with type A CQs, then later on we plan a release 2.0 which we want to make a type B release. I assume the existing type A CQs will need to be "upgraded", does that mean resubmitting them, or is there a way to mark an approved type A CQ as "type B review needed"? Thanks, Jeen On Mon, Jul 9, 2018 at 10:22 PM, Wayne Beaton < [email protected]> wrote: > Hi Jeen. > > There is some increased risk associated with the Type A due diligence. > I'll point out, though, that the IP Team has already looked at different > versions of most of the third party content that your project is using, so > the real increase in risk is pretty small. > > Note that it is possible (desirable, even) for a project to engage in some > number of "Type A" releases and then ask the IP Team to engage in Type B > reviews on licensed certified CQs to engage in a "Type B" release. That is, > you can switch the type of due diligence from release to release. If you're > going to do this, it's a really good idea to engage the IP Team early to > let them know what you're planning. > > Wayne > > On Fri, Jul 6, 2018 at 7:36 PM, Jeen Broekstra <[email protected]> > wrote: > >> I need some general advice on type A vs type B CQs and releases, and how >> projects can make use of these types. >> >> I understand (from the project handbook) that the difference is that type >> A is restricted to a license compatibility check while type B is a full due >> diligence on the source code. If a project's release contains type >> A-certified dependencies, that release should be advertised as a type-A >> release. >> >> Previously we have always done full type-B releases of our framework. >> However, we're currently in the middle of prepping a new minor release of >> our project and we've managed to skip/forget logging CQs for a number of >> our (transitive) dependencies. To minimize the risk of missing the release >> deadline, I wonder if I should log the remaining CQs as type A so they get >> approved more quickly, and make it a type-A release as well. Apart from the >> fact that it gives a less strong legal guarantee to our end users, are >> there any downsides to this that I should be aware of? >> >> Cheers, >> >> Jeen >> >> _______________________________________________ >> incubation mailing list >> [email protected] >> To change your delivery options, retrieve your password, or unsubscribe >> from this list, visit >> https://dev.eclipse.org/mailman/listinfo/incubation >> >> > > > -- > Wayne Beaton > Director of Open Source Projects > The Eclipse Foundation > > _______________________________________________ > incubation mailing list > [email protected] > To change your delivery options, retrieve your password, or unsubscribe > from this list, visit > https://dev.eclipse.org/mailman/listinfo/incubation > >
_______________________________________________ incubation mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/incubation
