> -----Original Message----- > I agree with you about the problem. I have repeatedly suggested that > Apache do code scans on its distributed software so that every downstream > customer doesn't have to do it. But we have neither the interest nor the > money to deal with hypothetical problems in a volunteer environment. We > exercise diligence, but it is rather ad hoc. > > How does Eclipse help solve the problem for its software?
Larry, The Eclipse Foundation has a dedicated staff which does scans on every line of incoming code, including all third-party dependencies no matter how deeply nested. Our IP diligence process is as good as the best practices by large ISVs. You can see a high-level overview at [1] [1] http://www.eclipse.org/legal/EclipseLegalProcessPoster.pdf _______________________________________________ License-discuss mailing list License-discuss@opensource.org http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss
