Engage in the Eclipse IP Due Diligence Process

AFAICT, the project team has not yet engaged in the [Eclipse IP Due Diligence Process](https://www.eclipse.org/projects/handbook/#ip).

I took a quick look at this repository to see whether or not I could identify the third-party content that's leveraged by the project. Unfortunately, my knowledge of Gradle is very shallow, so I wasn't able to get as far as I'd hoped with the [Eclipse Dash License Tool](https://github.com/eclipse-dash/dash-licenses) (the results would likely be better with a [`gradle.lockfile`](https://github.com/eclipse-dash/dash-licenses?tab=readme-ov-file#example-gradle-lockfile).

I was able to get something by parsing the results of asking Gradle to list the dependencies:

```
$ ./gradlew dependencies \
| grep -Poh "(?<=\-\-\- ).*" | grep -Pv "$[c\*]$" \
| perl -pe 's/([\w\.\-]+):([\w\.\-]+):(?:[\w\.\-]+ -> )?([\w\.\-]+).*$/$1:$2:$3/gmi;t' \
| grep -v ^project | sort -u \
| java -jar /gitroot/dash-licenses/shaded/target/org.eclipse.dash.licenses-1.1.1-SNAPSHOT.jar -
[main] INFO Querying Eclipse Foundation for license data for 75 items.
[main] INFO Found 30 items.
[main] INFO Querying ClearlyDefined for license data for 45 items.
[main] INFO Found 45 items.
[main] INFO License information could not be automatically verified for the following content:
[main] INFO 
[main] INFO Invalid: org.jetbrains.kotlin:kotlin-reflect -> 2.0.20
[main] INFO maven/mavencentral/org.jetbrains.dokka/all-modules-page-plugin/2.0.0
[main] INFO maven/mavencentral/org.jetbrains.dokka/analysis-kotlin-descriptors/2.0.0
[main] INFO maven/mavencentral/org.jetbrains.dokka/dokka-base/2.0.0
[main] INFO maven/mavencentral/org.jetbrains.dokka/gfm-plugin/2.0.0
[main] INFO maven/mavencentral/org.jetbrains.dokka/gfm-template-processing-plugin/2.0.0
[main] INFO maven/mavencentral/org.jetbrains.dokka/jekyll-plugin/2.0.0
[main] INFO maven/mavencentral/org.jetbrains.dokka/jekyll-template-processing-plugin/2.0.0
[main] INFO maven/mavencentral/org.jetbrains.dokka/templating-plugin/2.0.0
[main] INFO 
[main] INFO This content is either not correctly mapped by the system, or requires review.
```

This means of identifying dependencies is not great, but it does show (I believe) that there are some dependencies that need to be vetted.

I'm pretty sure that Dokka is under the Apache-2.0 licence, but the Eclipse Foundation IP Policy requires that we vet it to make sure.

Note that this is just what I've discovered by taking a naive approach. We need to vet all of the third-party dependencies. Again, my knowledge of how to get this information from Gradle is pretty shallow, so there is most likely a better approach. Using a `gradle.lockfile` as input into the process should yield good results.

The Eclipse Dash Licence Tool has a [feature](https://github.com/eclipse-dash/dash-licenses?tab=readme-ov-file#automatic-ip-team-review-requests) that will help you engage with the IP Team to validate these licences.

Please engage in the IP Due Diligence Process on this repository and all Eclipse LMOS repositories ASAP.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Engage in the Eclipse IP Due Diligence Process #301

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Engage in the Eclipse IP Due Diligence Process #301

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions