You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@daffodil.apache.org by Shane Dell <sh...@apache.org> on 2022/08/15 21:25:18 UTC
[VOTE] Release Apache Daffodil VS Code 1.1.0-rc2
Hello all,I'd like to call a vote to release Apache Daffodil VS Code 1.1.0-rc2.
All distribution packages, including signatures, digests, etc. can be
found at:
https://dist.apache.org/repos/dist/dev/daffodil/daffodil-vscode/1.1.0-rc2/
This release has been signed with PGP key
86DDE7B41291E380237934F007570D3ADC76D51B, corresponding
to shanedell@apache.org, which is included in the KEYS file here:
https://downloads.apache.org/daffodil/KEYS
The release candidate has been tagged in git with 1.1.0-rc2.
For reference, here is a list of all closed GitHub issues tagged with 1.1.0:
https://github.com/apache/daffodil-vscode/milestone/2?closed=1
Please review and vote. The vote will be open for at least 72 hours
(Thursday, 18 August 2022, 5:30pm EST).
[ ] +1 approve
[ ] +0 no opinion
[ ] -1 disapprove (and reason why)
Thank you,
- Shane Dell
Re: [VOTE] Release Apache Daffodil VS Code 1.1.0-rc2
Posted by Shane Dell <sh...@apache.org>.
+1 binding. For me I was able to successfully debug multiple different schemas like ethernet
and pcap. I was also able to successfully test out the initial omega-edit client, believe it is a
good first implementation of the client. I do agree with Steve and Mike on there points for items
that can be added or fixed, believe these will be added as issues in GitHub and added to
another milestone.
On 2022/08/19 18:17:38 Steve Lawrence wrote:
> +1 (binding)
>
> I marked four checks as MINOR and I'm fine with them being fixed prior
> to the release (website link update & issues without milestone) or in
> the next release (license issue, yarn audit CVE)
>
> I checked:
>
> [OK] hashes and signatures of source and helper binaries are correct
> [OK] signature of git tag is correct
> [OK] source release matches git tag
> [OK] source compiles using yarn package
> [OK] compiled source matches convenience binary exactly (except for
> timestamps in zip file)
> [OK] RAT check passes
> [OK] no unexpected binaries in source
> [OK] vsix installs without error
> [MINOR] No open CVE's found using sbt-dependency-check plugin and yarn
> audit (except for false positives)
> - yarn audit found one open CVE with Terser regeular expressions, but
> it is via a dependency with webpack which is only a dev dependency,
> so less of an issue. We should try to upgrade webpack for future
> releases, maybe it'll go away
> [MINOR] Page for release published on website
> - Page still links to rc1 release, but I was able to download files
> from the VOTE email. Make sure to update this page as part of the
> final release process, and in the future anytime we do a new rc
> [MINOR] src and binaries include correct LICENSE/NOTICE
> - The build/extension.webpack.config.js file is marked as MIT from
> Microsoft, but is not listed in the LICENSE file. This MS license
> and other files are listed so we're just missing this one
> [MINOR] no closed issues without a milestone
> - There's a handful of issues that have been closed but have not been
> assigned a milestone. Were they all closed as part of 1.1.0? Can
> they be added to this milestone?
>
>
> https://github.com/apache/daffodil-vscode/issues?q=is%3Aissue+is%3Aclosed+no%3Amilestone
>
>
> On 8/15/22 5:25 PM, Shane Dell wrote:
> > Hello all,I'd like to call a vote to release Apache Daffodil VS Code 1.1.0-rc2.
> >
> > All distribution packages, including signatures, digests, etc. can be
> > found at:
> > https://dist.apache.org/repos/dist/dev/daffodil/daffodil-vscode/1.1.0-rc2/
> >
> > This release has been signed with PGP key
> > 86DDE7B41291E380237934F007570D3ADC76D51B, corresponding
> > to shanedell@apache.org, which is included in the KEYS file here:
> > https://downloads.apache.org/daffodil/KEYS
> >
> > The release candidate has been tagged in git with 1.1.0-rc2.
> >
> > For reference, here is a list of all closed GitHub issues tagged with 1.1.0:
> > https://github.com/apache/daffodil-vscode/milestone/2?closed=1
> >
> > Please review and vote. The vote will be open for at least 72 hours
> > (Thursday, 18 August 2022, 5:30pm EST).
> >
> > [ ] +1 approve
> > [ ] +0 no opinion
> > [ ] -1 disapprove (and reason why)
> >
> > Thank you,
> >
> > - Shane Dell
> >
>
>
Re: [VOTE] Release Apache Daffodil VS Code 1.1.0-rc2
Posted by Steve Lawrence <sl...@apache.org>.
+1 (binding)
I marked four checks as MINOR and I'm fine with them being fixed prior
to the release (website link update & issues without milestone) or in
the next release (license issue, yarn audit CVE)
I checked:
[OK] hashes and signatures of source and helper binaries are correct
[OK] signature of git tag is correct
[OK] source release matches git tag
[OK] source compiles using yarn package
[OK] compiled source matches convenience binary exactly (except for
timestamps in zip file)
[OK] RAT check passes
[OK] no unexpected binaries in source
[OK] vsix installs without error
[MINOR] No open CVE's found using sbt-dependency-check plugin and yarn
audit (except for false positives)
- yarn audit found one open CVE with Terser regeular expressions, but
it is via a dependency with webpack which is only a dev dependency,
so less of an issue. We should try to upgrade webpack for future
releases, maybe it'll go away
[MINOR] Page for release published on website
- Page still links to rc1 release, but I was able to download files
from the VOTE email. Make sure to update this page as part of the
final release process, and in the future anytime we do a new rc
[MINOR] src and binaries include correct LICENSE/NOTICE
- The build/extension.webpack.config.js file is marked as MIT from
Microsoft, but is not listed in the LICENSE file. This MS license
and other files are listed so we're just missing this one
[MINOR] no closed issues without a milestone
- There's a handful of issues that have been closed but have not been
assigned a milestone. Were they all closed as part of 1.1.0? Can
they be added to this milestone?
https://github.com/apache/daffodil-vscode/issues?q=is%3Aissue+is%3Aclosed+no%3Amilestone
On 8/15/22 5:25 PM, Shane Dell wrote:
> Hello all,I'd like to call a vote to release Apache Daffodil VS Code 1.1.0-rc2.
>
> All distribution packages, including signatures, digests, etc. can be
> found at:
> https://dist.apache.org/repos/dist/dev/daffodil/daffodil-vscode/1.1.0-rc2/
>
> This release has been signed with PGP key
> 86DDE7B41291E380237934F007570D3ADC76D51B, corresponding
> to shanedell@apache.org, which is included in the KEYS file here:
> https://downloads.apache.org/daffodil/KEYS
>
> The release candidate has been tagged in git with 1.1.0-rc2.
>
> For reference, here is a list of all closed GitHub issues tagged with 1.1.0:
> https://github.com/apache/daffodil-vscode/milestone/2?closed=1
>
> Please review and vote. The vote will be open for at least 72 hours
> (Thursday, 18 August 2022, 5:30pm EST).
>
> [ ] +1 approve
> [ ] +0 no opinion
> [ ] -1 disapprove (and reason why)
>
> Thank you,
>
> - Shane Dell
>
Re: [VOTE] Release Apache Daffodil VS Code 1.1.0-rc2
Posted by Mike Beckerle <mb...@apache.org>.
+1 from me.
I did not examine this release for any of the formal requirements
(licenses, depenency info, etc.).
I just looked at it from functional QA perspective.
I installed and tested this on the PCAP schema from github DFDLSchemas.
This requires a component schema which is also at DFDLSchemas ethernetIP.
You must clone both, and for ethernetIP you must 'sbt publishLocal'
Then, after some launch.json trickery, I was able to enjoy debugging this,
stepping in all parts of it, breakpointing anywhere in it, etc.
Separate email I'll try to capture a few nits I observed that aren't worth
including right here.
I want to try this on some bigger schemas I'm working on, and on
mil-std-2045 schema (also on github). But those require the bleeding edge
daffodil 3.4.0-SNAPSHOT, so I need instructions on how to run the vscode
debugger and point it at my own server from my daffodil build.
The launch.json I used is attached in case anyone wants to see how I did
this
On Mon, Aug 15, 2022 at 5:26 PM Shane Dell <sh...@apache.org> wrote:
> Hello all,I'd like to call a vote to release Apache Daffodil VS Code
> 1.1.0-rc2.
>
> All distribution packages, including signatures, digests, etc. can be
> found at:
> https://dist.apache.org/repos/dist/dev/daffodil/daffodil-vscode/1.1.0-rc2/
>
> This release has been signed with PGP key
> 86DDE7B41291E380237934F007570D3ADC76D51B, corresponding
> to shanedell@apache.org, which is included in the KEYS file here:
> https://downloads.apache.org/daffodil/KEYS
>
> The release candidate has been tagged in git with 1.1.0-rc2.
>
> For reference, here is a list of all closed GitHub issues tagged with
> 1.1.0:
> https://github.com/apache/daffodil-vscode/milestone/2?closed=1
>
> Please review and vote. The vote will be open for at least 72 hours
> (Thursday, 18 August 2022, 5:30pm EST).
>
> [ ] +1 approve
> [ ] +0 no opinion
> [ ] -1 disapprove (and reason why)
>
> Thank you,
>
> - Shane Dell
>