You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@daffodil.apache.org by Shane Dell <sh...@apache.org> on 2022/12/01 13:40:33 UTC

[VOTE] Apache Daffodil VS Code Extension 1.2.0-rc3

Hello all,I'd like to call a vote to release Apache Daffodil VS Code 1.2.0-rc3.

All distribution packages, including signatures, digests, etc. can be
found at:
https://dist.apache.org/repos/dist/dev/daffodil/daffodil-vscode/1.2.0-rc3/

This release has been signed with PGP key
86DDE7B41291E380237934F007570D3ADC76D51B, corresponding
to shanedell@apache.org, which is included in the KEYS file here:
https://downloads.apache.org/daffodil/KEYS

The release candidate has been tagged in git with 1.2.0-rc3.

For reference, here is a list of all closed GitHub issues tagged with 1.2.0:
https://github.com/apache/daffodil-vscode/milestone/3?closed=1

Please review and vote. The vote will be open for at least 72 hours
(Tuesday, 6 December 2022, 9:00am EST).

[ ] +1 approve
[ ] +0 no opinion
[ ] -1 disapprove (and reason why)

Thank you,

- Shane Dell

Re: [VOTE] Apache Daffodil VS Code Extension 1.2.0-rc3

Posted by Steve Lawrence <st...@gmail.com>.
Yep, sounds good to me!

On 12/6/22 2:14 PM, Shane Dell wrote:
> Steve,
> 
> I can mark those two issue as closed in 1.2.0. I apologize for not updating the site with the rc3
> links it completely slipped my mind, I will make sure to update those in the final release process
> Then if it works for you I will take your other issues and add them as GitHub issues and make
> sure they are marked for the 1.3.0 milestone, does this work for you?
> 
> Thank you,
> 
> Shane Dell
> 
> On 2022/12/06 19:03:00 Steve Lawrence wrote:
>> +1 (binding)
>>
>> Four checks I marked as MINOR and I'm fine with them being fixed prior
>> to the release (website link update & issues without milestone) or in
>> the next release (license issue, yarn audit CVE).
>>
>> I checked:
>>
>> [OK] hashes and signatures of source and helper binaries are correct
>> [OK] signature of git tag is correct
>> [OK] source release matches git tag
>> [OK] source compiles using yarn package
>> [OK] compiled source matches convenience binary exactly (except for
>> timestamps in zip file)
>> [OK] RAT check passes
>> [OK] no unexpected binaries in source
>> [OK] vsix installs without error
>>
>> [MINOR] Page for release published on website
>>     Page still links to rc2 release, but I was able to download files
>>     from the VOTE mail. Make sure to update this page as part of the
>>     final release process. And the VOTE email should link to the site
>>     page instead of directly to the artifacts--this way we can review
>>     the planned release notes.
>>
>> [MIONR] No open CVE's found using sbt-dependency-check plugin and yarn
>> audit (except for false positives)
>> - yarn audit found three CVE's in the loader-utils package, but it is
>>     a ts-loader dependency which is only a dev dependency, so less of an
>>     issue. We should try to upgrade this in a future release
>>
>> [MINOR] no closed issues without a milestone
>> - There's a handful of issues that have been closed but have not been
>>     assigned a milestone. Were they clsoed as part of 1.2.0? Can they be
>>     added to this milestone?
>>
>>   
>> https://github.com/apache/daffodil-vscode/issues?q=is%3Aissue+is%3Aclosed+no%3Amilestone
>>
>> [MINOR] src and binaries include correct LICENSE/NOTICE
>> - The build/extension.webpack.config.js file is marked as MIT from
>>     Microsoft, but is not listed in the LICENSE file. I mentioned this
>>     in the 1.1.0 release VOTE and this has not been fixed. If this is
>>     not fixed in the next 1.3.0 release then I will vote -1.
>> - There are a large number of dev yarn dependencies that are listed in
>>     the .vsix LICENSE file. Because they are dev only, they do not need
>>     to be listed in LICENSE or NOTICE files. My guess is we didn't use
>>     the --production flag with yarn list when figuring out what to add
>>     to the LICENSE/NOTICE files. Removing the dev deps should make it
>>     easier to manage these filse and check for correctness.
>> - It looks like a number of Omega Edit jars are ALv2 and do not have a
>>     NOTICE file, but are not listed in the NONOTICE file. For
>>     consistency, we should probably add them to NONOTICE so they can be
>>     checked just like any other dependencies.
>> - Two packages are listed in NOLICENSE. If a dependency is unlicensed
>>     we cannot use it in ASF--it is considered category X. If it just
>>     doesn't have a LICENSE file but specifies a license somehow else, we
>>     still need to list it in our LICENSE file with whatever relevant
>>     information is available. These two dependencies are MIT and are
>>     fine, but we need to remove the NOLICENSE file and list them in
>>     LICENSE.
>>
>>
>> On 12/1/22 8:40 AM, Shane Dell wrote:
>>> Hello all,I'd like to call a vote to release Apache Daffodil VS Code 1.2.0-rc3.
>>>
>>> All distribution packages, including signatures, digests, etc. can be
>>> found at:
>>> https://dist.apache.org/repos/dist/dev/daffodil/daffodil-vscode/1.2.0-rc3/
>>>
>>> This release has been signed with PGP key
>>> 86DDE7B41291E380237934F007570D3ADC76D51B, corresponding
>>> to shanedell@apache.org, which is included in the KEYS file here:
>>> https://downloads.apache.org/daffodil/KEYS
>>>
>>> The release candidate has been tagged in git with 1.2.0-rc3.
>>>
>>> For reference, here is a list of all closed GitHub issues tagged with 1.2.0:
>>> https://github.com/apache/daffodil-vscode/milestone/3?closed=1
>>>
>>> Please review and vote. The vote will be open for at least 72 hours
>>> (Tuesday, 6 December 2022, 9:00am EST).
>>>
>>> [ ] +1 approve
>>> [ ] +0 no opinion
>>> [ ] -1 disapprove (and reason why)
>>>
>>> Thank you,
>>>
>>> - Shane Dell
>>>
>>
>>

Re: [VOTE] Apache Daffodil VS Code Extension 1.2.0-rc3

Posted by Shane Dell <sh...@apache.org>.
Steve,

I can mark those two issue as closed in 1.2.0. I apologize for not updating the site with the rc3
links it completely slipped my mind, I will make sure to update those in the final release process
Then if it works for you I will take your other issues and add them as GitHub issues and make
sure they are marked for the 1.3.0 milestone, does this work for you?

Thank you,

Shane Dell

On 2022/12/06 19:03:00 Steve Lawrence wrote:
> +1 (binding)
> 
> Four checks I marked as MINOR and I'm fine with them being fixed prior
> to the release (website link update & issues without milestone) or in
> the next release (license issue, yarn audit CVE).
> 
> I checked:
> 
> [OK] hashes and signatures of source and helper binaries are correct
> [OK] signature of git tag is correct
> [OK] source release matches git tag
> [OK] source compiles using yarn package
> [OK] compiled source matches convenience binary exactly (except for 
> timestamps in zip file)
> [OK] RAT check passes
> [OK] no unexpected binaries in source
> [OK] vsix installs without error
> 
> [MINOR] Page for release published on website
>    Page still links to rc2 release, but I was able to download files
>    from the VOTE mail. Make sure to update this page as part of the
>    final release process. And the VOTE email should link to the site
>    page instead of directly to the artifacts--this way we can review
>    the planned release notes.
> 
> [MIONR] No open CVE's found using sbt-dependency-check plugin and yarn 
> audit (except for false positives)
> - yarn audit found three CVE's in the loader-utils package, but it is
>    a ts-loader dependency which is only a dev dependency, so less of an
>    issue. We should try to upgrade this in a future release
> 
> [MINOR] no closed issues without a milestone
> - There's a handful of issues that have been closed but have not been
>    assigned a milestone. Were they clsoed as part of 1.2.0? Can they be
>    added to this milestone?
> 
>  
> https://github.com/apache/daffodil-vscode/issues?q=is%3Aissue+is%3Aclosed+no%3Amilestone
> 
> [MINOR] src and binaries include correct LICENSE/NOTICE
> - The build/extension.webpack.config.js file is marked as MIT from
>    Microsoft, but is not listed in the LICENSE file. I mentioned this
>    in the 1.1.0 release VOTE and this has not been fixed. If this is
>    not fixed in the next 1.3.0 release then I will vote -1.
> - There are a large number of dev yarn dependencies that are listed in
>    the .vsix LICENSE file. Because they are dev only, they do not need
>    to be listed in LICENSE or NOTICE files. My guess is we didn't use
>    the --production flag with yarn list when figuring out what to add
>    to the LICENSE/NOTICE files. Removing the dev deps should make it
>    easier to manage these filse and check for correctness.
> - It looks like a number of Omega Edit jars are ALv2 and do not have a
>    NOTICE file, but are not listed in the NONOTICE file. For
>    consistency, we should probably add them to NONOTICE so they can be
>    checked just like any other dependencies.
> - Two packages are listed in NOLICENSE. If a dependency is unlicensed
>    we cannot use it in ASF--it is considered category X. If it just
>    doesn't have a LICENSE file but specifies a license somehow else, we
>    still need to list it in our LICENSE file with whatever relevant
>    information is available. These two dependencies are MIT and are
>    fine, but we need to remove the NOLICENSE file and list them in
>    LICENSE.
> 
> 
> On 12/1/22 8:40 AM, Shane Dell wrote:
> > Hello all,I'd like to call a vote to release Apache Daffodil VS Code 1.2.0-rc3.
> > 
> > All distribution packages, including signatures, digests, etc. can be
> > found at:
> > https://dist.apache.org/repos/dist/dev/daffodil/daffodil-vscode/1.2.0-rc3/
> > 
> > This release has been signed with PGP key
> > 86DDE7B41291E380237934F007570D3ADC76D51B, corresponding
> > to shanedell@apache.org, which is included in the KEYS file here:
> > https://downloads.apache.org/daffodil/KEYS
> > 
> > The release candidate has been tagged in git with 1.2.0-rc3.
> > 
> > For reference, here is a list of all closed GitHub issues tagged with 1.2.0:
> > https://github.com/apache/daffodil-vscode/milestone/3?closed=1
> > 
> > Please review and vote. The vote will be open for at least 72 hours
> > (Tuesday, 6 December 2022, 9:00am EST).
> > 
> > [ ] +1 approve
> > [ ] +0 no opinion
> > [ ] -1 disapprove (and reason why)
> > 
> > Thank you,
> > 
> > - Shane Dell
> > 
> 
>

Re: [VOTE] Apache Daffodil VS Code Extension 1.2.0-rc3

Posted by Steve Lawrence <sl...@apache.org>.
+1 (binding)

Four checks I marked as MINOR and I'm fine with them being fixed prior
to the release (website link update & issues without milestone) or in
the next release (license issue, yarn audit CVE).

I checked:

[OK] hashes and signatures of source and helper binaries are correct
[OK] signature of git tag is correct
[OK] source release matches git tag
[OK] source compiles using yarn package
[OK] compiled source matches convenience binary exactly (except for 
timestamps in zip file)
[OK] RAT check passes
[OK] no unexpected binaries in source
[OK] vsix installs without error

[MINOR] Page for release published on website
   Page still links to rc2 release, but I was able to download files
   from the VOTE mail. Make sure to update this page as part of the
   final release process. And the VOTE email should link to the site
   page instead of directly to the artifacts--this way we can review
   the planned release notes.

[MIONR] No open CVE's found using sbt-dependency-check plugin and yarn 
audit (except for false positives)
- yarn audit found three CVE's in the loader-utils package, but it is
   a ts-loader dependency which is only a dev dependency, so less of an
   issue. We should try to upgrade this in a future release

[MINOR] no closed issues without a milestone
- There's a handful of issues that have been closed but have not been
   assigned a milestone. Were they clsoed as part of 1.2.0? Can they be
   added to this milestone?

 
https://github.com/apache/daffodil-vscode/issues?q=is%3Aissue+is%3Aclosed+no%3Amilestone

[MINOR] src and binaries include correct LICENSE/NOTICE
- The build/extension.webpack.config.js file is marked as MIT from
   Microsoft, but is not listed in the LICENSE file. I mentioned this
   in the 1.1.0 release VOTE and this has not been fixed. If this is
   not fixed in the next 1.3.0 release then I will vote -1.
- There are a large number of dev yarn dependencies that are listed in
   the .vsix LICENSE file. Because they are dev only, they do not need
   to be listed in LICENSE or NOTICE files. My guess is we didn't use
   the --production flag with yarn list when figuring out what to add
   to the LICENSE/NOTICE files. Removing the dev deps should make it
   easier to manage these filse and check for correctness.
- It looks like a number of Omega Edit jars are ALv2 and do not have a
   NOTICE file, but are not listed in the NONOTICE file. For
   consistency, we should probably add them to NONOTICE so they can be
   checked just like any other dependencies.
- Two packages are listed in NOLICENSE. If a dependency is unlicensed
   we cannot use it in ASF--it is considered category X. If it just
   doesn't have a LICENSE file but specifies a license somehow else, we
   still need to list it in our LICENSE file with whatever relevant
   information is available. These two dependencies are MIT and are
   fine, but we need to remove the NOLICENSE file and list them in
   LICENSE.


On 12/1/22 8:40 AM, Shane Dell wrote:
> Hello all,I'd like to call a vote to release Apache Daffodil VS Code 1.2.0-rc3.
> 
> All distribution packages, including signatures, digests, etc. can be
> found at:
> https://dist.apache.org/repos/dist/dev/daffodil/daffodil-vscode/1.2.0-rc3/
> 
> This release has been signed with PGP key
> 86DDE7B41291E380237934F007570D3ADC76D51B, corresponding
> to shanedell@apache.org, which is included in the KEYS file here:
> https://downloads.apache.org/daffodil/KEYS
> 
> The release candidate has been tagged in git with 1.2.0-rc3.
> 
> For reference, here is a list of all closed GitHub issues tagged with 1.2.0:
> https://github.com/apache/daffodil-vscode/milestone/3?closed=1
> 
> Please review and vote. The vote will be open for at least 72 hours
> (Tuesday, 6 December 2022, 9:00am EST).
> 
> [ ] +1 approve
> [ ] +0 no opinion
> [ ] -1 disapprove (and reason why)
> 
> Thank you,
> 
> - Shane Dell
>

Re: [VOTE] Apache Daffodil VS Code Extension 1.2.0-rc3

Posted by Shane Dell <sh...@apache.org>.
+1

I was able to debug and run the pcap and ethernet schemas using a setup described my Mike
Beckerle, see this link for more information https://lists.apache.org/thread/1r9swc9jl8yw28bjwsl64j5mzgy9wwpg.
In addition to those schemas, I was also able to debug and run the editfact schema. I was also able to use the omega-edit commands and saw no issues with the different editing items.


On 2022/12/01 13:40:33 Shane Dell wrote:
> Hello all,I'd like to call a vote to release Apache Daffodil VS Code 1.2.0-rc3.
> 
> All distribution packages, including signatures, digests, etc. can be
> found at:
> https://dist.apache.org/repos/dist/dev/daffodil/daffodil-vscode/1.2.0-rc3/
> 
> This release has been signed with PGP key
> 86DDE7B41291E380237934F007570D3ADC76D51B, corresponding
> to shanedell@apache.org, which is included in the KEYS file here:
> https://downloads.apache.org/daffodil/KEYS
> 
> The release candidate has been tagged in git with 1.2.0-rc3.
> 
> For reference, here is a list of all closed GitHub issues tagged with 1.2.0:
> https://github.com/apache/daffodil-vscode/milestone/3?closed=1
> 
> Please review and vote. The vote will be open for at least 72 hours
> (Tuesday, 6 December 2022, 9:00am EST).
> 
> [ ] +1 approve
> [ ] +0 no opinion
> [ ] -1 disapprove (and reason why)
> 
> Thank you,
> 
> - Shane Dell
>

Re: [VOTE] Apache Daffodil VS Code Extension 1.2.0-rc3

Posted by Mike Beckerle <mb...@apache.org>.
My vote: +1

I verified all PCP sigs and sha512 hashes.

Debugging still works across files/jars of multiple schemas. So no
regressions there.  I tested this by debugging the PCAP schema, which uses
the ethernetIP schema as a component schema.

The above are sufficient for a +1 from me.

I did attempt to use some of the newer features. I had less success and
found some nits there. I will send separate email about those.








On Thu, Dec 1, 2022 at 8:41 AM Shane Dell <sh...@apache.org> wrote:

> Hello all,I'd like to call a vote to release Apache Daffodil VS Code
> 1.2.0-rc3.
>
> All distribution packages, including signatures, digests, etc. can be
> found at:
> https://dist.apache.org/repos/dist/dev/daffodil/daffodil-vscode/1.2.0-rc3/
>
> This release has been signed with PGP key
> 86DDE7B41291E380237934F007570D3ADC76D51B, corresponding
> to shanedell@apache.org, which is included in the KEYS file here:
> https://downloads.apache.org/daffodil/KEYS
>
> The release candidate has been tagged in git with 1.2.0-rc3.
>
> For reference, here is a list of all closed GitHub issues tagged with
> 1.2.0:
> https://github.com/apache/daffodil-vscode/milestone/3?closed=1
>
> Please review and vote. The vote will be open for at least 72 hours
> (Tuesday, 6 December 2022, 9:00am EST).
>
> [ ] +1 approve
> [ ] +0 no opinion
> [ ] -1 disapprove (and reason why)
>
> Thank you,
>
> - Shane Dell
>