Re: [VOTE] Release Apache Daffodil VS Code 1.1.0-rc1

[Shane Dell]

That makes sense to me I did create the PR for the release page at 
https://github.com/apache/daffodil-site/pull/91.
I believe these dependencies you point are transitive dependencies, I must have 
only made sure
the dependencies listed in the package.json were added to the license/notice 
file. I will make
sure to get this updated as you said if not this release then next.

On 2022/08/01 18:25:07 Steve Lawrence wrote:
> Yeah, license and release page are my only issues.
> 
> I'd prefer we get the license issues resolved and do an rc2, but -1's 
> aren't a veto, so if others are fine and give a +1 we can wait until 
> next release.
> 
> Also, I'm not confident that there are actually license issues. It's not 
> clear to me if the the "yarn licenses" output is correct. The output 
> doesn't include any direct dependencies, so I'm not sure if those are 
> transitive dependencies, build dependencies, or something else and maybe 
> they're aren't actually included in the .vsix file where this matters. 
> I'm not sure how we originally generated the list of things that need to 
> go in build/package/{LICENSE,NOTICE}.
> 
> 
> On 8/1/22 2:17 PM, Shane Dell wrote:
> > So are your issues just the licensing and release page? That is all I was 
> > seeing was wondering if maybe I missed something. I was working on the 
> > release page for the daffodil-site I just didn't get it pushed up, will do 
> > that now. I can also add these license issues found to the notice/license 
> > files and release rc2 or were you saying this can wait till next release?
> > 
> > On 2022/07/29 18:01:49 Steve Lawrence wrote:
> >> -1 (binding)
> >>
> >> I'm also having trouble getting things running, I think maybe the setup
> >> just isn't very intuitive. I assume I'm just doing something wrong.
> >>
> >> However, I also found some potential licensing issues, the main reason
> >> for my -1 vote--maybe I'm doing something wrong looking at the yarn
> >> licenses output?
> >>
> >> I checked:
> >>
> >> [OK] hashes and signatures of source and helper binaries are correct
> >> [OK] signature of git tag is correct
> >> [OK] source release matches git tag
> >> [OK] source compiles using yarn package
> >> [OK] compiled source matches convenience binary exactly (except for
> >> timestamps in zip file)
> >> [OK] RAT check passes
> >> [OK] no unexpected binaries in source
> >> [OK] vsix installs without error
> >> [OK] No open CVE's found using sbt-dependency-check plugin (except for
> >> false positives)
> >>
> >> [FAILED] Page for release published on website
> >>
> >> - There is no page at daffodil.apache.org/vscode for this release.
> >>     Please create one so this can be reviewed as part of the VOTE
> >>     process.
> >>
> >> [FAILED] src and binaries include correct LICENSE/NOTICE
> >>
> >> - The build/extension.webpack.config.js file is marked as MIT, but is
> >>     not listed in the LICENSE file (can be fixed as part of next release)
> >> - All the omega-edit and daffodil bundled jars look correct in the
> >>     build.package/{LICENSE,NOTICE} files, but running 'yarn licenses
> >>     list --production` lists many npm dependencies that are not listed.
> >>     I thought we fixed everything for last release, so I'm not sure why
> >>     this is the case? Maybe some dependency updates pulled in new
> >>     transitive dependencies that weren't caught? None are category X,
> >>     but I think they should be listed in the appropriate LICENSE/NOTICE
> >>     file. Here is the output of the above command, including only the
> >>     things that are missing from LICENSE/NOTICE:
> >>
> >>     BSD-3-Clause
> >>     ├─ @protobufjs/aspromise@1.1.2
> >>     ├─ @protobufjs/base64@1.1.2
> >>     ├─ @protobufjs/codegen@2.0.4
> >>     ├─ @protobufjs/eventemitter@1.1.0
> >>     ├─ @protobufjs/fetch@1.1.0
> >>     ├─ @protobufjs/float@1.0.2
> >>     ├─ @protobufjs/inquire@1.1.0
> >>     ├─ @protobufjs/path@1.1.2
> >>     ├─ @protobufjs/pool@1.1.0
> >>     ├─ @protobufjs/utf8@1.1.0
> >>     ├─ google-protobuf@3.20.1
> >>     └─ protobufjs@6.11.3
> >>     ISC
> >>     ├─ child_process@1.0.2
> >>     ├─ cliui@7.0.4
> >>     ├─ get-caller-file@2.0.5
> >>     ├─ y18n@5.0.8
> >>     └─ yargs-parser@20.2.9
> >>     MIT
> >>     ├─ @types/long@4.0.2
> >>     ├─ @types/node@18.0.3
> >>     ├─ ansi-regex@5.0.1
> >>     ├─ ansi-styles@4.3.0
> >>     ├─ color-convert@2.0.1
> >>     ├─ color-name@1.1.4
> >>     ├─ emoji-regex@8.0.0
> >>     ├─ escalade@3.1.1
> >>     ├─ is-fullwidth-code-point@3.0.0
> >>     ├─ lodash.camelcase@4.3.0
> >>     ├─ prettier@2.7.1
> >>     ├─ require-directory@2.1.1
> >>     ├─ run-script-os@1.1.6
> >>     ├─ string-width@4.2.3
> >>     ├─ strip-ansi@6.0.1
> >>     ├─ wrap-ansi@7.0.0
> >>     └─ yargs@16.2.0
> >>
> >>     If I'm just doing something wrong, I'm happy to switch my vote to a
> >>     +1. The other checks I mention can be fixed as part of the next
> >>     release.
> >>
> >>
> >> On 7/29/22 1:10 PM, Mike Beckerle wrote:
> >>> I'd like to request more time for this vote.
> >>>
> >>> I have only limited time today to check this release out, and limited
> >>> connectivity today as I am on Amtrak with spotty wifi at best.
> >>>
> >>> I don't want to vote yet, because something seemingly environmental is 
> >>> impeding
> >>> my ability to evaluate.
> >>>
> >>> Obviously this works for others or it wouldn't be an RC, but I am /not 
> >>> getting
> >>> it to even start working/.  I will need some assistance to get past this.
> >>>
> >>> I have uninstalled VSCode, setup to use Java 11. I have rebooted my PC 
> >>> (ubuntu).
> >>> I have fully deleted ~/.vscode, and then I have reinstalled vscode.
> >>> Then I install the release VSIX, and still, I can get nowhere.
> >>>
> >>> No Daffodil command from the command palette does anything other than 
> >>> give an
> >>> error.
> >>>
> >>> If I choose Daffodil Debug File from the command palette, I'm immediately
> >>> getting "ENOENT: no such file or directory, lstat".
> >>>
> >>> I tried also to select Daffodil Debugger, configure launch.json but I get:
> >>>
> >>> image.png
> >>> (btw: what is 'launch.config'? Shouldn't that say 'launch.json'?)
> >>>
> >>> So something is up environmentally; I can't even test out the features 
> >>> yet.
> >>>
> >>> -mike beckerle
> >>>
> >>>
> >>>
> >>>
> >>>
> >>> On Wed, Jul 27, 2022 at 2:21 PM Shane Dell <shaned...@apache.org
> >>> <mailto:shaned...@apache.org>> wrote:
> >>>
> >>>       Hello all,I'd like to call a vote to release Apache Daffodil VS 
> >>> Code 1.1.0-rc1.
> >>>
> >>>       All distribution packages, including signatures, digests, etc. can 
> >>> be
> >>>       found at:
> >>>       
> >>> https://dist.apache.org/repos/dist/dev/daffodil/daffodil-vscode/1.1.0-rc1/
> >>>       
> >>> <https://dist.apache.org/repos/dist/dev/daffodil/daffodil-vscode/1.1.0-rc1/>
> >>>
> >>>       This release has been signed with PGP key
> >>>       86DDE7B41291E380237934F007570D3ADC76D51B, corresponding
> >>>       to shaned...@apache.org <mailto:shaned...@apache.org>, which is 
> >>> included in
> >>>       the KEYS file here:
> >>>       https://downloads.apache.org/daffodil/KEYS
> >>>       <https://downloads.apache.org/daffodil/KEYS>
> >>>
> >>>       The release candidate has been tagged in git with 1.1.0-rc1.
> >>>
> >>>       For reference, here is a list of all closed GitHub issues tagged 
> >>> with 1.1.0:
> >>>       https://github.com/apache/daffodil-vscode/milestone/2?closed=1
> >>>       <https://github.com/apache/daffodil-vscode/milestone/2?closed=1>
> >>>
> >>>       Please review and vote. The vote will be open for at least 72 hours
> >>>       (Saturday, 30 July 2022, 3 Noon EST).
> >>>
> >>>       [ ] +1 approve
> >>>       [ ] +0 no opinion
> >>>       [ ] -1 disapprove (and reason why)
> >>>
> >>>       Thank you,
> >>>
> >>>       - Shane Dell
> >>>
> >>
> >>
> 
>