Hi, On Thu, Mar 28, 2019 at 1:49 PM Hen <bay...@apache.org> wrote: > > > > > On Wed, Mar 27, 2019 at 12:56 AM Huxing Zhang <hux...@apache.org> wrote: >> >> Hi, >> >> On Fri, Mar 22, 2019 at 1:55 PM Hen <bay...@apache.org> wrote: >> > >> > >> > (including Huxing) >> > >> > On Thu, Mar 21, 2019 at 10:55 PM Hen <bay...@apache.org> wrote: >> >> >> >> >> >> Give substack a few days to reply and then nudge them on Twitter: >> >> https://twitter.com/substack or their email (listed on >> >> https://substack.net/ ). >> >> I tried to send them email and mention them on Twitter, but still got >> no response. >> Do you view it as a showstopper to an ASF release? > > > Can you confirm the following: > > * the test file would not be in the download for Apache Dubbo (and presumably > other typical use cases)?
When user downloads the source release, the test file is not downloaded, because it is a transitive dependency. When user unarchive the source code and compile it, the test file will be downloaded. When user downloads the binary distribution, the test file is not downloaded, because it is a dev dependency. > * the test file would not be in Apache Dubbo source control (be that git or > svn)? No, it is not in control. > * the test file would not show up when an Apache Dubbo user uses Dubbo 'in > production'? No, they won't show up when use in production, either a user compile from source code or download the binary distribution. > > My instinct is to maintain the current dependency tree and open an issue with > cliui and optionator that their dependency has an issue. They could inline > the code, without the test file, or they could fork a new project with said > code removed. Or they may be a better community position to effect change. The webpack community has remove the dependency in the latest version. The eslint community is contacting the Open JS Foundation to confirm whether there is a copyright issue. I think we should open an issue with optionator dependency as well. > > What do folk think? > > Thanks, > > Hen -- Best Regards! Huxing
