> > From my side, this is not the difference. The download source package is > never been voted is my concern. > I know the logically, it is just a subset, but whether there is a change or > unexpected files in the final download, we don't know. And no one would > check. > The whole vote/check process is for manual confirmation about that, the > source release is 100% following the ASF requirements. >
I think I get your point. An important reason is the build script used on the custom builder page is not been checked and voted. I agree to remove this page. But there are still about 1.5k developers using this online tool everyday. We should take it carefully to guide these developers to build from source in local. Thanks On Mon, Aug 3, 2020 at 4:28 PM Sheng Wu <wu.sheng.841...@gmail.com> wrote: > Yi Shen <shenyi....@gmail.com> 于2020年8月3日周一 下午4:14写道: > > > Hi, Sheng > > > > The point is, you only vote for the source tar, which includes all > > > contents, with an ASC and sha512 sign. So, only that is an official > > apache > > > release. > > > > > > > I want to explain it a bit more. What we thought is bringing the local > CLI > > to the web. > > In which developers can > > > > 1. Choose a version from the source tar list which have been voted. > > 2. Download the tar and check sha512 on the browser. > > 3. Unzip the tar and build the source into a single js file on the > browser. > > 4. Download the customized built js file. > > > > I guess the main difference between this and the local CLI is all the > > processes are on the browser. > > Please remind us if we missed anything that may cause potential risks in > > it. > > > > From my side, this is not the difference. The download source package is > never been voted is my concern. > I know the logically, it is just a subset, but whether there is a change or > unexpected files in the final download, we don't know. And no one would > check. > The whole vote/check process is for manual confirmation about that, the > source release is 100% following the ASF requirements. > > Sheng Wu 吴晟 > Twitter, wusheng1108 > > > > > > Regards. > > > > On Mon, Aug 3, 2020 at 3:03 PM Sheng Wu <wu.sheng.841...@gmail.com> > wrote: > > > > > Ovilia <oviliazh...@gmail.com> 于2020年8月3日周一 下午2:52写道: > > > > > > > Thanks Sheng for the checking. > > > > > > > > Here're my thoughts on these issues: > > > > > > > > 1. I was referring to [1] when checking the navigator. I thought it > > meant > > > > if there's a > > > > "Sponsorship" link, it should link to xxx but I didn't realize it > means > > > the > > > > link is > > > > mandatory. The following link should be added: > > > > Sponsorship, Thanks, Apache Software Foundation. > > > > > > > > > > > Use this to check the potential issue. > > > https://incubator.apache.org/clutch/echarts.html > > > > > > > > > > 2. Gallery is a place to host ECharts works from the community, > > something > > > > similar > > > > to jsfiddle or codepen. The server is currently hosted on a Baidu > > server > > > > and we don't > > > > have a current plan to donate it to ASF. > > > > How about removing the project from the navigator and list it > somewhere > > > as > > > > a > > > > community resource? > > > > > > > > > > Agree, should make it clear, that is a part of community/ecosystem. And > > not > > > a part of ASF or Apache release. They just extend the Apache ECharts. > > > > > > > > > > > > > > 3. Theme files are included in the source release [2] and the current > > > > download-theme page > > > > uses convenient binary files hosted on our server. Is this a problem? > > > > Extensions are mostly made by the community so they are links to > > related > > > > GitHub projects. > > > > I think we should put a more clear instruction on the > > > > download-extention page [3] that > > > > these projects are made by the community. > > > > > > > > > > I just prefer to provide a clear statement and catalogs about links to > > 3rd > > > party extensions, or Apache release. > > > That includes, how and where to report the bug/security issue when > those > > > extensions have issues. > > > Also, where should hold their discussion, such as enhancement, > iteration. > > > > > > > > > > > > > > > > > > 4. The tools are currently under translation. We didn't put a "help > > > > translate" note because > > > > we have already found the people who wish to translate and it should > be > > > > done within a few > > > > weeks. Before then, the English Website will have a "(in Chinese)" > note > > > in > > > > the navigator. > > > > > > > > > > Good to know the progress. Could you check whether they could finish > > those > > > before the graduation discussion in the incubator? I hope to ease other > > > people's concern. > > > > > > > > > > > > > > 5. The custom build is used to build a release with the least source > > > files > > > > required. > > > > I think the biggest concern here is that it is not using the source > > files > > > > voted. > > > > How about we change the Web front-end logic to get the source file > from > > > > Apache SVN > > > > that has been voted, to build and be downloaded? Does that seem to > work > > > for > > > > you? > > > > > > > > > > The point is, you only vote for the source tar, which includes all > > > contents, with an ASC and sha512 sign. So, only that is an official > > apache > > > release. > > > If you provide downloads to that only, it is OK. Or, if you prefer the > > > custom mode, do you could provide a local tool to repackage the source > > > code? > > > > > > > > > > > > > > > > > > > > > > > > > [1] https://www.apache.org/foundation/marks/pmcs#navigation > > > > [2] > > https://dist.apache.org/repos/dist/release/incubator/echarts/4.8.0/ > > > > [3] https://echarts.apache.org/en/download-extension.html > > > > > > > > Thanks > > > > > > > > *Ovilia* > > > > > > > > > > > > On Mon, Aug 3, 2020 at 11:31 AM Kevin A. McGrail < > kmcgr...@apache.org> > > > > wrote: > > > > > > > > > I do not know about the links checker but I do remember there was > > > > > something cobbled together. All it is doing is testing for this > > > policy: > > > > > > > > > > https://www.apache.org/foundation/marks/pmcs#navigation > > > > > > > > > > On 8/2/2020 10:56 PM, Sheng Wu wrote: > > > > > > Hi, Ovilia > > > > > > > > > > > > I don't remember, but there is a website link check in the > > incubator, > > > > > does > > > > > > anyone/mentor remember this? > > > > > > From I read from your website, questions > > > > > > 1. There are some links missing. You could compare it with > > > > > > http://skywalking.apache.org/ links menu. > > > > > > 2. There is a menu, called Gallary Chinese. What is that? From my > > > > > reading, > > > > > > it seems more like extensions/plugins? Who owns (s) this repo? > > > > > > 3. Download part, theme, and extension, what are the differences > > > > between > > > > > > these two and Gallary? And I don't remember there is any official > > > > release > > > > > > process(vote/license check, etc.) about these. Could you clarify > > what > > > > > they > > > > > > are? > > > > > > 4. About the tool(s). From my understanding, they are > configuration > > > > > > generation for ECharts, why they are Chinese only, and do you > have > > > open > > > > > > process about how to contribute on these tools? > > > > > > 5. I noticed `Option 3: Custom Build` on the website download > page, > > > how > > > > > > this works? I am a little worried about it breaks the ASF release > > > > > process. > > > > > > Because, the source release(js mostly is not source, no binary) > is > > > > never > > > > > > being voted. I could get the points, seems you provide the users > to > > > > get a > > > > > > subset of the entire source tar. But the unvoted source tars make > > me > > > > > unsure > > > > > > whether this is acceptable in the ASF. What other mentors think? > > > > > > > > > > > > Sheng Wu 吴晟 > > > > > > Twitter, wusheng1108 > > > > > > > > > > > > > > > > > > Ovilia <oviliazh...@gmail.com> 于2020年8月3日周一 上午10:25写道: > > > > > > > > > > > >> Dear mentors, > > > > > >> > > > > > >> Can you help us review the graduation related documents and see > if > > > > > there is > > > > > >> something > > > > > >> to be improved? > > > > > >> > > > > > >> Thanks > > > > > >> > > > > > >> *Ovilia* > > > > > >> > > > > > >> > > > > > >> On Sun, Aug 2, 2020 at 11:59 AM siwen su <susiw...@gmail.com> > > > wrote: > > > > > >> > > > > > >>> Hi all: > > > > > >>> > > > > > >>> I have nothing to say about website, It apply all rules of > > Apache, > > > > and > > > > > >> most > > > > > >>> importantly, add some very useful features. > > > > > >>> > > > > > >>> About reserving initial PPMC qualification, since I haven't > work > > > with > > > > > >> them, > > > > > >>> but I read about the history of ECharts, Mr Lin Zhifeng and Mr > > Dong > > > > Rui > > > > > >> had > > > > > >>> made remarkable contributions to ECharts, even thought they > > haven't > > > > > >>> contribute during incubating but It can't change the fact that > > they > > > > > have > > > > > >>> laid the foundation for ECharts, so naming they as PMC in > future > > > > would > > > > > be > > > > > >>> reasonable > > > > > >>> > > > > > >>> As for the password, distribute it via private mail list > wasn't a > > > > great > > > > > >>> idea,, like @zhongxiang mentioned, someone else would "steal" > it, > > > > > >>> especially we have discussed on dev mail list which lots of > > people > > > > know > > > > > >> how > > > > > >>> passport would be distributed. > > > > > >>> > > > > > >>> Best regard > > > > > >>> > > > > > >>> Siwen Su > > > > > >>> > > > > > >>> Zhongxiang Wang <wan...@apache.org> 于2020年7月30日周四 下午12:57写道: > > > > > >>> > > > > > >>>> Hi, > > > > > >>>> 1. The current website is following the guide of podling > website > > > and > > > > > it > > > > > >>> is > > > > > >>>> all right for me. > > > > > >>>> 2. Sending an important private key or password on email > without > > > any > > > > > >>>> encryption is obviously so unsafe. Some email clients don’t > > > encrypt > > > > > the > > > > > >>>> email content by default and this may lead to a leak of > content > > if > > > > > it’s > > > > > >>>> intercepted during the transmission. So it’s better to enable > > > email > > > > > >>>> encryption in email client and encrypt the raw password or any > > > other > > > > > >>>> important information in the content of the email by some > > advanced > > > > > >>> patterns > > > > > >>>> difficult to crack before sending to a mailing list or > > elsewhere. > > > > > >>>> 3. As for the early PMCs and committers, we should always keep > > the > > > > > >>> founder > > > > > >>>> Zhifeng Lin as PMC, who is so essential to ECharts project. > As I > > > > know, > > > > > >>> he’s > > > > > >>>> been helping silently ECharts project improve and develop by > his > > > > > >>>> professional suggestions. > > > > > >>>> > > > > > >>>> Thanks, > > > > > >>>> Zhongxiang Wang. > > > > > >>>> > > > > > >>>> On 2020/07/27 05:07:23, Ovilia <oviliazh...@gmail.com> wrote: > > > > > >>>>> Hi all, > > > > > >>>>> > > > > > >>>>> Apache ECharts (incubating) has learned and grown a lot since > > our > > > > > >>>>> incubation in Jan > > > > > >>>>> 2018. Now, I'm glad to call on a discussion about whether we > > are > > > > > >> ready > > > > > >>>> for > > > > > >>>>> graduation and > > > > > >>>>> what remains to be done. Hopefully, after this discussion, we > > can > > > > set > > > > > >>> the > > > > > >>>>> status to be > > > > > >>>>> "near graduation" in the monthly report. > > > > > >>>>> > > > > > >>>>> Updates since incubation: > > > > > >>>>> - 2 new PPMCs (and another has completed the vote and > > undergoing > > > > the > > > > > >>>>> process) and 7 > > > > > >>>>> new committers were elected and joined the community [1] and > > now > > > > > >>>>> we have committers working for more than 6 different > companies. > > > > > >>>>> - Our mailing list [2] is very active and we have 79 people > > > > > >> subscribed > > > > > >>> to > > > > > >>>>> it. > > > > > >>>>> - Released 8 versions by 2 release managers [3]; release > guide > > is > > > > at > > > > > >>> [4] > > > > > >>>>> - 73 people have contributed to the project during incubation > > [9] > > > > > >>>>> - Assessment of the maturity model is available at [5] > > > > > >>>>> - Branding issues have been solved and name searching has > been > > > > > >>> completed > > > > > >>>> [6] > > > > > >>>>> Other things we need to discuss: > > > > > >>>>> > > > > > >>>>> 1. Website > > > > > >>>>> We updated our Website [7] content, logo, document, and so on > > > > > >> according > > > > > >>>> to > > > > > >>>>> Apache rules > > > > > >>>>> and hopefully, it's following all requirements. You may help > > > check > > > > > >> the > > > > > >>>>> rules [8] and discuss > > > > > >>>>> the ones that you think need to change. > > > > > >>>>> > > > > > >>>>> 2. Sponsored CDN > > > > > >>>>> We have updated the Website with a sponsored CDN to improve > > speed > > > > in > > > > > >>>> China > > > > > >>>>> and > > > > > >>>>> created an account for all PPMCs. But we are not sure how we > > > > > >>>>> should distribute the > > > > > >>>>> password of that account? Should we send the password on the > > > > private > > > > > >>>>> mailing list? Is that safe enough? > > > > > >>>>> Also, the releasing script in the release guide [4] depends > on > > > the > > > > > >>>> password > > > > > >>>>> of the CDN > > > > > >>>>> private key. How should we distribute it? > > > > > >>>>> > > > > > >>>>> 3. PMCs and Committers > > > > > >>>>> We have to discuss what to do with the initial PPMCs that had > > no > > > > > >> clear > > > > > >>>>> contribution to > > > > > >>>>> the project during incubation. We should decide on each of > > them, > > > do > > > > > >> we > > > > > >>>> wish > > > > > >>>>> to make > > > > > >>>>> him a PMC or Committer or neither. Basically, it's decided by > > the > > > > > >>>> project, > > > > > >>>>> so please talk about how you feel about this. > > > > > >>>>> a. Lin Zhifeng https://github.com/kener > > > > > >>>>> b. Dong Rui https://github.com/erik168 > > > > > >>>>> c. Huang Houjin https://github.com/chriswong > > > > > >>>>> > > > > > >>>>> > > > > > >>>>> [1] https://echarts.apache.org/en/committers.html > > > > > >>>>> [2] > https://lists.apache.org/list.html?dev@echarts.apache.org > > > > > >>>>> [3] > > > https://dist.apache.org/repos/dist/release/incubator/echarts/ > > > > > >>>>> [4] > > > > > >>>>> > > > > > >> > > > > > > > > > > > > > > > https://cwiki.apache.org/confluence/display/ECHARTS/Apache+ECharts+Release+Guide > > > > > >>>>> < > > > > > >> > > > > > > > > > > > > > > > https://cwiki.apache.org/confluence/display/ECHARTS/Apache+ECharts+Release+Guide > > > > > >>>>> [5] > > > > > >>>>> > > > > > >> > > > > > > > > > > > > > > > https://cwiki.apache.org/confluence/display/ECHARTS/Apache+Maturity+Model+Assessment+for+ECharts > > > > > >>>>> [6] > > https://issues.apache.org/jira/browse/PODLINGNAMESEARCH-153 > > > > > >>>>> [7] http://echarts.apache.org/ > > > > > >>>>> [8] https://incubator.apache.org/guides/sites.html > > > > > >>>>> [9] Using `git shortlog -sn --since="20 Jan, 2018"` on the > > master > > > > > >>> branch > > > > > >>>>> and merging > > > > > >>>>> alias > > > > > >>>>> > > > > > >>>>> > > > > > >>>>> Thanks > > > > > >>>>> > > > > > >>>>> *Ovilia* > > > > > >>>>> > > > > > >>>> > > > > --------------------------------------------------------------------- > > > > > >>>> To unsubscribe, e-mail: dev-unsubscr...@echarts.apache.org > > > > > >>>> For additional commands, e-mail: dev-h...@echarts.apache.org > > > > > >>>> > > > > > >>>> > > > > > -- > > > > > Kevin A. McGrail > > > > > kmcgr...@apache.org > > > > > > > > > > Member, Apache Software Foundation > > > > > Chair Emeritus Apache SpamAssassin Project > > > > > https://www.linkedin.com/in/kmcgrail - 703.798.0171 > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > To unsubscribe, e-mail: dev-unsubscr...@echarts.apache.org > > > > > For additional commands, e-mail: dev-h...@echarts.apache.org > > > > > > > > > > > > > > > > > > > > > > > -- > > Yi Shen > > Apache ECharts(incubating) PPMC > > > -- Yi Shen Apache ECharts(incubating) PPMC
