Adding some links. On Thu, Mar 28, 2019 at 2:08 PM Huxing Zhang <[email protected]> wrote: > > Hi, > > On Thu, Mar 28, 2019 at 1:49 PM Hen <[email protected]> wrote: > > > > > > > > > > On Wed, Mar 27, 2019 at 12:56 AM Huxing Zhang <[email protected]> wrote: > >> > >> Hi, > >> > >> On Fri, Mar 22, 2019 at 1:55 PM Hen <[email protected]> wrote: > >> > > >> > > >> > (including Huxing) > >> > > >> > On Thu, Mar 21, 2019 at 10:55 PM Hen <[email protected]> wrote: > >> >> > >> >> > >> >> Give substack a few days to reply and then nudge them on Twitter: > >> >> https://twitter.com/substack or their email (listed on > >> >> https://substack.net/ ). > >> > >> I tried to send them email and mention them on Twitter, but still got > >> no response. > >> Do you view it as a showstopper to an ASF release? > > > > > > Can you confirm the following: > > > > * the test file would not be in the download for Apache Dubbo (and > > presumably other typical use cases)? > > When user downloads the source release, the test file is not > downloaded, because it is a transitive dependency. > When user unarchive the source code and compile it, the test file will > be downloaded. > When user downloads the binary distribution, the test file is not > downloaded, because it is a dev dependency. > > > * the test file would not be in Apache Dubbo source control (be that git or > > svn)? > > No, it is not in control. > > > * the test file would not show up when an Apache Dubbo user uses Dubbo 'in > > production'? > > No, they won't show up when use in production, either a user compile > from source code or download the binary distribution. > > > > > My instinct is to maintain the current dependency tree and open an issue > > with cliui and optionator that their dependency has an issue. They could > > inline the code, without the test file, or they could fork a new project > > with said code removed. Or they may be a better community position to > > effect change. > > The webpack community has remove the dependency in the latest version.
See https://github.com/webpack/webpack/issues/8936 > The eslint community is contacting the Open JS Foundation to confirm > whether there is a copyright issue. See https://github.com/eslint/eslint/issues/11536 > I think we should open an issue with optionator dependency as well. See https://github.com/gkz/optionator/issues/31 > > > > > What do folk think? > > > > Thanks, > > > > Hen > > > > -- > Best Regards! > Huxing -- Best Regards! Huxing
