Yi Shen <shenyi....@gmail.com> 于2020年8月3日周一 下午4:14写道:
> Hi, Sheng > > The point is, you only vote for the source tar, which includes all > > contents, with an ASC and sha512 sign. So, only that is an official > apache > > release. > > > > I want to explain it a bit more. What we thought is bringing the local CLI > to the web. > In which developers can > > 1. Choose a version from the source tar list which have been voted. > 2. Download the tar and check sha512 on the browser. > 3. Unzip the tar and build the source into a single js file on the browser. > 4. Download the customized built js file. > > I guess the main difference between this and the local CLI is all the > processes are on the browser. > Please remind us if we missed anything that may cause potential risks in > it. > >From my side, this is not the difference. The download source package is never been voted is my concern. I know the logically, it is just a subset, but whether there is a change or unexpected files in the final download, we don't know. And no one would check. The whole vote/check process is for manual confirmation about that, the source release is 100% following the ASF requirements. Sheng Wu 吴晟 Twitter, wusheng1108 > > Regards. > > On Mon, Aug 3, 2020 at 3:03 PM Sheng Wu <wu.sheng.841...@gmail.com> wrote: > > > Ovilia <oviliazh...@gmail.com> 于2020年8月3日周一 下午2:52写道: > > > > > Thanks Sheng for the checking. > > > > > > Here're my thoughts on these issues: > > > > > > 1. I was referring to [1] when checking the navigator. I thought it > meant > > > if there's a > > > "Sponsorship" link, it should link to xxx but I didn't realize it means > > the > > > link is > > > mandatory. The following link should be added: > > > Sponsorship, Thanks, Apache Software Foundation. > > > > > > > > Use this to check the potential issue. > > https://incubator.apache.org/clutch/echarts.html > > > > > > > 2. Gallery is a place to host ECharts works from the community, > something > > > similar > > > to jsfiddle or codepen. The server is currently hosted on a Baidu > server > > > and we don't > > > have a current plan to donate it to ASF. > > > How about removing the project from the navigator and list it somewhere > > as > > > a > > > community resource? > > > > > > > Agree, should make it clear, that is a part of community/ecosystem. And > not > > a part of ASF or Apache release. They just extend the Apache ECharts. > > > > > > > > > > 3. Theme files are included in the source release [2] and the current > > > download-theme page > > > uses convenient binary files hosted on our server. Is this a problem? > > > Extensions are mostly made by the community so they are links to > related > > > GitHub projects. > > > I think we should put a more clear instruction on the > > > download-extention page [3] that > > > these projects are made by the community. > > > > > > > I just prefer to provide a clear statement and catalogs about links to > 3rd > > party extensions, or Apache release. > > That includes, how and where to report the bug/security issue when those > > extensions have issues. > > Also, where should hold their discussion, such as enhancement, iteration. > > > > > > > > > > > > > 4. The tools are currently under translation. We didn't put a "help > > > translate" note because > > > we have already found the people who wish to translate and it should be > > > done within a few > > > weeks. Before then, the English Website will have a "(in Chinese)" note > > in > > > the navigator. > > > > > > > Good to know the progress. Could you check whether they could finish > those > > before the graduation discussion in the incubator? I hope to ease other > > people's concern. > > > > > > > > > > 5. The custom build is used to build a release with the least source > > files > > > required. > > > I think the biggest concern here is that it is not using the source > files > > > voted. > > > How about we change the Web front-end logic to get the source file from > > > Apache SVN > > > that has been voted, to build and be downloaded? Does that seem to work > > for > > > you? > > > > > > > The point is, you only vote for the source tar, which includes all > > contents, with an ASC and sha512 sign. So, only that is an official > apache > > release. > > If you provide downloads to that only, it is OK. Or, if you prefer the > > custom mode, do you could provide a local tool to repackage the source > > code? > > > > > > > > > > > > > > > > > > [1] https://www.apache.org/foundation/marks/pmcs#navigation > > > [2] > https://dist.apache.org/repos/dist/release/incubator/echarts/4.8.0/ > > > [3] https://echarts.apache.org/en/download-extension.html > > > > > > Thanks > > > > > > *Ovilia* > > > > > > > > > On Mon, Aug 3, 2020 at 11:31 AM Kevin A. McGrail <kmcgr...@apache.org> > > > wrote: > > > > > > > I do not know about the links checker but I do remember there was > > > > something cobbled together. All it is doing is testing for this > > policy: > > > > > > > > https://www.apache.org/foundation/marks/pmcs#navigation > > > > > > > > On 8/2/2020 10:56 PM, Sheng Wu wrote: > > > > > Hi, Ovilia > > > > > > > > > > I don't remember, but there is a website link check in the > incubator, > > > > does > > > > > anyone/mentor remember this? > > > > > From I read from your website, questions > > > > > 1. There are some links missing. You could compare it with > > > > > http://skywalking.apache.org/ links menu. > > > > > 2. There is a menu, called Gallary Chinese. What is that? From my > > > > reading, > > > > > it seems more like extensions/plugins? Who owns (s) this repo? > > > > > 3. Download part, theme, and extension, what are the differences > > > between > > > > > these two and Gallary? And I don't remember there is any official > > > release > > > > > process(vote/license check, etc.) about these. Could you clarify > what > > > > they > > > > > are? > > > > > 4. About the tool(s). From my understanding, they are configuration > > > > > generation for ECharts, why they are Chinese only, and do you have > > open > > > > > process about how to contribute on these tools? > > > > > 5. I noticed `Option 3: Custom Build` on the website download page, > > how > > > > > this works? I am a little worried about it breaks the ASF release > > > > process. > > > > > Because, the source release(js mostly is not source, no binary) is > > > never > > > > > being voted. I could get the points, seems you provide the users to > > > get a > > > > > subset of the entire source tar. But the unvoted source tars make > me > > > > unsure > > > > > whether this is acceptable in the ASF. What other mentors think? > > > > > > > > > > Sheng Wu 吴晟 > > > > > Twitter, wusheng1108 > > > > > > > > > > > > > > > Ovilia <oviliazh...@gmail.com> 于2020年8月3日周一 上午10:25写道: > > > > > > > > > >> Dear mentors, > > > > >> > > > > >> Can you help us review the graduation related documents and see if > > > > there is > > > > >> something > > > > >> to be improved? > > > > >> > > > > >> Thanks > > > > >> > > > > >> *Ovilia* > > > > >> > > > > >> > > > > >> On Sun, Aug 2, 2020 at 11:59 AM siwen su <susiw...@gmail.com> > > wrote: > > > > >> > > > > >>> Hi all: > > > > >>> > > > > >>> I have nothing to say about website, It apply all rules of > Apache, > > > and > > > > >> most > > > > >>> importantly, add some very useful features. > > > > >>> > > > > >>> About reserving initial PPMC qualification, since I haven't work > > with > > > > >> them, > > > > >>> but I read about the history of ECharts, Mr Lin Zhifeng and Mr > Dong > > > Rui > > > > >> had > > > > >>> made remarkable contributions to ECharts, even thought they > haven't > > > > >>> contribute during incubating but It can't change the fact that > they > > > > have > > > > >>> laid the foundation for ECharts, so naming they as PMC in future > > > would > > > > be > > > > >>> reasonable > > > > >>> > > > > >>> As for the password, distribute it via private mail list wasn't a > > > great > > > > >>> idea,, like @zhongxiang mentioned, someone else would "steal" it, > > > > >>> especially we have discussed on dev mail list which lots of > people > > > know > > > > >> how > > > > >>> passport would be distributed. > > > > >>> > > > > >>> Best regard > > > > >>> > > > > >>> Siwen Su > > > > >>> > > > > >>> Zhongxiang Wang <wan...@apache.org> 于2020年7月30日周四 下午12:57写道: > > > > >>> > > > > >>>> Hi, > > > > >>>> 1. The current website is following the guide of podling website > > and > > > > it > > > > >>> is > > > > >>>> all right for me. > > > > >>>> 2. Sending an important private key or password on email without > > any > > > > >>>> encryption is obviously so unsafe. Some email clients don’t > > encrypt > > > > the > > > > >>>> email content by default and this may lead to a leak of content > if > > > > it’s > > > > >>>> intercepted during the transmission. So it’s better to enable > > email > > > > >>>> encryption in email client and encrypt the raw password or any > > other > > > > >>>> important information in the content of the email by some > advanced > > > > >>> patterns > > > > >>>> difficult to crack before sending to a mailing list or > elsewhere. > > > > >>>> 3. As for the early PMCs and committers, we should always keep > the > > > > >>> founder > > > > >>>> Zhifeng Lin as PMC, who is so essential to ECharts project. As I > > > know, > > > > >>> he’s > > > > >>>> been helping silently ECharts project improve and develop by his > > > > >>>> professional suggestions. > > > > >>>> > > > > >>>> Thanks, > > > > >>>> Zhongxiang Wang. > > > > >>>> > > > > >>>> On 2020/07/27 05:07:23, Ovilia <oviliazh...@gmail.com> wrote: > > > > >>>>> Hi all, > > > > >>>>> > > > > >>>>> Apache ECharts (incubating) has learned and grown a lot since > our > > > > >>>>> incubation in Jan > > > > >>>>> 2018. Now, I'm glad to call on a discussion about whether we > are > > > > >> ready > > > > >>>> for > > > > >>>>> graduation and > > > > >>>>> what remains to be done. Hopefully, after this discussion, we > can > > > set > > > > >>> the > > > > >>>>> status to be > > > > >>>>> "near graduation" in the monthly report. > > > > >>>>> > > > > >>>>> Updates since incubation: > > > > >>>>> - 2 new PPMCs (and another has completed the vote and > undergoing > > > the > > > > >>>>> process) and 7 > > > > >>>>> new committers were elected and joined the community [1] and > now > > > > >>>>> we have committers working for more than 6 different companies. > > > > >>>>> - Our mailing list [2] is very active and we have 79 people > > > > >> subscribed > > > > >>> to > > > > >>>>> it. > > > > >>>>> - Released 8 versions by 2 release managers [3]; release guide > is > > > at > > > > >>> [4] > > > > >>>>> - 73 people have contributed to the project during incubation > [9] > > > > >>>>> - Assessment of the maturity model is available at [5] > > > > >>>>> - Branding issues have been solved and name searching has been > > > > >>> completed > > > > >>>> [6] > > > > >>>>> Other things we need to discuss: > > > > >>>>> > > > > >>>>> 1. Website > > > > >>>>> We updated our Website [7] content, logo, document, and so on > > > > >> according > > > > >>>> to > > > > >>>>> Apache rules > > > > >>>>> and hopefully, it's following all requirements. You may help > > check > > > > >> the > > > > >>>>> rules [8] and discuss > > > > >>>>> the ones that you think need to change. > > > > >>>>> > > > > >>>>> 2. Sponsored CDN > > > > >>>>> We have updated the Website with a sponsored CDN to improve > speed > > > in > > > > >>>> China > > > > >>>>> and > > > > >>>>> created an account for all PPMCs. But we are not sure how we > > > > >>>>> should distribute the > > > > >>>>> password of that account? Should we send the password on the > > > private > > > > >>>>> mailing list? Is that safe enough? > > > > >>>>> Also, the releasing script in the release guide [4] depends on > > the > > > > >>>> password > > > > >>>>> of the CDN > > > > >>>>> private key. How should we distribute it? > > > > >>>>> > > > > >>>>> 3. PMCs and Committers > > > > >>>>> We have to discuss what to do with the initial PPMCs that had > no > > > > >> clear > > > > >>>>> contribution to > > > > >>>>> the project during incubation. We should decide on each of > them, > > do > > > > >> we > > > > >>>> wish > > > > >>>>> to make > > > > >>>>> him a PMC or Committer or neither. Basically, it's decided by > the > > > > >>>> project, > > > > >>>>> so please talk about how you feel about this. > > > > >>>>> a. Lin Zhifeng https://github.com/kener > > > > >>>>> b. Dong Rui https://github.com/erik168 > > > > >>>>> c. Huang Houjin https://github.com/chriswong > > > > >>>>> > > > > >>>>> > > > > >>>>> [1] https://echarts.apache.org/en/committers.html > > > > >>>>> [2] https://lists.apache.org/list.html?dev@echarts.apache.org > > > > >>>>> [3] > > https://dist.apache.org/repos/dist/release/incubator/echarts/ > > > > >>>>> [4] > > > > >>>>> > > > > >> > > > > > > > > > > https://cwiki.apache.org/confluence/display/ECHARTS/Apache+ECharts+Release+Guide > > > > >>>>> < > > > > >> > > > > > > > > > > https://cwiki.apache.org/confluence/display/ECHARTS/Apache+ECharts+Release+Guide > > > > >>>>> [5] > > > > >>>>> > > > > >> > > > > > > > > > > https://cwiki.apache.org/confluence/display/ECHARTS/Apache+Maturity+Model+Assessment+for+ECharts > > > > >>>>> [6] > https://issues.apache.org/jira/browse/PODLINGNAMESEARCH-153 > > > > >>>>> [7] http://echarts.apache.org/ > > > > >>>>> [8] https://incubator.apache.org/guides/sites.html > > > > >>>>> [9] Using `git shortlog -sn --since="20 Jan, 2018"` on the > master > > > > >>> branch > > > > >>>>> and merging > > > > >>>>> alias > > > > >>>>> > > > > >>>>> > > > > >>>>> Thanks > > > > >>>>> > > > > >>>>> *Ovilia* > > > > >>>>> > > > > >>>> > > > --------------------------------------------------------------------- > > > > >>>> To unsubscribe, e-mail: dev-unsubscr...@echarts.apache.org > > > > >>>> For additional commands, e-mail: dev-h...@echarts.apache.org > > > > >>>> > > > > >>>> > > > > -- > > > > Kevin A. McGrail > > > > kmcgr...@apache.org > > > > > > > > Member, Apache Software Foundation > > > > Chair Emeritus Apache SpamAssassin Project > > > > https://www.linkedin.com/in/kmcgrail - 703.798.0171 > > > > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: dev-unsubscr...@echarts.apache.org > > > > For additional commands, e-mail: dev-h...@echarts.apache.org > > > > > > > > > > > > > > > > -- > Yi Shen > Apache ECharts(incubating) PPMC >
