>> Side note: what project owns the org.eclipse.jsr220orm
namespace?
This project (jsr220orm) was merged into the Dali project, so I
think any associated content that hasn't been migrated to Dali can
be safely archived.
Neil
On 5/31/2012 11:28 AM, Wayne Beaton wrote:
The tool isn't smart enough to detect these. Sorry, I wish it was.
That original list that I sent you is my biggest concern.
commons-fileupload.jar (No CQ found)
derby.jar
jsflibrary-api-1.1.3.*.jar (No CQ found)
org.antlr.runtime_v31_3.1.0.*.jar (No CQ found)
I'm pretty sure that we don't have any CQ (Piggyback or otherwise)
for jsflibrary-api-1.1.3.*.jar and it represents a real exposure.
I'm also not entirely sure about the ANTLR version (we have a CQ
for 3.1B1; is this the same content?) I have no idea what
derby.jar even is or what version.
There are a lot of legitmate JARs in the list. Many are for
testing. Some are just hard for the tool to sort out. It seems as
though Web Tools used to build a lot of plug-ins as directories
with the code packed up into JARs inside the directory. The tool
doesn't account for this pattern.
I've gone through the list and have been able to resolve some to
CQs. But there's a bunch that I just can't. Fortunately, I think
most of them are from the same presentation directory. Here's my
full worry list:
antlr.jar (No CQ found)
commons-beanutils.jar (No CQ found)
commons-digester.jar (No CQ found)
commons-fileupload.jar (No CQ found)
commons-logging.jar (No CQ found)
commons-validator.jar (No CQ found)
derby.jar (No CQ found)
jakarta-oro.jar (No CQ found)
jstl.jar (No CQ found)
org.antlr.runtime_v31_3.1.0.*.jar (No CQ found)
standard.jar (No CQ found)
struts.jar (No CQ found)
uddi4j.jar (No CQ found) - It looks like this is version 2.0.3 and
we don't have any CQ for that version.
jsflibrary-api-1.1.3.*.jar (No CQ found)
Side note: what project owns the org.eclipse.jsr220orm namespace?
Wayne
On 05/31/2012 10:54 AM, Chuck Bridgham wrote:
Hi Wayne,
I'm investigating some of these, and I'm not sure why it isn't
finding CQ's in some instances...
jaxrpc.jar CQ 1378
saaj.jar CQ 1379
axis-ant.jar CQ 1375
These are just a few examples... we still have some pruning to
do with our samples and demos, but maybe we do have many of
these covered?
Thanks - Chuck
Senior Architect, RAD Java EE Tools, WTP PMC Lead
IBM Software Lab - Research Triangle Park, NC
From: Wayne Beaton <wayne@xxxxxxxxxxx>
To: wtp-pmc@xxxxxxxxxxx
Date: 05/30/2012 12:28 PM
Subject: Re: [wtp-pmc] Issues with missing CQ entries...
Sent by: wtp-pmc-bounces@xxxxxxxxxxx
I made a small change that now groups JARs that might be for
testing separately. I think it prunes down the list quite
nicely. There's still more work to do.
Wayne
On 05/30/2012 12:12 AM, David M Williams wrote:
Thanks Neil ... Trying the URL with Opera worked fine, so
... not sure what's up with Firefox "sessions". But, I opened
bug
380981 and hope that bug report is helpful.
So, looking at the list, there are a few that do have CQ's ...
somewhere ... so not sure if the scanning tool doesn't
"recognize" them, or if the tool is saying a certain
sub-project doesn't have one ... if the later, for the generic
"webtools" URL, it would not be able to distinguish between
subprojects, such as there are some "incubator" things in
there (which is where, for example, the antlr jar "comes from"
and fairly sure they have a cq for it).
An example of one that seems not mapped correctly to their
corresponding CQs (by the scanning tool), I assume is.
saaj.jar (No CQ found) -->
2089
Other than that, don't think I have anything to add that's not
obvious or been said. Just the first time the whole site has
been "audited". Previously, just "releasing code" was.
Well, that, plus the tools seems to pick up a lot of noise
from test plugins. A great great many in the list, are very
plain and simply obvious jars inside of normal
(directory-form) bundles, such as
snippetstests.jar (No CQ found)
/home/data/httpd/download.eclipse.org/webtools/downloads/drops/R3.3.1/R-3.3.1-20110915193224/wtp-tests-R-3.3.1-20110915193224.zip/eclipse/plugins/org.eclipse.wst.common.snippets.tests_1.0.300.v201004110600
It appears the tool lists any jar file? Regardless of
about.html files or if in a bundle with an about.html file?
(And, I am not being critical, I am sympathetic ... I know it
is hard to make these type of scanning tools work perfectly,
but that they are very important ... I hope feature
enhancements or bugs are tracked somewhere since some of these
false-positive cases could be fixed).
Others, such as "derby.jar" in the "presentations" directory
would have to be examined in detail to see if its really
something to do with derby third party code, or if its code
that just part of a presentation on "how to use Eclipse with
Derby DB". Whew.
Good luck!
From: Neil Hauge
<neil.hauge@xxxxxxxxxx>
To: wtp-pmc@xxxxxxxxxxx ,
Date: 05/29/2012 08:46 PM
Subject: Re: [wtp-pmc] Issues with missing CQ entries...
Sent by:
wtp-pmc-bounces@xxxxxxxxxxx
This appears to be a bug of some sort. The same thing started
happening to me recently with various Eclipse reporting tools.
Wasn't sure if I was the only one. I've only had this issue in
Firefox, but it might just be a problem with the browser cache.
I've hopped over to Chrome to work around the issue a couple of
times and have had success.
Neil
On 5/29/2012 8:41 PM, David M Williams wrote:
I can access that page, itself, and I can "see" some subsets of
"webtools", like "webtools.incubator" "webtools.releng" (the few
I tried), but if I select "webtools" itself in the long list of
projects, I am asked to login again. That's what made me think
it was related to committer rights. And, I'm guessing it is the
"webtools" "container" project that has the interesting long
list of oddities.
Thanks,
From: Wayne Beaton <wayne@xxxxxxxxxxx>
To: wtp-pmc@xxxxxxxxxxx ,
Date: 05/29/2012 08:25 PM
Subject: Re: [wtp-pmc] Issues with missing CQ entries...
Sent by:
wtp-pmc-bounces@xxxxxxxxxxx
Any committer should be able to access this page. You should be
able to access it.
http://www.eclipse.org/projects/tools/downloads.php?id=webtools
Please confirm: can you access this page?
Wayne
On 05/29/2012 06:47 PM, David M Williams wrote:
I can't "see" that report ... my guess it my committer ID was
removed from the "umbrella" group, as well as the more
specific groups?
But in researching it, I discovered that we, webtools, have
the first 8 CQs ever put in the IPZilla database ... how's
that for a dubious honor? :)
While I can't see the report, I see that "webtools area" is
defined as
/home/data/httpd/download.eclipse.org/webtools/
I think in the past we've only focused on "what we release"
which would be what's under
/home/data/httpd/download.eclipse.org/webtools/downloads/drops
So, it wouldn't surprise me if there was stuff up there that
we never really 'released' and was put up there before "we"
knew what we were doing [such as for the tutorials, tests,
build tools, etc.] But, agree with Wayne (Wayne is always
right, correct? :) that "anything on downloads" should be IP
Clean ... and we've just never scrubed it ourselves, but
sounds like Wayne is now.
Without seeing the list, hard to know what to recommend ... if
to "get rid" of some of the old stuff (leaving a polite
webpage in its place, explaining it was removed due to age) or
to push ahead and get CQ clearance (eventually) even though
its not stuff we "release".I'd lean toward the former, but ...
without seeing the list, I would not follow my advice :/
Naci might know about some of the tutorials/education material
and if any of that is still useful/valid?
From: Chuck Bridgham/Raleigh/IBM@IBMUS
To: wtp-pmc@xxxxxxxxxxx ,
Date: 05/29/2012 02:29 PM
Subject: [wtp-pmc] Issues with missing CQ entries...
Sent by:
wtp-pmc-bounces@xxxxxxxxxxx
Hi everyone,
Wayne emailed me earlier today as he was browsing through our IP
log submission, and discovered potentially a large amount of
third party libraries that are not tied to CQ's.
If you follow this link:
http://www.eclipse.org/projects/tools/downloads.php?id=webtools
Along with the large amount of test or sample files that are
included in our junits or documentation, we also have many files
that may need attention (axis, ant, commons, derby, jsr*, wsdl,
etc...)
I'm going to send a note today for everyone to take a second
look at this particular report.
David - Since most of these "problems" are ancient file
references, Is this a case of missing CQ entries? do we simply
need to map them somehow?
Thanks - Chuck
Senior Architect, RAD Java EE Tools, WTP PMC Lead
IBM Software Lab - Research Triangle Park, NC
_______________________________________________
wtp-pmc mailing list
wtp-pmc@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/wtp-pmc
_______________________________________________
wtp-pmc mailing list
wtp-pmc@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/wtp-pmc
--
Wayne Beaton
The Eclipse Foundation
Twitter: @waynebeaton
Explore Eclipse Projects
_______________________________________________
wtp-pmc mailing list
wtp-pmc@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/wtp-pmc
_______________________________________________
wtp-pmc mailing list
wtp-pmc@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/wtp-pmc
_______________________________________________
wtp-pmc mailing list
wtp-pmc@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/wtp-pmc
_______________________________________________
wtp-pmc mailing list
wtp-pmc@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/wtp-pmc
--
Wayne Beaton
The Eclipse Foundation
Twitter: @waynebeaton
Explore Eclipse Projects
_______________________________________________
wtp-pmc mailing list
wtp-pmc@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/wtp-pmc
--
Wayne Beaton
The Eclipse Foundation
Twitter: @waynebeaton
Explore Eclipse Projects
_______________________________________________
wtp-pmc mailing list
wtp-pmc@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/wtp-pmc
|