A question to Java experts
Hello everyone, I am seeking input from the community as we start to wrap up our investigation on open-source software in Java and Python. I am copying John L and Marc B, as I am aware they might have ideas on this matter, but this is a call to all experts. Question: When we consider libraries *directly* related to UA within the Java context, is it correct to say that these are the most relevant ones? *icu4j, commons-validator, ***libidn (deprecated, for older software only) ** Here we exclude considerations such as whether a popular set of libraries like Guava can handle IDNs (which I think is usually handled by the InternetDomainName class, which needs a ToASCII transformation before it can process them properly. Marc B's tests show 14 working test cases out of 18, but I dunno what under configuration). If those are not the only very relevant libraries, what others should be considered? Best regards, -- Mark W. Datysgeld from Governance Primer [www.markwd.website] ICANN GNSO Councilor
On 2 Dec 2020, at 15:50, Mark Datysgeld wrote:
Hello everyone,
I am seeking input from the community as we start to wrap up our investigation on open-source software in Java and Python.
can you tell me what you are investigating? what is your goal? what are you looking for? That would help me understand and then better answer your questions. Marc.
I am copying John L and Marc B, as I am aware they might have ideas on this matter, but this is a call to all experts.
Question:
When we consider libraries *directly* related to UA within the Java context, is it correct to say that these are the most relevant ones?
*icu4j, commons-validator, ***libidn (deprecated, for older software only) **
Here we exclude considerations such as whether a popular set of libraries like Guava can handle IDNs (which I think is usually handled by the InternetDomainName class, which needs a ToASCII transformation before it can process them properly. Marc B's tests show 14 working test cases out of 18, but I dunno what under configuration).
If those are not the only very relevant libraries, what others should be considered?
Best regards,
-- Mark W. Datysgeld from Governance Primer [www.markwd.website] ICANN GNSO Councilor
Thank you for the prompt answer. We are wrapping up "UA-Readiness of Open-Source Code (Pilot) " drafted more than a year ago in WG-Measurement. We took a huge beating from the Github API, but we finally have all the dependencies data from Maven and PIP Python. The SOW contains a table that, as far as I remember, was proposed by you. It goes like this: *Table 2*: Issue and Solution Matrix *possible cases for apps to use well-known libs for UA* *Possible conclusion* *Next possible steps* app do not have any signature of a UA lib most likely not supporting UA (because UA is difficult). it may be possible that they develop their own code, but most likely not. ask maintainers if they are aware of UA? app does have a signature of using a well-known old (for example idna2003) UA lib most likely not supporting UA, since the library they are using is not supporting UA properly tell maintainers to use a better lib app does have a signature of using a known (good) UA lib most likely supporting UA, but they may use it wrongly. if we have time, test it? or read the code? For Python this is more clear-cut, but since Java absorbed libidn, I am left wondering what good examples of "app do not have any signature of a *UA lib*" could be other than those 3 I listed. Please tell me if this is clearer or if I should explain further. Best, On 12/02/2020 17:55, Marc Blanchet wrote:
On 2 Dec 2020, at 15:50, Mark Datysgeld wrote:
Hello everyone,
I am seeking input from the community as we start to wrap up our investigation on open-source software in Java and Python.
can you tell me what you are investigating? what is your goal? what are you looking for?
That would help me understand and then better answer your questions.
Marc.
I am copying John L and Marc B, as I am aware they might have ideas on this matter, but this is a call to all experts.
Question:
When we consider libraries *directly* related to UA within the Java context, is it correct to say that these are the most relevant ones?
*icu4j, commons-validator, ***libidn (deprecated, for older software only) **
Here we exclude considerations such as whether a popular set of libraries like Guava can handle IDNs (which I think is usually handled by the InternetDomainName class, which needs a ToASCII transformation before it can process them properly. Marc B's tests show 14 working test cases out of 18, but I dunno what under configuration).
If those are not the only very relevant libraries, what others should be considered?
Best regards,
-- Mark W. Datysgeld from Governance Primer [www.markwd.website] ICANN GNSO Councilor
-- Mark W. Datysgeld from Governance Primer [www.markwd.website] ICANN GNSO Councilor
I guess I was "just" missing /validation-api/ on that list, huh. I am still thinking of things like whether hibernate-validation counts (as it use an internal RegEx, of the exact kind we know not to work, but it could be customized to work better I guess). On 12/02/2020 18:02, Mark Datysgeld wrote:
Thank you for the prompt answer.
We are wrapping up "UA-Readiness of Open-Source Code (Pilot) " drafted more than a year ago in WG-Measurement. We took a huge beating from the Github API, but we finally have all the dependencies data from Maven and PIP Python.
The SOW contains a table that, as far as I remember, was proposed by you. It goes like this:
*Table 2*: Issue and Solution Matrix
*possible cases for apps to use well-known libs for UA*
*Possible conclusion*
*Next possible steps*
app do not have any signature of a UA lib
most likely not supporting UA (because UA is difficult). it may be possible that they develop their own code, but most likely not.
ask maintainers if they are aware of UA?
app does have a signature of using a well-known old (for example idna2003) UA lib
most likely not supporting UA, since the library they are using is not supporting UA properly
tell maintainers to use a better lib
app does have a signature of using a known (good) UA lib
most likely supporting UA, but they may use it wrongly.
if we have time, test it? or read the code?
For Python this is more clear-cut, but since Java absorbed libidn, I am left wondering what good examples of "app do not have any signature of a *UA lib*" could be other than those 3 I listed.
Please tell me if this is clearer or if I should explain further.
Best,
On 12/02/2020 17:55, Marc Blanchet wrote:
On 2 Dec 2020, at 15:50, Mark Datysgeld wrote:
Hello everyone,
I am seeking input from the community as we start to wrap up our investigation on open-source software in Java and Python.
can you tell me what you are investigating? what is your goal? what are you looking for?
That would help me understand and then better answer your questions.
Marc.
I am copying John L and Marc B, as I am aware they might have ideas on this matter, but this is a call to all experts.
Question:
When we consider libraries *directly* related to UA within the Java context, is it correct to say that these are the most relevant ones?
*icu4j, commons-validator, ***libidn (deprecated, for older software only) **
Here we exclude considerations such as whether a popular set of libraries like Guava can handle IDNs (which I think is usually handled by the InternetDomainName class, which needs a ToASCII transformation before it can process them properly. Marc B's tests show 14 working test cases out of 18, but I dunno what under configuration).
If those are not the only very relevant libraries, what others should be considered?
Best regards,
-- Mark W. Datysgeld from Governance Primer [www.markwd.website] ICANN GNSO Councilor
-- Mark W. Datysgeld from Governance Primer [www.markwd.website] ICANN GNSO Councilor
-- Mark W. Datysgeld from Governance Primer [www.markwd.website] ICANN GNSO Councilor
I’ll suggest you look at our report UASG-18a with our latest tests on java libs. There you can see a list of libs that are related and would have their signature in any java app. Regards, Marc. On 4 Dec 2020, at 19:05, Mark Datysgeld wrote:
I guess I was "just" missing /validation-api/ on that list, huh. I am still thinking of things like whether hibernate-validation counts (as it use an internal RegEx, of the exact kind we know not to work, but it could be customized to work better I guess).
On 12/02/2020 18:02, Mark Datysgeld wrote:
Thank you for the prompt answer.
We are wrapping up "UA-Readiness of Open-Source Code (Pilot) " drafted more than a year ago in WG-Measurement. We took a huge beating from the Github API, but we finally have all the dependencies data from Maven and PIP Python.
The SOW contains a table that, as far as I remember, was proposed by you. It goes like this:
*Table 2*: Issue and Solution Matrix
*possible cases for apps to use well-known libs for UA*
*Possible conclusion*
*Next possible steps*
app do not have any signature of a UA lib
most likely not supporting UA (because UA is difficult). it may be possible that they develop their own code, but most likely not.
ask maintainers if they are aware of UA?
app does have a signature of using a well-known old (for example idna2003) UA lib
most likely not supporting UA, since the library they are using is not supporting UA properly
tell maintainers to use a better lib
app does have a signature of using a known (good) UA lib
most likely supporting UA, but they may use it wrongly.
if we have time, test it? or read the code?
For Python this is more clear-cut, but since Java absorbed libidn, I am left wondering what good examples of "app do not have any signature of a *UA lib*" could be other than those 3 I listed.
Please tell me if this is clearer or if I should explain further.
Best,
On 12/02/2020 17:55, Marc Blanchet wrote:
On 2 Dec 2020, at 15:50, Mark Datysgeld wrote:
Hello everyone,
I am seeking input from the community as we start to wrap up our investigation on open-source software in Java and Python.
can you tell me what you are investigating? what is your goal? what are you looking for?
That would help me understand and then better answer your questions.
Marc.
I am copying John L and Marc B, as I am aware they might have ideas on this matter, but this is a call to all experts.
Question:
When we consider libraries *directly* related to UA within the Java context, is it correct to say that these are the most relevant ones?
*icu4j, commons-validator, ***libidn (deprecated, for older software only) **
Here we exclude considerations such as whether a popular set of libraries like Guava can handle IDNs (which I think is usually handled by the InternetDomainName class, which needs a ToASCII transformation before it can process them properly. Marc B's tests show 14 working test cases out of 18, but I dunno what under configuration).
If those are not the only very relevant libraries, what others should be considered?
Best regards,
-- Mark W. Datysgeld from Governance Primer [www.markwd.website] ICANN GNSO Councilor
-- Mark W. Datysgeld from Governance Primer [www.markwd.website] ICANN GNSO Councilor
-- Mark W. Datysgeld from Governance Primer [www.markwd.website] ICANN GNSO Councilor
participants (2)
-
Marc Blanchet -
Mark Datysgeld