[UA-discuss] A question to Java experts
Mark Datysgeld
mark at governanceprimer.com
Sat Dec 5 00:05:04 UTC 2020
I guess I was "just" missing /validation-api/ on that list, huh. I am
still thinking of things like whether hibernate-validation counts (as it
use an internal RegEx, of the exact kind we know not to work, but it
could be customized to work better I guess).
On 12/02/2020 18:02, Mark Datysgeld wrote:
>
> Thank you for the prompt answer.
>
> We are wrapping up "UA-Readiness of Open-Source Code (Pilot) " drafted
> more than a year ago in WG-Measurement. We took a huge beating from
> the Github API, but we finally have all the dependencies data from
> Maven and PIP Python.
>
> The SOW contains a table that, as far as I remember, was proposed by
> you. It goes like this:
>
> *Table 2*: Issue and Solution Matrix
>
> *possible cases for apps to use well-known libs for UA*
>
>
>
> *Possible conclusion*
>
>
>
> *Next possible steps*
>
> app do not have any signature of a UA lib
>
>
>
> most likely not supporting UA (because UA is difficult). it may be
> possible that they develop their own code, but most likely not.
>
>
>
> ask maintainers if they are aware of UA?
>
> app does have a signature of using a well-known old (for example
> idna2003) UA lib
>
>
>
> most likely not supporting UA, since the library they are using is not
> supporting UA properly
>
>
>
> tell maintainers to use a better lib
>
> app does have a signature of using a known (good) UA lib
>
>
>
> most likely supporting UA, but they may use it wrongly.
>
>
>
> if we have time, test it? or read the code?
>
> For Python this is more clear-cut, but since Java absorbed libidn, I
> am left wondering what good examples of "app do not have any signature
> of a *UA lib*" could be other than those 3 I listed.
>
> Please tell me if this is clearer or if I should explain further.
>
> Best,
>
> On 12/02/2020 17:55, Marc Blanchet wrote:
>> On 2 Dec 2020, at 15:50, Mark Datysgeld wrote:
>>
>>> Hello everyone,
>>>
>>> I am seeking input from the community as we start to wrap up our
>>> investigation on open-source software in Java and Python.
>>
>> can you tell me what you are investigating? what is your goal? what
>> are you looking for?
>>
>> That would help me understand and then better answer your questions.
>>
>> Marc.
>>
>>> I am copying John L and Marc B, as I am aware they might have ideas
>>> on this matter, but this is a call to all experts.
>>>
>>> Question:
>>>
>>> When we consider libraries *directly* related to UA within the Java
>>> context, is it correct to say that these are the most relevant ones?
>>>
>>> *icu4j, commons-validator, ***libidn (deprecated, for older software
>>> only)
>>> **
>>>
>>> Here we exclude considerations such as whether a popular set of
>>> libraries like Guava can handle IDNs (which I think is usually
>>> handled by the InternetDomainName class, which needs a ToASCII
>>> transformation before it can process them properly. Marc B's tests
>>> show 14 working test cases out of 18, but I dunno what under
>>> configuration).
>>>
>>> If those are not the only very relevant libraries, what others
>>> should be considered?
>>
>>>
>>> Best regards,
>>>
>>>
>>> --
>>> Mark W. Datysgeld from Governance Primer [www.markwd.website]
>>> ICANN GNSO Councilor
>>
>>
> --
> Mark W. Datysgeld from Governance Primer [www.markwd.website]
> ICANN GNSO Councilor
--
Mark W. Datysgeld from Governance Primer [www.markwd.website]
ICANN GNSO Councilor
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ua-discuss/attachments/20201204/870f9cb9/attachment.html>
More information about the UA-discuss
mailing list