One issue I found in one of the artifacts that I can address before uploading since it wasn't signed is the binaries zip is missing the LICENSE file. I'm not sure if there's a standard way to include that in the nupkg file, but I did see that in its metadata, it explicitly says the code is Apache2 licensed at least.
On Sun, 16 Aug 2020 at 13:03, Matt Sicker <boa...@gmail.com> wrote: > > I'll sign and publish the artifacts today. > > On Mon, 3 Aug 2020 at 17:43, Ralph Goers <ralph.go...@dslextreme.com> wrote: > > > > Thanks Remko. That makes 3 +1 votes from PMC members. > > > > Ralph > > > > > On Aug 3, 2020, at 2:12 PM, Remko Popma <remko.po...@gmail.com> wrote: > > > > > > +1 Remko. > > > > > > On Tue, Aug 4, 2020 at 1:04 AM Matt Sicker <boa...@gmail.com> wrote: > > > > > >> +1 from me. We can handle the release signing afterwards as Ralph > > >> suggests. > > >> > > >> On Mon, 3 Aug 2020 at 10:30, Ralph Goers <ralph.go...@dslextreme.com> > > >> wrote: > > >>> > > >>> Can other PMC members please review this? It has been more than 72 > > >> hours. > > >>> > > >>> Ralph > > >>> > > >>>> On Jul 30, 2020, at 11:17 PM, Davyd McColl <davyd.mcc...@codeo.co.za> > > >> wrote: > > >>>> > > >>>> Hi all, I've never done this before, so bear with me if I fluff it: > > >>>> > > >>>> This is a proposed vote to release log4net 2.0.9 from PR > > >> https://github.com/apache/logging-log4net/pull/61 > > >>>> > > >>>> Release artifacts (including source zip) are at: > > >> https://ci.appveyor.com/project/fluffynuts/logging-log4net/builds/34063235/artifacts > > >>>> Source can be checked out from > > >> https://github.com/fluffynuts/logging-log4net/logging-log4net, tag rel/ > > >> 2.0.9. I can't push tags to the upstream, but this tag is exactly the > > >> same commit as the last in the PR mentioned above, which was accepted > > >> into > > >> master a few days ago. > > >>>> > > >>>> Please check out the artifacts & if everyone is ok with what's there, > > >> please can someone with the rights to publish to nuget do so. > > >>>> > > >>>> Once I've seen how this process works, I'd like to tackle the CVE that > > >> has been brought up on this list more than once -- it's a simple change > > >> which was already committed to the develop branch some time ago, so there > > >> are a couple of options here: > > >>>> 1. cherry-pick that commit & do a 2.0.10 release pronto, with only > > >> that change > > >>>> 2. trawl the develop branch to see what else was already solved in > > >> there, and get that out as 2.0.10, and perhaps close out that branch to > > >> avoid future confusion. > > >>>> > > >>>> Thanks for your time > > >>>> -d > > >>> > > >>> > > >> > > >> > > >> -- > > >> Matt Sicker <boa...@gmail.com> > > >> > > > > > > > -- > Matt Sicker <boa...@gmail.com> -- Matt Sicker <boa...@gmail.com>
