[VOTE] Release Apache Log4j Tools 0.1.0
The Apache Log4j Tools 0.1.0 release is now available for voting. The 0.1.0 version is the very first release of this relatively old repository, which is repurposed for `log4j-changelog`, Log4j's `maven-changes-plugin` successor. This enables us to build the Log4j website (incl. manual) in less than 30 seconds and use multiple issue trackers, e.g., JIRA and GitHub Issues. All these Log4j improvements are already submitted as PRs against the `release-2.x` branch and waiting for this `log4j-tools` release. `log4j-changelog` README: https://github.com/apache/logging-log4j-tools/blob/master/log4j-changelog/README.adoc This release also constitutes another milestone in the history of ASF: *the very first release signed and deployed via CI.* Source repository: https://github.com/apache/logging-log4j-tools Branch: release/0.1.0 Commit: e82a44142280d013bd76ea18951fde00dcee192b CI run: https://github.com/apache/logging-log4j-tools/actions/runs/3882476949 Artifacts: https://dist.apache.org/repos/dist/dev/logging/log4j/ Nexus repository: https://repository.apache.org/content/repositories/orgapachelogging-1096 Signing key: https://keyserver.ubuntu.com/pks/lookup?search=077e8893a6dcc33dd4a4d5b256e73ba9a0b592d0&fingerprint=on&op=index Please download, test, and cast your votes on the Log4j developers list. [ ] +1, release the artifacts [ ] -1, don't release, because... The vote will remain open for 24 hours (or more if required). All votes are welcome and we encourage everyone to test the release, but only the Logging Services PMC votes are officially counted. At least 3 +1 votes and more positive than negative votes are required.
Re: [VOTE] Release Apache Log4j Tools 0.1.0
Curious: In the "classic" changelog, we use "add", "fix", and so on, simple enough. Here, we use the past tense "added", and so on, except that we don't use "secured", we use "security", an odd inconsistency I guess. Any reason for that? FWIW, I like the simpler shorter words "add" and so on. Gary On Tue, Jan 10, 2023, 05:55 Volkan Yazıcı wrote: > The Apache Log4j Tools 0.1.0 release is now available for voting. > > The 0.1.0 version is the very first release of this relatively old > repository, which is repurposed for `log4j-changelog`, Log4j's > `maven-changes-plugin` successor. This enables us to build the Log4j > website (incl. manual) in less than 30 seconds and use multiple issue > trackers, e.g., JIRA and GitHub Issues. All these Log4j improvements > are already submitted as PRs against the `release-2.x` branch and > waiting for this `log4j-tools` release. > > `log4j-changelog` README: > > https://github.com/apache/logging-log4j-tools/blob/master/log4j-changelog/README.adoc > > This release also constitutes another milestone in the history of ASF: > *the very first release signed and deployed via CI.* > > Source repository: https://github.com/apache/logging-log4j-tools > Branch: release/0.1.0 > Commit: e82a44142280d013bd76ea18951fde00dcee192b > CI run: > https://github.com/apache/logging-log4j-tools/actions/runs/3882476949 > Artifacts: https://dist.apache.org/repos/dist/dev/logging/log4j/ > Nexus repository: > https://repository.apache.org/content/repositories/orgapachelogging-1096 > Signing key: > https://keyserver.ubuntu.com/pks/lookup?search=077e8893a6dcc33dd4a4d5b256e73ba9a0b592d0&fingerprint=on&op=index > > Please download, test, and cast your votes on the Log4j developers list. > > [ ] +1, release the artifacts > [ ] -1, don't release, because... > > The vote will remain open for 24 hours (or more if required). All > votes are welcome and we encourage everyone to test the release, but > only the Logging Services PMC votes are officially counted. At least 3 > +1 votes and more positive than negative votes are required. >
Re: [VOTE] Release Apache Log4j Tools 0.1.0
The rationale was explained in the `log4j-changelog` README: https://github.com/apache/logging-log4j-tools/blob/master/log4j-changelog/README.adoc In a nutshell, we stick to the https://keepachangelog.com/en/1.0.0/ specification. I share the same grammatical concern, yet, it might be better to stick to some form of standard. On Tue, Jan 10, 2023 at 12:51 PM Gary Gregory wrote: > > Curious: > > In the "classic" changelog, we use "add", "fix", and so on, simple enough. > Here, we use the past tense "added", and so on, except that we don't use > "secured", we use "security", an odd inconsistency I guess. Any reason for > that? > > FWIW, I like the simpler shorter words "add" and so on. > > Gary > > On Tue, Jan 10, 2023, 05:55 Volkan Yazıcı wrote: > > > The Apache Log4j Tools 0.1.0 release is now available for voting. > > > > The 0.1.0 version is the very first release of this relatively old > > repository, which is repurposed for `log4j-changelog`, Log4j's > > `maven-changes-plugin` successor. This enables us to build the Log4j > > website (incl. manual) in less than 30 seconds and use multiple issue > > trackers, e.g., JIRA and GitHub Issues. All these Log4j improvements > > are already submitted as PRs against the `release-2.x` branch and > > waiting for this `log4j-tools` release. > > > > `log4j-changelog` README: > > > > https://github.com/apache/logging-log4j-tools/blob/master/log4j-changelog/README.adoc > > > > This release also constitutes another milestone in the history of ASF: > > *the very first release signed and deployed via CI.* > > > > Source repository: https://github.com/apache/logging-log4j-tools > > Branch: release/0.1.0 > > Commit: e82a44142280d013bd76ea18951fde00dcee192b > > CI run: > > https://github.com/apache/logging-log4j-tools/actions/runs/3882476949 > > Artifacts: https://dist.apache.org/repos/dist/dev/logging/log4j/ > > Nexus repository: > > https://repository.apache.org/content/repositories/orgapachelogging-1096 > > Signing key: > > https://keyserver.ubuntu.com/pks/lookup?search=077e8893a6dcc33dd4a4d5b256e73ba9a0b592d0&fingerprint=on&op=index > > > > Please download, test, and cast your votes on the Log4j developers list. > > > > [ ] +1, release the artifacts > > [ ] -1, don't release, because... > > > > The vote will remain open for 24 hours (or more if required). All > > votes are welcome and we encourage everyone to test the release, but > > only the Logging Services PMC votes are officially counted. At least 3 > > +1 votes and more positive than negative votes are required. > >
Re: [VOTE] Release Apache Log4j Tools 0.1.0
Ah, I see, the author of https://keepachangelog.com/en/1.0.0/ is not a native English speaker, and shares the same French background as I do, maybe it explains it, regardless, if that's what we want to do, so be it. Gary On Tue, Jan 10, 2023, 07:05 Volkan Yazıcı wrote: > The rationale was explained in the `log4j-changelog` README: > > https://github.com/apache/logging-log4j-tools/blob/master/log4j-changelog/README.adoc > In a nutshell, we stick to the https://keepachangelog.com/en/1.0.0/ > specification. > > I share the same grammatical concern, yet, it might be better to stick > to some form of standard. > > On Tue, Jan 10, 2023 at 12:51 PM Gary Gregory > wrote: > > > > Curious: > > > > In the "classic" changelog, we use "add", "fix", and so on, simple > enough. > > Here, we use the past tense "added", and so on, except that we don't use > > "secured", we use "security", an odd inconsistency I guess. Any reason > for > > that? > > > > FWIW, I like the simpler shorter words "add" and so on. > > > > Gary > > > > On Tue, Jan 10, 2023, 05:55 Volkan Yazıcı wrote: > > > > > The Apache Log4j Tools 0.1.0 release is now available for voting. > > > > > > The 0.1.0 version is the very first release of this relatively old > > > repository, which is repurposed for `log4j-changelog`, Log4j's > > > `maven-changes-plugin` successor. This enables us to build the Log4j > > > website (incl. manual) in less than 30 seconds and use multiple issue > > > trackers, e.g., JIRA and GitHub Issues. All these Log4j improvements > > > are already submitted as PRs against the `release-2.x` branch and > > > waiting for this `log4j-tools` release. > > > > > > `log4j-changelog` README: > > > > > > > https://github.com/apache/logging-log4j-tools/blob/master/log4j-changelog/README.adoc > > > > > > This release also constitutes another milestone in the history of ASF: > > > *the very first release signed and deployed via CI.* > > > > > > Source repository: https://github.com/apache/logging-log4j-tools > > > Branch: release/0.1.0 > > > Commit: e82a44142280d013bd76ea18951fde00dcee192b > > > CI run: > > > https://github.com/apache/logging-log4j-tools/actions/runs/3882476949 > > > Artifacts: https://dist.apache.org/repos/dist/dev/logging/log4j/ > > > Nexus repository: > > > > https://repository.apache.org/content/repositories/orgapachelogging-1096 > > > Signing key: > > > > https://keyserver.ubuntu.com/pks/lookup?search=077e8893a6dcc33dd4a4d5b256e73ba9a0b592d0&fingerprint=on&op=index > > > > > > Please download, test, and cast your votes on the Log4j developers > list. > > > > > > [ ] +1, release the artifacts > > > [ ] -1, don't release, because... > > > > > > The vote will remain open for 24 hours (or more if required). All > > > votes are welcome and we encourage everyone to test the release, but > > > only the Logging Services PMC votes are officially counted. At least 3 > > > +1 votes and more positive than negative votes are required. > > > >
[Discuss][VOTE] Release Apache Log4j Tools 0.1.0
Why are we changing to follow a spec we have never used before? I have concerns about “security” as a type. Unless we are going to support multiple types this doesn’t make a lot of sense to me as generally these fixes will be bugs. And rather than have a type of “security” I would prefer that instead a new attribute named “cve” be added where we can add the CVE number when there is one. I guess you have already converted 2000 changeling entries so I guess I am not going to push to have them be changed to match changes.xml (and I should have noticed that earlier). But I would like a follow-on release to enhance it wrt the security type. Ralph > On Jan 10, 2023, at 5:06 AM, Volkan Yazıcı wrote: > > The rationale was explained in the `log4j-changelog` README: > https://github.com/apache/logging-log4j-tools/blob/master/log4j-changelog/README.adoc > In a nutshell, we stick to the https://keepachangelog.com/en/1.0.0/ > specification. > > I share the same grammatical concern, yet, it might be better to stick > to some form of standard. > > On Tue, Jan 10, 2023 at 12:51 PM Gary Gregory wrote: >> >> Curious: >> >> In the "classic" changelog, we use "add", "fix", and so on, simple enough. >> Here, we use the past tense "added", and so on, except that we don't use >> "secured", we use "security", an odd inconsistency I guess. Any reason for >> that? >> >> FWIW, I like the simpler shorter words "add" and so on. >> >> Gary >> >> On Tue, Jan 10, 2023, 05:55 Volkan Yazıcı wrote: >> >>> The Apache Log4j Tools 0.1.0 release is now available for voting. >>> >>> The 0.1.0 version is the very first release of this relatively old >>> repository, which is repurposed for `log4j-changelog`, Log4j's >>> `maven-changes-plugin` successor. This enables us to build the Log4j >>> website (incl. manual) in less than 30 seconds and use multiple issue >>> trackers, e.g., JIRA and GitHub Issues. All these Log4j improvements >>> are already submitted as PRs against the `release-2.x` branch and >>> waiting for this `log4j-tools` release. >>> >>> `log4j-changelog` README: >>> >>> https://github.com/apache/logging-log4j-tools/blob/master/log4j-changelog/README.adoc >>> >>> This release also constitutes another milestone in the history of ASF: >>> *the very first release signed and deployed via CI.* >>> >>> Source repository: https://github.com/apache/logging-log4j-tools >>> Branch: release/0.1.0 >>> Commit: e82a44142280d013bd76ea18951fde00dcee192b >>> CI run: >>> https://github.com/apache/logging-log4j-tools/actions/runs/3882476949 >>> Artifacts: https://dist.apache.org/repos/dist/dev/logging/log4j/ >>> Nexus repository: >>> https://repository.apache.org/content/repositories/orgapachelogging-1096 >>> Signing key: >>> https://keyserver.ubuntu.com/pks/lookup?search=077e8893a6dcc33dd4a4d5b256e73ba9a0b592d0&fingerprint=on&op=index >>> >>> Please download, test, and cast your votes on the Log4j developers list. >>> >>> [ ] +1, release the artifacts >>> [ ] -1, don't release, because... >>> >>> The vote will remain open for 24 hours (or more if required). All >>> votes are welcome and we encourage everyone to test the release, but >>> only the Logging Services PMC votes are officially counted. At least 3 >>> +1 votes and more positive than negative votes are required. >>>
Re: [VOTE] Release Apache Log4j Tools 0.1.0
Hi Volkan, On Tue, 10 Jan 2023 at 11:54, Volkan Yazıcı wrote: > Nexus repository: > https://repository.apache.org/content/repositories/orgapachelogging-1096 > Signing key: > https://keyserver.ubuntu.com/pks/lookup?search=077e8893a6dcc33dd4a4d5b256e73ba9a0b592d0&fingerprint=on&op=index The hashes are identical as the ones I compiled locally: +1
