Re: [log4j] Revamping Log4j website & manual tooling

2023-12-21 Thread Volkan Yazıcı
On Wed, Dec 20, 2023 at 10:56 PM Christian Grobmeier 
wrote:

> We = you & Piotr? I was surprised to find out you were having a meeting
> for a milestone that also included me.
>

It wasn't a meeting, but a casual unplanned brain-storming session, which
we do several times every day with Piotr. I didn't know you wanted to be
involved in every single one that touches a milestone you want to
participate in. Apparently I was wrong. I will make sure to involve you
next time in such pantry talk calls too.

I have the impression you took my proposal as the conclusive design and
worry that we would settle on a resolution you would not be comfortable
with. For one, this is *my proposal* and I share it here for a reason:
feedback. If you have different ideas or questions, this is the perfect
place to present them. Also allow me to remind that, as planned, interested
parties will have a video call for the conclusive design. Hence, nobody is
excluded and there is plenty of time and room to have influence.

No, I don't think you addressed my concerns.
> Please let me know why you re-considered, and Antora seems off the table.


I have added a "Why not Antora?" section to the proposal. Let me know if
your concerns are still not addressed.


Re: [VOTE][LAZY] Release Apache Logging Parent 10.5.0 (RC3)

2023-12-21 Thread Volkan Yazıcı
Adding my +1.

With that, the release passes with 1 binding +1 vote from me. I will
continue the release process.


On Mon, Dec 18, 2023 at 1:28 PM Volkan Yazıcı  wrote:
>
> This is a lazy-vote to release the Apache Logging Parent 10.5.0 (RC3).
>
> Website: https://logging.staged.apache.org/logging-parent
> GitHub: https://github.com/apache/logging-parent
> Commit: e4816c8c364c594359914cad808cf8fa582f1c0d
> Distribution: https://dist.apache.org/repos/dist/dev/logging/logging-parent
> Nexus: 
> https://repository.apache.org/content/repositories/orgapachelogging-1250
> Signing key: 0x077e8893a6dcc33dd4a4d5b256e73ba9a0b592d0
>
> Please download, test, and cast your votes on this mailing list.
>
> [ ] +1, release the artifacts
> [ ] -1, don't release, because...
>
> This vote is open for 72 hours and will pass unless getting a
> net negative vote count. All votes are welcome and we encourage
> everyone to test the release, but only the Logging Services PMC
> votes are officially counted.
>
> === Review kit
>
> The minimum set of steps needed to review the uploaded distribution
> files in the Subversion repository can be summarized as follows:
>
> # Check out the distribution
> svn co https://dist.apache.org/repos/... && cd $_
>
> # Verify checksums
> shasum --check *.sha512
>
> # Verify signatures
> wget -O - https://downloads.apache.org/logging/KEYS | gpg --import
> for sigFile in *.asc; do gpg --verify $sigFile; done
>
> # Verify reproduciblity
> umask 0022
> unzip *-src.zip -d src
> cd src
> export NEXUS_REPO=https://repository.apache.org/content/...
> sh mvnw -Prelease verify artifact:compare -Dreference.repo=$NEXUS_REPO
>
> === Release notes
>
> This minor release contains dependency updates and a change in the way BND is 
> employed.
>
> BND Maven Plugins are upgraded to version `7.0.0`, which requires Java 17.
> Log4j was the blocker for this upgrade and the issue is resolved in 
> apache/logging-log4j2#2021.
> Note that BND Maven Plugins version `7.0.0` increased the minimum required 
> Maven version to `3.8.1`.
>
>  Changed
>
> * Switch from `bnd:jar` to `bnd:bnd-process` to improve integration with the 
> ecosystem; IDEs, Maven plugins, etc. (#69)
> * Replace `log4j-changelog` entry type of `dependabot` updates from `changed` 
> to `updated`
> * Minimum required Maven version is increased to `3.8.1` due to BND Maven 
> Plugin updates
>
>  Updated
>
> * Update `biz.aQute.bnd:bnd-baseline-maven-plugin` to version `7.0.0` (#78)
> * Update `biz.aQute.bnd:bnd-maven-plugin` to version `7.0.0`
> * Update `com.diffplug.spotless:spotless-maven-plugin` to version `2.41.1` 
> (#70)
> * Update `com.github.spotbugs:spotbugs-annotations` to version `4.8.3` (#80)
> * Update `com.github.spotbugs:spotbugs-maven-plugin` to version `4.8.2.0` 
> (#71)
> * Update `com.palantir.javaformat:palantir-java-format` to version `2.39.0`
> * Update `org.apache:apache` to version `31` (#73)
> * Update `org.apache.logging.log4j:log4j-changelog-maven-plugin` to version 
> `0.7.0` (#84)


[ANNOUNCE] Apache Logging Parent 10.5.0 released

2023-12-21 Thread Volkan Yazıcı
Apache Logging Parent team is pleased to announce the 10.5.0
release. This project contains the parent POM for other Maven-based
Apache Logging Services projects. For further information (support,
download, etc.) see the project website[1].

[1] https://logging.apache.org/logging-parent

=== Release Notes

This minor release contains dependency updates and a change in the way
BND is employed.

BND Maven Plugins are upgraded to version `7.0.0`, which requires Java 17.
Log4j was the blocker for this upgrade and the issue is resolved in
apache/logging-log4j2#2021.
Note that BND Maven Plugins version `7.0.0` increased the minimum
required Maven version to `3.8.1`.

 Changed

* Switch from `bnd:jar` to `bnd:bnd-process` to improve integration
with the ecosystem; IDEs, Maven plugins, etc. (#69)
* Replace `log4j-changelog` entry type of `dependabot` updates from
`changed` to `updated`
* Minimum required Maven version is increased to `3.8.1` due to BND
Maven Plugin updates

 Updated

* Update `biz.aQute.bnd:bnd-baseline-maven-plugin` to version `7.0.0` (#78)
* Update `biz.aQute.bnd:bnd-maven-plugin` to version `7.0.0`
* Update `com.diffplug.spotless:spotless-maven-plugin` to version `2.41.1` (#70)
* Update `com.github.spotbugs:spotbugs-annotations` to version `4.8.3` (#80)
* Update `com.github.spotbugs:spotbugs-maven-plugin` to version `4.8.2.0` (#71)
* Update `com.palantir.javaformat:palantir-java-format` to version `2.39.0`
* Update `org.apache:apache` to version `31` (#73)
* Update `org.apache.logging.log4j:log4j-changelog-maven-plugin` to
version `0.7.0` (#84)


Re: [VOTE] Release Apache Log4j Kotlin API 1.4.0

2023-12-21 Thread Matt Sicker
Oops, thanks for the correction!

> On Dec 20, 2023, at 3:20 PM, Volkan Yazıcı  wrote:
> 
> Before Piotr and others start voting -1, let me make a correction: Nexus
> URL is incorrect. The correct one is:
> https://repository.apache.org/content/repositories/orgapachelogging-1251
> (Matt, there is a warning about this in the release instructions. 😉)
> 
> On Wed, Dec 20, 2023 at 7:08 PM Matt Sicker  wrote:
> 
>> This is a vote to release the Apache Log4j Kotlin API 1.4.0.
>> 
>> Website: https://logging.staged.apache.org/log4j/kotlin
>> GitHub: https://github.com/apache/logging-log4j-kotlin
>> Commit: ee2d4a8efa16bb2223252329531c94e98ed6d1e6
>> Distribution: https://dist.apache.org/repos/dist/dev/logging/log4j-kotlin
>> Nexus:
>> https://repository.apache.org/content/repositories/orgapachelogging-1113
>> Signing key: 0x077e8893a6dcc33dd4a4d5b256e73ba9a0b592d0
>> 
>> Please download, test, and cast your votes on this mailing list.
>> 
>> [ ] +1, release the artifacts
>> [ ] -1, don't release, because...
>> 
>> This vote is open for 72 hours and will pass unless getting a
>> net negative vote count. All votes are welcome and we encourage
>> everyone to test the release, but only the Logging Services PMC
>> votes are officially counted. At least 3 +1 votes and more
>> positive than negative votes are required.
>> 
>> === Review kit
>> 
>> The minimum set of steps needed to review the uploaded distribution
>> files in the Subversion repository can be summarized as follows:
>> 
>># Check out the distribution
>>svn co https://dist.apache.org/repos/... && cd $_
>> 
>># Verify checksums
>>shasum --check *.sha512
>> 
>># Verify signatures
>>wget -O - https://downloads.apache.org/logging/KEYS | gpg --import
>>for sigFile in *.asc; do gpg --verify $sigFile; done
>> 
>># Verify reproduciblity
>>umask 0022
>>unzip *-src.zip -d src
>>cd src
>>export NEXUS_REPO=https://repository.apache.org/content/...
>>sh mvnw -Prelease verify artifact:compare -Dreference.repo=$NEXUS_REPO
>> 
>> === Release notes
>> 
>> 
>> This minor release fixes incorrect coroutine context map and stack.
>> 
>> 
>>  Added
>> 
>> * Started generating CycloneDX SBOM with the recent update of
>> `logging-parent` to version `10.2.0`
>> 
>>  Changed
>> 
>> * Coroutine context is not cleared properly, only appended to (#54)
>> * Update `org.apache.logging:logging-parent` to version `10.2.0`
>> * Update `org.apache.logging.log4j:log4j-bom` to version `2.22.0` (#52)
>> * Update `org.apache.logging:logging-parent` to version `10.4.0` (#53)
>> * Update `org.codehaus.mojo:build-helper-maven-plugin` to version `3.5.0`
>> (#51)
>> * Update `org.codehaus.mojo:exec-maven-plugin` to version `3.1.1` (#50)
>> * Update `org.junit:junit-bom` to version `5.10.1` (#49)



Re: [VOTE] Release Apache Log4j 3.0.0-beta1 (RC2)

2023-12-21 Thread Matt Sicker
+1

I’ll note that the reproducibility check fails on log4j-bom this time, but not 
a blocker.

> On Dec 19, 2023, at 3:00 PM, Volkan Yazıcı  wrote:
> 
> This is a vote to release the Apache Log4j 3.0.0-beta1 RC2.
> 
> Website: https://logging.staged.apache.org/log4j/3.x
> GitHub: https://github.com/apache/logging-log4j2
> Commit: 416cd4dcf419b59c88054d2001d34c7fec010560
> Distribution: https://dist.apache.org/repos/dist/dev/logging/log4j
> Nexus: 
> https://repository.apache.org/content/repositories/orgapachelogging-1252
> Signing key: 0x077e8893a6dcc33dd4a4d5b256e73ba9a0b592d0
> 
> Please download, test, and cast your votes on this mailing list.
> 
> [ ] +1, release the artifacts
> [ ] -1, don't release, because...
> 
> This vote is open for 72 hours and will pass unless getting a
> net negative vote count. All votes are welcome and we encourage
> everyone to test the release, but only the Logging Services PMC
> votes are officially counted.
> 
> PLEASE USE THIS THREAD ONLY FOR VOTING +1 OR -1. IF YOU HAVE THOUGHTS,
> CONCERNS, QUESTIONS, ETC. SHARE THEM ELSEWHERE. THIS IS A BETA
> RELEASE. WE INTEND TO HAVE SEVERAL OTHER BETA RELEASES. THIS IS NOT
> THE CONCLUSIVE `3.0.0` RELEASE.
> 
> == Review Kit
> 
> The minimum set of steps needed to review the uploaded distribution
> files in the Subversion repository can be summarized as follows:
> 
># Check out the distribution
>svn co https://dist.apache.org/repos/... && cd $_
> 
># Verify checksums
>shasum --check *.sha512
> 
># Verify signatures
>wget -O - https://downloads.apache.org/logging/KEYS | gpg --import
>for sigFile in *.asc; do gpg --verify $sigFile; done
> 
># Verify reproduciblity
>umask 0022
>unzip *-src.zip -d src
>cd src
>export NEXUS_REPO=https://repository.apache.org/content/...
>sh mvnw -Prelease verify artifact:compare -Dreference.repo=$NEXUS_REPO
> 
> == Release Notes
> 
> This is the first beta release of the upcoming major release, i.e., `3.0.0`.
> 
> === Added
> 
> * Add annotations for nullability. (LOG4J2-1477)
> * Remove deprecated code. (LOG4J2-2493)
> * Add a more generalized dependency injection system to plugins
> inspired by JSR 330. (LOG4J2-2803)
> * Add and enhance structured properties for per-context settings
> outside configuration files. (LOG4J2-3299[LOG4J2-3299], #1473)
> * Automate artifact publishing and release preparation. (LOG4J2-3466)
> * Add support for dependency injection of plugins into container types
> such as `Optional`, `Collection`, `Set`, `Stream`,
> `List`, and `Map`. (LOG4J2-3496)
> * Add support for `ConstraintValidator` in plugin classes. (LOG4J2-3497)
> 
> === Changed
> 
> * Remove liquibase-log4j2 maven module (#1193)
> * Make the output of annotation processing reproducible. (#1520)
> * Replace `synchronized` blocks with locks for improved performance
> with virtual threads. (#1532)
> * Removes additional `isFiltered` checks in `AsyncLoggerConfig`. (#1550)
> * Ignore exceptions thrown by PropertySources. Eliminate
> ClassCastException when SimpleLoggerContext is used.
> (spring-projects/spring-boot#33450, #1799)
> * Update `com.lmax:disruptor` to version `4.0.0` (#1829)
> * Migrate most tests to JUnit 5. This includes a more powerful set of
> test extensions. (LOG4J2-2653)
> * Make Log4j use its own BOM. (LOG4J2-3511)
> * Change encoding of HTTP Basic Authentication to UTF-8. (#1970)
> * Upgraded the required compiler version to Java 17
> * Upgraded the required runtime version to Java 17
> * Update `actions/checkout` to version `4.1.1` (#1869)
> * Update `actions/setup-java` to version `3.13.0` (#1809)
> * Update `actions/setup-python` to version `4.7.1` (#1831)
> * Update `ch.qos.logback:logback-classic` to version `1.4.14` (#2028)
> * Update `com.datastax.cassandra:cassandra-driver-core` to version
> `3.11.5` (#1889)
> * Update `com.fasterxml.jackson:jackson-bom` to version `2.16.0` (#1974)
> * Update `com.github.luben:zstd-jni` to version `1.5.5-11` (#2032)
> * Update `com.github.spotbugs:spotbugs-maven-plugin` to version
> `4.7.3.6` (#1879)
> * Update `com.github.tomakehurst:wiremock-jre8` to version `2.35.1` (#1765)
> * Update 
> `com.google.code.java-allocation-instrumenter:java-allocation-instrumenter`
> to version `3.3.4` (#2102)
> * Update `com.google.errorprone:error_prone_core` to version `2.23.0` (#1871)
> * Update `com.google.guava:guava-testlib` to version `32.1.3-jre` (#1934)
> * Update `com.h2database:h2` to version `2.2.224` (#1917)
> * Update `commons-codec:commons-codec` to version `1.16.0` (#2054)
> * Update `commons-io:commons-io` to version `2.15.1` (#2035)
> * Update `commons-logging:commons-logging` to version `1.3.0` (#2046)
> * Update `de.flapdoodle.reverse:de.flapdoodle.reverse` to version
> `1.7.2` (#2000)
> * Update `io.netty:netty-bom` to version `4.1.104.Final` (#2097)
> * Update `net.java.dev.jna:jna` to version `5.14.0` (#2082)
> * Update `org.apache.aries.spifly:org.apache.aries.spifly.dynamic.bundle`
> to version