Re: Reproducibility checks

2023-12-28 Thread Matt Sicker 
I’ve been using the reproducibility check provided in the vote email, though I 
haven’t been able to reproduce a build 100% so far due to some 
dependency-convergence issues in the Cassandra plugin (go figure, complex 
dependency tree there), but I’ve mentioned something about this in the vote 
emails.
—
Matt Sicker

> On Dec 27, 2023, at 08:10, Piotr P. Karwasz  wrote:
> 
> Hi Gary,
> 
> On Wed, 27 Dec 2023 at 13:58, Gary Gregory  wrote:
>> Please include whatever instructions you want folks to run in the vote
>> email to prove reproducibility. Then at least we can agree on what it
>> means to do the reproducibility check and when it passes or fails,
>> assuming it's a binary property.
> 
> The steps to check reproducibility are in the vote e-mail:
> 
># Verify reproduciblity
>umask 0022
>unzip *-src.zip -d src
>cd src
>export 
> NEXUS_REPO=https://repository.apache.org/content/repositories/orgapachelogging-1254
>sh mvnw -Prelease verify artifact:compare -Dreference.repo=$NEXUS_REPO
> 
>> A long-standing pet peeve of mine is PMC members (in many projects,
>> I'm not singling out Log4j here) that vote on a release candidate
>> without stating _what_ they did to check the viability of said
>> release.
>> 
>> If this matters, it should be an Apache requirement, which it is not ATM 
>> AFAIK.
> 
> I agree, there should be some minimal best practices for release
> verification. If Apache Security does not want ATM to set some
> guidelines, I wouldn't mind if Apache Commons did.
> 
> BTW I cited your vote mail in this thread, mostly because you always
> describe what you are checking.
> From the votes of some PMC members it is impossible to deduce what was 
> checked.
> 
> Piotr

[VOTE] Release log4cxx 1.2.0-RC1

2023-12-28 Thread Robert Middleton 
This is a vote to release log4cxx 1.2.0-RC1.

Please download, test, and cast your votes on the log4j developers list.
[] +1, release the artifacts
[] -1, don't release because...

This vote will remain open for 72 hours(or more if required).

All votes are welcome and we encourage everyone to test the release,
but only Logging PMC votes are “officially” counted. As always, at
least 3 +1 votes and more positive than negative votes are required.

A quick changelog is below:
* Various build failures have been fixed
* Added a new Hexdump utility method to dump arbitrary memory
* Fixed a segfault when shutting down and not stopping the library
* QStrings may now be logged directly
* The main namespace is now configurable from log4cxx to any value
that is desired

Tag:
For a new copy do "git clone
https://github.com/apache/logging-log4cxx.git"; and then "git checkout
tags/v1.2.0-RC1"
For an existing working copy, do "git pull" and then "git checkout
tags/v1.2.0-RC1"

Web site: https://logging.staged.apache.org/log4cxx/latest_stable/

Distribution archives: https://dist.apache.org/repos/dist/dev/logging/log4cxx/

Building directions are on the website(under 'Development').  Note
that APR is required to build(as well as boost if your compiler does
not support C++17).

-Robert Middleton