Re: [VOTE] Release Apache Log4net 3.0.2

2024-10-21 Thread Jan Friedrich
Hi Stephen,

thanks for your feedback.
I've incorporated it into 
https://logging.staged.apache.org/log4net/release/release-review-instructions.html

Jan

On 21 October 2024 03:08:33 CEST, Stephen Webb  wrote:
>+1
>
>I have successfully verified the release on my WIndows 11 machine.
>
>The checksums are correct, the signature is correct and the tests all passed.
>
>Suggested improvements to release instructions:
>1. Require gpg install/bin directory to be in the path. The
>GnuPG.Gpg4win installer does not add to the path.
>2. Require an svn install rather than specifically TortoiseSVN (I used SlikSvn)
>3. Specify the required working directory for the tests in the
>instructions rather than the pushd at the end of
>verify-release.ps1(The command line in verify-release.ps1
>$VersionDirectory = "$Directory/src/$(@(Get-ChildItem
>$Directory/src)[0])" does not work on my system.)
>4. Decouple release-review instructions from the product documentation
>(e.g. Use a Markdown file in Github) (I also had to work out the fix
>you put in 
>https://github.com/apache/logging-log4net/commit/2d610393b9e4b53d0c139bf60f1547af050bee29)
>
>Stephen
>
>On Sun, Oct 20, 2024 at 4:21 PM Piotr P. Karwasz
> wrote:
>>
>> Hi Jan,
>>
>> On Fri, 18 Oct 2024 at 11:24, Jan Friedrich  wrote:
>> > Website: 
>> > https://logging.staged.apache.org/log4net/release/release-notes.html 
>> > GitHub: https://github.com/apache/logging-log4net
>> > Commit: d0d9c9ba88ac29be1d3f2174e47e50939819e60d
>> > Distribution: https://dist.apache.org/repos/dist/dev/logging/log4net/3.0.2
>> > Signing key: 0x7D24496A230E29D6349A99EF583E491578F02D5D
>> > Review kit: 
>> > https://logging.apache.org/log4net/release/release-review-instructions.html
>> >
>> > Please download, test, and cast your votes on this mailing list.
>> >
>> > [ ] +1, release the artifacts
>> > [ ] -1, don't release, because ...
>>
>> +1,
>>
>> I could successfully verify the release using my Debian 12 with:
>>
>> * Mono package version 6.8.0.105+dfsg-3.3,
>> * Dotnet version 8.0.403
>>
>> I checked:
>>
>> * the hashes,
>> * the signatures,
>> * the tests.
>>
>> Piotr

Jan

[ANNOUNCE] Apache log4net 3.0.2 released

2024-10-21 Thread Jan Friedrich
Hi,

the Apache log4net team is pleased to announce the 3.0.2 release.

For further information (support, download, etc.) see
- https://logging.apache.org/log4net/release/release-notes.html
- https://github.com/apache/logging-log4net/releases/tag/rel%2F3.0.2
- https://www.nuget.org/packages/log4net/3.0.2

Jan



Re: Successor to mailing lists

2024-10-21 Thread Volkan Yazıcı
*Related:* The `board@a.o` post
 (link
requires ASF membership rights) on how OpenDAL uses GitHub Discussions for
both development and voting purposes. For example, see this vote thread
 and its mailing list
mirror .

On Thu, Oct 10, 2024 at 10:58 AM Volkan Yazıcı  wrote:

> *Abstract:* Modern email system security measures make it practically
> impossible for mailing lists to work – many subscribers don't get all
> emails. This not only hinders communication, but blocks an inclusive one. 
> *Shall
> we, as Logging Services, experiment with alternatives?*
>
> *Motivation #1: mailing lists technically don't work*
>
> Several widely-used email providers (GMail, Yahoo, iCloud, etc.) have in
> the last couple of years enabled new measures (DMARC, SPF, DKIM, etc.) to
> verify the authenticity of emails. In short, these measures enrich email
> content with checksums and signatures capturing its authenticity. When a
> mailing list system (e.g., ezmlm, mailman) receives such an email, it
> performs several changes on its content (adds information about the mailing
> list, etc.), and delivers it to all subscribers. When the mail server of a
> subscriber receives such tampered mail, and if that mail server happens to
> have earlier shared authenticity checks enabled, it discards the email, or
> at best, marks it as spam.
>
> Ralph, Matt, Piotr stated many times that they don't receive all emails.
> Ralph actually stated many ASF mailing list emails end up in his spam box
> .
> Recently we witnessed even Brian Proffitt (VP, Marketing & Publicity) suffer
> from the same problem
> . INFRA
> is crawling with related tickets: INFRA-24574
> , INFRA-24790
> , INFRA-24845
> , INFRA-24850
> , INFRA-24872
> , INFRA-25947
> , INFRA-26171
>  – there are dozens
> more.
>
> This technical difficulty is not only known to us. AFAIK, this is one of
> the main reasons PSF (Python Software Foundation) decided to switch from
> mailing lists to Discourse. Mailman documents several DMARC mitigations
> ,
> but I think these are workarounds/hacks rather than well-established
> solutions.
>
> *Motivation #2: ezmlm is dead*
>
> ezmlm, the mailing list software ASF uses, is dead – it is neither
> developed, nor maintained anymore. (Last official release was in 1997, there
> is the `ezmlm-idx` add-on, which later on became a successor
> ,
> which last produced a release in 2014, and so on. Long, dead story.) INFRA
> maintains a very big, sophisticated set of Perl rules for running ASF ezmlm
> instances. If you look closely at the INFRA tickets I cited above, some
> suggest INFRA to fork ezmlm and fix some long standing bugs, etc. We can
> discuss the possibility of migrating from ezmlm to mailman (yet another
> mailing list software, but one that is still maintained), whether such a
> migration should be practiced ASF-wide or only for Logging Services, etc.
> But eventually, we will still be using a mailing list, and as I tried to
> explain above, IMO, they just don't work good.
>
> *Proposal #1: Experimenting with GitHub Discussions*
>
> GitHub is our development bread and butter. We use its tickets, PRs,
> reviews, discussions, CI, security & code quality checks, etc. It works
> perfectly and components are integrated well, i.e., you can link issues,
> comments, PRs, CI runs, etc. Users like it too – we all witnessed the
> sudden increase in user interactions after migrating to GitHub Issues and
> Discussions. We can configure sections & categories in Discussions
> 
> to make it serve as our main communication medium. It also provides mail
> notifications and the possibility to respond to them for those who still
> prefer their email client over a browser.
>
> In short, we can quickly configure Discussions, update our support policy
> page, and start experimenting with it.
>
> One can raise the argument that what if Discussions disappear? We can
> mirror communication there to a mailing list to be on the safe side. Yet,
> we need 

[RESULT][VOTE] Release Apache Log4net 3.0.2

2024-10-21 Thread Jan Friedrich
and here is my +1.

With that the vote passed with 5 +1 votes from Davyd McColl, Gary D. Gregory, 
Piotr P. Karwasz, Stephen Webb and myself.
I will continue the release process.

Jan

Monday, October 21, 2024, 4:44:14 PM, you wrote:

> Hi Stephen,

> thanks for your feedback.
> I've incorporated it into 
> https://logging.staged.apache.org/log4net/release/release-review-instructions.html

> Jan

> On 21 October 2024 03:08:33 CEST, Stephen Webb  wrote:
>>+1
>>
>>I have successfully verified the release on my WIndows 11 machine.
>>
>>The checksums are correct, the signature is correct and the tests all passed.
>>
>>Suggested improvements to release instructions:
>>1. Require gpg install/bin directory to be in the path. The
>>GnuPG.Gpg4win installer does not add to the path.
>>2. Require an svn install rather than specifically TortoiseSVN (I used 
>>SlikSvn)
>>3. Specify the required working directory for the tests in the
>>instructions rather than the pushd at the end of
>>verify-release.ps1(The command line in verify-release.ps1
>>$VersionDirectory = "$Directory/src/$(@(Get-ChildItem
>>$Directory/src)[0])" does not work on my system.)
>>4. Decouple release-review instructions from the product documentation
>>(e.g. Use a Markdown file in Github) (I also had to work out the fix
>>you put in 
>>https://github.com/apache/logging-log4net/commit/2d610393b9e4b53d0c139bf60f1547af050bee29)
>>
>>Stephen
>>
>>On Sun, Oct 20, 2024 at 4:21 PM Piotr P. Karwasz
>> wrote:
>>>
>>> Hi Jan,
>>>
>>> On Fri, 18 Oct 2024 at 11:24, Jan Friedrich  wrote:
>>> > Website: 
>>> > https://logging.staged.apache.org/log4net/release/release-notes.html 
>>> > GitHub: https://github.com/apache/logging-log4net
>>> > Commit: d0d9c9ba88ac29be1d3f2174e47e50939819e60d
>>> > Distribution: https://dist.apache.org/repos/dist/dev/logging/log4net/3.0.2
>>> > Signing key: 0x7D24496A230E29D6349A99EF583E491578F02D5D
>>> > Review kit: 
>>> > https://logging.apache.org/log4net/release/release-review-instructions.html
>>> >
>>> > Please download, test, and cast your votes on this mailing list.
>>> >
>>> > [ ] +1, release the artifacts
>>> > [ ] -1, don't release, because ...
>>>
>>> +1,
>>>
>>> I could successfully verify the release using my Debian 12 with:
>>>
>>> * Mono package version 6.8.0.105+dfsg-3.3,
>>> * Dotnet version 8.0.403
>>>
>>> I checked:
>>>
>>> * the hashes,
>>> * the signatures,
>>> * the tests.
>>>
>>> Piotr

> Jan