+1
Verified signature and checksum. Also verified the Maven plugins work with
Log4j 2.
One note however, is that the signing key used has not has note been signed by
any of us so isn’t exactly trustworthy. We all should sign the key.
Ralph
> On Jan 31, 2023, at 10:19 AM, Volkan Yazıcı wrote
I like to follow the notifications lists because that’s where I can see code
changes committed, PRs opened, issues opened, etc. However, Dependabot spam
makes it nearly impossible to find. There was a recent update to the .asf.yaml
config features that allow customizing where Dependabot shit goe
