Typically means to enable GitHub Issues, disable Jira (I think), and update any
issue tracker links to point to GHI.
> On Sep 20, 2023, at 1:12 PM, Christian Grobmeier wrote:
>
> Hi
>
> we have last commits in 2022, so there was at least a little activity.
> I would guess we should open "issu
Hi
we have last commits in 2022, so there was at least a little activity.
I would guess we should open "issues" for Chainsaw, and add a note on the
website saying "We need help".
If we don't see new people stepping up, we can still do something and announce
EOL.
On Tue, Sep 19, 2023, at 20:45
On Tue, Sep 19, 2023, at 20:52, Vladimir Sitnikov wrote:
>> Scott, could you (or anybody else) spare time to perform the following
>> maintenance tasks?
>
> I don't use chainsaw personally, however, I am afraid I might run into
> a project that does, so I would prefer to keep docs afloat.
>
> Vol
On Tue, Sep 19, 2023, at 20:47, Vladimir Sitnikov wrote:
> I truly do not understand why PMC suggests "all or nothing". Either
> "chainsaw must be fully maintained" or "it must be nuked right away
> from the website".
I think this was not proposed. If we archive a project, we'd move it to a
dor
I think I was the last person to perform a release of Chainsaw. The release
process I followed was the same one used for Log4j2, Log4j Kotlin, etc., as
documented in Confluence. The main thing I was unable to do, though, was make
binaries besides regular jar files. To publish binaries for Window
Ralph,
I didn't misunderstand.
Scott
On Tue, Sep 19, 2023, 12:30 PM Ralph Goers
wrote:
> Scott,
>
> I think you misunderstood. I wasn’t referring to any CVEs in Chainsaw code
> but in dependencies Chainsaw uses. Users expect dependencies to be updated
> periodically so that they can build a pr
Scott,
I think you misunderstood. I wasn’t referring to any CVEs in Chainsaw code but
in dependencies Chainsaw uses. Users expect dependencies to be updated
periodically so that they can build a project that passes all their security
scans.
Ralph
> On Sep 19, 2023, at 11:26 AM, Scott Deboy
The website should simply be moved to the 'dormant projects' section of the
logging website: https://logging.apache.org/dormant.html
I am +1 on archiving. The current state of master is 'mostly working' at
this point, I have spent some time in the past few years trying to get it
to be in a reason
> Scott, could you (or anybody else) spare time to perform the following
> maintenance tasks?
I don't use chainsaw personally, however, I am afraid I might run into
a project that does, so I would prefer to keep docs afloat.
Volkan,
Does the deal qualify for log4j 1.x?
I would love to resolve iss
> The problems isn’t “not removing links”, it is that there is always a cost to
> saying something is still supported even if no one is doing any actual work
> on it. The longer the code goes untouched the longer that “future cost”
> becomes. Eventually someone has to do something. If no one eve
Scott, could you (or anybody else) spare time to perform the following
maintenance tasks?
1. Update dependencies (e.g., `hsqldb:hsqldb:1.8.0.7` has a CVE)
2. Revamp the CI (preferably move it to GitHub Actions)
3. Migrate to GitHub Issues
4. Document the release process (unless it alre
Ralph,
I already removed the socket appender vulnerability. I believe that was the
only one.
Scott
On Tue, Sep 19, 2023, 11:10 AM Ralph Goers
wrote:
> Scott,
>
> Apparently Chainsaw has dependencies that have CVEs reported against them
> (or so I am told). We haven’t enabled GitHub Issues for
An old colleague of mine said “Software decays over time”. This is a very true
statement and applies to Chainsaw, just as it does to everything else. Java
versions and dependencies become unsupported. Security bugs in dependencies get
exposed. A project that just sits and never updates becomes
Scott,
Apparently Chainsaw has dependencies that have CVEs reported against them (or
so I am told). We haven’t enabled GitHub Issues for Chainsaw AFAIK. Both of
these need to be addressed if the project is going to be considered active.
Are you willing to help with both of these?
Ralph
> On
> The difference is between saying nothing (what we do now) and committing to
> future work (support for 5-10 years and then make it go away).
I am afraid I do not understand it.
Could you explain it in more words?
What is exactly the difference?
Currently, it looks like the cost of "not removin
The difference is between saying nothing (what we do now) and committing to
future work (support for 5-10 years and then make it go away).
Gary
On Tue, Sep 19, 2023, 10:06 AM Vladimir Sitnikov <
sitnikov.vladi...@gmail.com> wrote:
> >> WRT 5-10 years... uh? Where would those numbers come from?
>
>> WRT 5-10 years... uh? Where would those numbers come from?
I mean "at least 5-10 years". It costs virtually nothing, so why touch it?
>to anything in that time frame outside of a commercial support contract.
How much money do you need to "not remove chainsaw" from the webpage?
As of now, it l
I think I agree with Scott: I don't see a reason to nuke it. We can't
really tell what usage looks like.
WRT 5-10 years... uh? Where would those numbers come from? I'd never commit
to anything in that time frame outside of a commercial support contract.
Gary
On Tue, Sep 19, 2023, 6:26 AM Scott D
Well, it still works well, and real time log analysis and Chainsaw's
support for filtering are very powerful for many dev-local use cases.
User base I can't speak to, but I agree based on lack of questions it's
probably very low to non-existent.
I'd prefer we find an option that isn't "nuke it fr
> Chainsaw is hardly getting any maintenance
It is sad the PMC rejects CVE fixes.
>> [1] Retirement translates to archival of the repository and clearing up its
> mentions in `logging.apache.org`.
It sounds awful to "deprecate and remove references" simultaneously.
How should users know somethin
AFAIC, Chainsaw is hardly getting any maintenance. Considering its activity
over the years, I haven't witnessed a user base either. I suppose the trend
in processing logs (i.e., rendering them into JSON and storing them in
Elasticsearch, GCP/AWS log sinks, etc.) is shifted away from
`PatternLayout`
21 matches
Mail list logo
