AFAIC, Chainsaw is hardly getting any maintenance. Considering its activity
over the years, I haven't witnessed a user base either. I suppose the trend
in processing logs (i.e., rendering them into JSON and storing them in
Elasticsearch, GCP/AWS log sinks, etc.) is shifted away from
`PatternLayout`
> Chainsaw is hardly getting any maintenance
It is sad the PMC rejects CVE fixes.
>> [1] Retirement translates to archival of the repository and clearing up its
> mentions in `logging.apache.org`.
It sounds awful to "deprecate and remove references" simultaneously.
How should users know somethin
Well, it still works well, and real time log analysis and Chainsaw's
support for filtering are very powerful for many dev-local use cases.
User base I can't speak to, but I agree based on lack of questions it's
probably very low to non-existent.
I'd prefer we find an option that isn't "nuke it fr
I think I agree with Scott: I don't see a reason to nuke it. We can't
really tell what usage looks like.
WRT 5-10 years... uh? Where would those numbers come from? I'd never commit
to anything in that time frame outside of a commercial support contract.
Gary
On Tue, Sep 19, 2023, 6:26 AM Scott D
>> WRT 5-10 years... uh? Where would those numbers come from?
I mean "at least 5-10 years". It costs virtually nothing, so why touch it?
>to anything in that time frame outside of a commercial support contract.
How much money do you need to "not remove chainsaw" from the webpage?
As of now, it l
The difference is between saying nothing (what we do now) and committing to
future work (support for 5-10 years and then make it go away).
Gary
On Tue, Sep 19, 2023, 10:06 AM Vladimir Sitnikov <
sitnikov.vladi...@gmail.com> wrote:
> >> WRT 5-10 years... uh? Where would those numbers come from?
>
> The difference is between saying nothing (what we do now) and committing to
> future work (support for 5-10 years and then make it go away).
I am afraid I do not understand it.
Could you explain it in more words?
What is exactly the difference?
Currently, it looks like the cost of "not removin
Scott,
Apparently Chainsaw has dependencies that have CVEs reported against them (or
so I am told). We haven’t enabled GitHub Issues for Chainsaw AFAIK. Both of
these need to be addressed if the project is going to be considered active.
Are you willing to help with both of these?
Ralph
> On
An old colleague of mine said “Software decays over time”. This is a very true
statement and applies to Chainsaw, just as it does to everything else. Java
versions and dependencies become unsupported. Security bugs in dependencies get
exposed. A project that just sits and never updates becomes
Ralph,
I already removed the socket appender vulnerability. I believe that was the
only one.
Scott
On Tue, Sep 19, 2023, 11:10 AM Ralph Goers
wrote:
> Scott,
>
> Apparently Chainsaw has dependencies that have CVEs reported against them
> (or so I am told). We haven’t enabled GitHub Issues for
Scott, could you (or anybody else) spare time to perform the following
maintenance tasks?
1. Update dependencies (e.g., `hsqldb:hsqldb:1.8.0.7` has a CVE)
2. Revamp the CI (preferably move it to GitHub Actions)
3. Migrate to GitHub Issues
4. Document the release process (unless it alre
> The problems isn’t “not removing links”, it is that there is always a cost to
> saying something is still supported even if no one is doing any actual work
> on it. The longer the code goes untouched the longer that “future cost”
> becomes. Eventually someone has to do something. If no one eve
> Scott, could you (or anybody else) spare time to perform the following
> maintenance tasks?
I don't use chainsaw personally, however, I am afraid I might run into
a project that does, so I would prefer to keep docs afloat.
Volkan,
Does the deal qualify for log4j 1.x?
I would love to resolve iss
The website should simply be moved to the 'dormant projects' section of the
logging website: https://logging.apache.org/dormant.html
I am +1 on archiving. The current state of master is 'mostly working' at
this point, I have spent some time in the past few years trying to get it
to be in a reason
Scott,
I think you misunderstood. I wasn’t referring to any CVEs in Chainsaw code but
in dependencies Chainsaw uses. Users expect dependencies to be updated
periodically so that they can build a project that passes all their security
scans.
Ralph
> On Sep 19, 2023, at 11:26 AM, Scott Deboy
Ralph,
I didn't misunderstand.
Scott
On Tue, Sep 19, 2023, 12:30 PM Ralph Goers
wrote:
> Scott,
>
> I think you misunderstood. I wasn’t referring to any CVEs in Chainsaw code
> but in dependencies Chainsaw uses. Users expect dependencies to be updated
> periodically so that they can build a pr
Hi,
Right now our Spotless configuration just specifies the lines endings,
forbids tabs and sorts the imports. If we want to apply some
OpenRewrite rule to the codebase (e.g. migrate all string
concatenations to parameterized logging or migrate JUnit4 to Junit5),
we need a deterministic formatter
17 matches
Mail list logo
