Peter Donald wrote:
>
> Hi,
>
> Doh!
>
> I just got feedback that points out that it possible to do a
> masquerade (sp?) attack against LogKit via something like
>
> getLogger().getLogTargets()[0].processEvent( myEvilEvent );
>
> So to fix this I suggest we deprecate Logger.getLogTargets() make it return a
> zero sized array and instead add a "complimenting" setLogTargets() as
> suggested below?
Masquerading is bad. What does the complimenting setLogTargets() afford
us. Won't that allow the same type of problem?
>
> Thoughts?
>
> BTW I just noticed that Log4j added a MDC recently (6 hours ago) which is
MDC? What's that?
> essentially our ContextMap. Also their PatternFormatter was reworked in a
> manner similar to ours. I wonder if we will be accused of stealing this
> time... Ahh the joy of it all.
You mean your innocent this time? ;)
> On Mon, 6 Aug 2001 16:42, Peter Donald wrote:
> > Hi,
> >
> > Heres some feedback got so far about logkit release.
> >
> > * Changelog should be below files listing on download page and should also
> > include data like how to verify signatures
> > * Release should say "why" you should upgrade
+1
> > * LogTarget is a stupid name for what it does (no alternative offered)
Gee that helps.
> > * filters should be in org.apache.log.output.filter or similar (they are
> > only used by output targets)
-0
> > * OutputStreamLogger should be named LoggerOutputStream
That makes sense +1
> > * documentation sucks (whitepaper does not list every output target or
> > explain concepts well enough, javadocs missing overview docs for packages
> > and classes)
Can people be nicer? It does need the finishing touch.
> > * Why use testlet when there is junit
We do need to remove the reference to Testlet in the release docs.
> > * why so big download (answer == tools/ext)
Do we want to include all that? Maybe for the Source, but not for
the binaries.
> > I think this is the most feedback I have got from a release in such a short
> > time.
We are making noise, so people are paying attention.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
