Christian,
I *assume *it is not jar signed but rather only has an external PGP
signature.
Regards,...
Ed
On 08.02.2022 16:48, Christian Dietrich wrote:
is the orginal signing not enhough?
and what about about.html and other eclipse rule foo.
Am 08.02.22 um 16:32 schrieb Matthias Sohn:
I went ahead and pushed the naive addition of reload4j 1.2.19
disguised as bundle org.apache.log4j to Orbit
https://git.eclipse.org/r/c/orbit/orbit-recipes/+/190574
feel free to change this if someone finds out how to use EBR to only
sign the upstream artefact.
-Matthias
On Tue, Feb 8, 2022 at 4:04 PM Dirk Fauth via
cross-project-issues-dev <cross-project-issues-dev@eclipse.org> wrote:
Well, from my point of view the usage of reload4j is the only
backwards compatible solution. Unfortunately not for every case,
e.g. too strict version ranges. The solution forward is of course
the usage of a log wrapper to decouple development from deployment.
Anyhow I don't know how to add a bundle jar signed and unchanged
to Orbit. I am only aware of the re-bundling via EBR. Doing that
will cause a change in the jar structure that causes for example
logpresso to identify a CVE, although it is fixed. Which is
actually only an issue in the detection. But that was one of the
reasons why I contacted the reload4j project to change the base
to avoid the re-bundling.
Anyone who knows how to only sign and publish to Orbit without
re-bundling?
Ed Merks <ed.me...@gmail.com> schrieb am Di., 8. Feb. 2022, 15:54:
Dirk,
Thanks. That's really great! It would be great for this
release cycle if it were jar signed and available from Orbit
so that we could ship it with 2022-03...
There are people who are concerned:
https://www.eclipse.org/forums/index.php/mv/msg/1109656/1849775/#msg_1849775
Though I'm not sure if they would consider the problem being
fixed in 1.2.19 a fact and even if its a fact if it would be
a fact that matters...
Regards,
Ed
On 08.02.2022 15:48, Dirk Fauth via cross-project-issues-dev
wrote:
Hi,
I got in contact with the reload4j team. They changed the
Bundle-SymbolicName to org.apache.log4j and fixed several
OSGi meta data related issues in the meanwhile. Today they
published 1.2.19 which should work as a drop-in replacement
in Eclipse based applications where Require-Bundle was used.
My local tests worked so far.
That said, re-bundling for Orbit should not be necessary as
reload4j could directly be consumed via Maven Central.
Just wanted to keep you updated.
Greez,
Dirk
Ed Willink <ed.will...@gmail.com> schrieb am Mi., 26. Jan.
2022, 13:47:
Hi
On 26/01/2022 07:48, Christoph Läubrich wrote:
> Why not using SLF4J in all places and let the user
choose the
> implementation with their favorite CVEs?
Use of SLF4J has been suggested before and so I tried to
be a good
Eclipse citizen. My failed attempts are described in:
https://bugs.eclipse.org/bugs/show_bug.cgi?id=559532
If SLF4J is to be used, can someone please ensure that
the platform is
fit for purpose and that there is a good tutorial on how
to do really
boring logging.
Regards
Ed Willink
--
This email has been checked for viruses by Avast
antivirus software.
https://www.avast.com/antivirus
_______________________________________________
cross-project-issues-dev mailing list
cross-project-issues-dev@eclipse.org
To unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/cross-project-issues-dev
_______________________________________________
cross-project-issues-dev mailing list
cross-project-issues-dev@eclipse.org
To unsubscribe from this list,
visithttps://www.eclipse.org/mailman/listinfo/cross-project-issues-dev
_______________________________________________
cross-project-issues-dev mailing list
cross-project-issues-dev@eclipse.org
To unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/cross-project-issues-dev
_______________________________________________
cross-project-issues-dev mailing list
cross-project-issues-dev@eclipse.org
To unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/cross-project-issues-dev
_______________________________________________
cross-project-issues-dev mailing list
cross-project-issues-dev@eclipse.org
To unsubscribe from this list,
visithttps://www.eclipse.org/mailman/listinfo/cross-project-issues-dev
Vorstand/Board: Jens Wagener (Vors./chairman), Dr. Stephan Eberle,
Abdelghani El-Kacimi, Wolfgang Neuhaus, Franz-Josef Schuermann
Aufsichtsrat/Supervisory Board: Michael Neuhaus (Vors./chairman),
Harald Goertz, Eric Swehla
Sitz der Gesellschaft/Registered Office: Am Brambusch 15-24, 44536
Lünen (Germany)
Registergericht/Registry Court: Amtsgericht Dortmund | HRB 20621
_______________________________________________
cross-project-issues-dev mailing list
cross-project-issues-dev@eclipse.org
To unsubscribe from this list,
visithttps://www.eclipse.org/mailman/listinfo/cross-project-issues-dev
_______________________________________________
cross-project-issues-dev mailing list
cross-project-issues-dev@eclipse.org
To unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/cross-project-issues-dev
