One issue I found in one of the artifacts that I can address before
uploading since it wasn't signed is the binaries zip is missing the
LICENSE file. I'm not sure if there's a standard way to include that
in the nupkg file, but I did see that in its metadata, it explicitly
says the code is Apache2 licensed at least.
On Sun, 16 Aug 2020 at 13:03, Matt Sicker <boa...@gmail.com> wrote:
>
> I'll sign and publish the artifacts today.
>
> On Mon, 3 Aug 2020 at 17:43, Ralph Goers <ralph.go...@dslextreme.com> wrote:
> >
> > Thanks Remko. That makes 3 +1 votes from PMC members.
> >
> > Ralph
> >
> > > On Aug 3, 2020, at 2:12 PM, Remko Popma <remko.po...@gmail.com> wrote:
> > >
> > > +1 Remko.
> > >
> > > On Tue, Aug 4, 2020 at 1:04 AM Matt Sicker <boa...@gmail.com> wrote:
> > >
> > >> +1 from me. We can handle the release signing afterwards as Ralph
suggests.
> > >>
> > >> On Mon, 3 Aug 2020 at 10:30, Ralph Goers <ralph.go...@dslextreme.com>
> > >> wrote:
> > >>>
> > >>> Can other PMC members please review this? It has been more than 72
> > >> hours.
> > >>>
> > >>> Ralph
> > >>>
> > >>>> On Jul 30, 2020, at 11:17 PM, Davyd McColl <davyd.mcc...@codeo.co.za>
> > >> wrote:
> > >>>>
> > >>>> Hi all, I've never done this before, so bear with me if I fluff it:
> > >>>>
> > >>>> This is a proposed vote to release log4net 2.0.9 from PR
> > >> https://github.com/apache/logging-log4net/pull/61
> > >>>>
> > >>>> Release artifacts (including source zip) are at:
> > >>
https://ci.appveyor.com/project/fluffynuts/logging-log4net/builds/34063235/artifacts
> > >>>> Source can be checked out from
> > >> https://github.com/fluffynuts/logging-log4net/logging-log4net, tag rel/
> > >> 2.0.9. I can't push tags to the upstream, but this tag is exactly the
> > >> same commit as the last in the PR mentioned above, which was
accepted into
> > >> master a few days ago.
> > >>>>
> > >>>> Please check out the artifacts & if everyone is ok with what's there,
> > >> please can someone with the rights to publish to nuget do so.
> > >>>>
> > >>>> Once I've seen how this process works, I'd like to tackle the CVE that
> > >> has been brought up on this list more than once -- it's a simple change
> > >> which was already committed to the develop branch some time ago, so
there
> > >> are a couple of options here:
> > >>>> 1. cherry-pick that commit & do a 2.0.10 release pronto, with only
> > >> that change
> > >>>> 2. trawl the develop branch to see what else was already solved in
> > >> there, and get that out as 2.0.10, and perhaps close out that branch to
> > >> avoid future confusion.
> > >>>>
> > >>>> Thanks for your time
> > >>>> -d
> > >>>
> > >>>
> > >>
> > >>
> > >> --
> > >> Matt Sicker <boa...@gmail.com>
> > >>
> >
> >
>
>
> --
> Matt Sicker <boa...@gmail.com>
--
Matt Sicker <boa...@gmail.com>