Re: [VOTE] Release Log4Net 2.0.9

Sun, 16 Aug 2020 11:54:43 -0700

I'll make changes to the automated build to affect all changes you have made (and perhaps will make) automatically to future releases for the next release. Apologies for making this more difficult than it needs to be (: 

-d


On August 16, 2020 20:37:01 Matt Sicker <boa...@gmail.com> wrote:


Just a simple copy of the LICENSE and NOTICE file into the binaries
zip, and a rename of the files to include "apache" in the name. I've
uploaded them to dist along with updating the KEYS file for log4net,
though that should probably be merged together with the project-wide
KEYS file in the parent directory. There's an outdated README.html in
the directory still containing the old release notes, but we can
address that next.

On Sun, 16 Aug 2020 at 13:12, Matt Sicker <boa...@gmail.com> wrote:


One issue I found in one of the artifacts that I can address before
uploading since it wasn't signed is the binaries zip is missing the
LICENSE file. I'm not sure if there's a standard way to include that
in the nupkg file, but I did see that in its metadata, it explicitly
says the code is Apache2 licensed at least.

On Sun, 16 Aug 2020 at 13:03, Matt Sicker <boa...@gmail.com> wrote:
>
> I'll sign and publish the artifacts today.
>
> On Mon, 3 Aug 2020 at 17:43, Ralph Goers <ralph.go...@dslextreme.com> wrote:
> >
> > Thanks Remko. That makes 3 +1 votes from PMC members.
> >
> > Ralph
> >
> > > On Aug 3, 2020, at 2:12 PM, Remko Popma <remko.po...@gmail.com> wrote:
> > >
> > > +1 Remko.
> > >
> > > On Tue, Aug 4, 2020 at 1:04 AM Matt Sicker <boa...@gmail.com> wrote:
> > >
> > >> +1 from me. We can handle the release signing afterwards as Ralph suggests. 
> > >>
> > >> On Mon, 3 Aug 2020 at 10:30, Ralph Goers <ralph.go...@dslextreme.com>
> > >> wrote:
> > >>>
> > >>> Can other PMC members  please review this? It has been more than 72
> > >> hours.
> > >>>
> > >>> Ralph
> > >>>
> > >>>> On Jul 30, 2020, at 11:17 PM, Davyd McColl <davyd.mcc...@codeo.co.za>
> > >> wrote:
> > >>>>
> > >>>> Hi all, I've never done this before, so bear with me if I fluff it:
> > >>>>
> > >>>> This is a proposed vote to release log4net 2.0.9 from PR
> > >> https://github.com/apache/logging-log4net/pull/61
> > >>>>
> > >>>> Release artifacts (including source zip) are at:
> > >> https://ci.appveyor.com/project/fluffynuts/logging-log4net/builds/34063235/artifacts 
> > >>>> Source can be checked out from
> > >> https://github.com/fluffynuts/logging-log4net/logging-log4net, tag rel/
> > >> 2.0.9. I can't push tags to the upstream, but this tag is exactly the
> > >> same commit as the last in the PR mentioned above, which was accepted into 
> > >> master a few days ago.
> > >>>>
> > >>>> Please check out the artifacts & if everyone is ok with what's there,
> > >> please can someone with the rights to publish to nuget do so.
> > >>>>
> > >>>> Once I've seen how this process works, I'd like to tackle the CVE that
> > >> has been brought up on this list more than once -- it's a simple change
> > >> which was already committed to the develop branch some time ago, so there 
> > >> are a couple of options here:
> > >>>> 1. cherry-pick that commit & do a 2.0.10 release pronto, with only
> > >> that change
> > >>>> 2. trawl the develop branch to see what else was already solved in
> > >> there, and get that out as 2.0.10, and perhaps close out that branch to
> > >> avoid future confusion.
> > >>>>
> > >>>> Thanks for your time
> > >>>> -d
> > >>>
> > >>>
> > >>
> > >>
> > >> --
> > >> Matt Sicker <boa...@gmail.com>
> > >>
> >
> >
>
>
> --
> Matt Sicker <boa...@gmail.com>



--
Matt Sicker <boa...@gmail.com>




--
Matt Sicker <boa...@gmail.com>

Reply via email to