In the past security vulnerabilities were reported via nuget and it is not a good idea to publish those in an automated way.
I suggest to update the nuget project documentation and prominently point to our mailing lists and discourage the communication via nuget. Users may continue sending messages via nuget to pmc but hopefully the volume is reduced. Unfortunately most users consume log4net via nuget and apparently do not care about the mailing list and/or the official project website. -- Sent from my phone. Typos are a kind gift to anyone who happens to find them. On Tue, Sep 8, 2020, 08:34 Davyd McColl <dav...@gmail.com> wrote: > Ralph > > I understand that the emails provide a bit of workload, and I'm trying to > figure out a solution to help everyone -- obviously there are people who > submit mails (and wonder where they went) and people who have to handle > those mails. > > We use Trello at work and have built our own custom solution which bridges > Trello and email (called Sendboard). It looks like > https://community.atlassian.com/t5/Jira-questions/create-ticket-from-email-in-jira/qaq-p/806165 > gives an idea of how to do something similar for JIRA. Would that perhaps > help to make things flow a bit better? > > Unlike npmjs.com, nuget.org doesn't provide a mechanism for a quick link > to an issues board -- the best I can see is either the project url or the > associated email address (which is probably why most people reach out on > email). So the possible solutions I see here are to > - automate handling the email > - make the issue reporting url clearer on the project page. > > The project url links to logging.apache.org/log4net -- perhaps I should > update the landing page to include a more obvious link to reporting issues? > There is already a link in the project's README.md which surfaces on > GitHub. At the end of the day, I'd like the situation to be better for both > the PMC and users. I'm open to any suggestions. > > -d > > On 2020/09/08 07:24:25, Davyd McColl <dav...@gmail.com> wrote: > Hi Ralph > I'll investigate this today. I'd like more information, particularly > configuration and, eg if the ado.net [http://ado.net] appender is used, > table structures. > Joseph, please open a ticket at > https://issues.apache.org/jira/browse/LOG4NET [ > https://issues.apache.org/jira/browse/LOG4NET] to help me track this. > -d > > On September 7, 2020 23:35:12 Ralph Goers <ralph.go...@dslextreme.com> > wrote: > For some reason all messages from NuGet are routed to the Apache Logging > PMC list. This one clearly does not need to be private. Just know that the > person who sent this is apparently not subscribed to the ASF mailing lists > so won’t see a response unless he is cc’d. > I’m not familiar with NuGet but it sure would be nice if they could be > pointed to our mailing lists. The PMC has gotten a fair number of these > that we have tried to respond to. > Ralph > Begin forwarded message: > From: NuGet Gallery <supp...@nuget.org> > Subject: [NuGet Gallery] Message for owners of the package 'log4net' > Date: September 7, 2020 at 2:25:32 PM MST > To: <priv...@logging.apache.org> > Reply-To: "Logging PMC" <priv...@logging.apache.org> > Reply-To: <jmit...@berkeley.edu> > User jmitola <jmit...@berkeley.edu> sends the following message to the > owners of Package 'log4net 2.0.8 < > https://www.nuget.org/packages/log4net/2.0.8 [ > https://www.nuget.org/packages/log4net/2.0.8]>'. > Has version 2.0.9 been thoroughly tested running in .Net framework 4.6? I > ask because I recently upgraded from 2.0.8 which was working with no issues > to version 2.0.9. Now, it completely crashes the application pool in IIS > for any application running .Net framework v4.5 and higher which has > referenced the log4net library v2.0.9. Furthermore, it will not output any > error logs even with internal logging option turned on. Do you have any > suggestions as to how I could debug this? > Thanks, Joseph > To stop receiving contact emails as an owner of this package, sign in to > the NuGet Gallery and change your email notification settings < > https://www.nuget.org/account [https://www.nuget.org/account]>. > Privacy Statement <https://go.microsoft.com/fwlink/?LinkId=521839 [ > https://go.microsoft.com/fwlink/?LinkId=521839]> > Microsoft Corporation > One Microsoft Way > Redmond, WA 98052 USA > >
