Yes, that is certainly a possibility. For that I don’t think a trip through the incubator would be necessary. But it would also be difficult to make the folks working on log4j 1.x committers of the Logging Services project since gaining commit rights to an ASF project usually requires more than just submitting one or two patches.
Ralph > On Dec 20, 2021, at 8:03 AM, Andrii Berezovskyi <andr...@kth.se> wrote: > > Dear Ralph, > >> The reason I brought this up is that it seems there are two groups here. One >> that wants to get a release >> out and then put Log4j 1 back in the coffin and another that wants to >> resurrect it. > > Do you think there may be a middle ground here? In other words, users who > think that log4j is "done" and does not need new features, but at the same > time realise that new security issues could pop up in the future and require > a release done quickly once a year or so? > > Best regards, > Andrew > >
