Vladimir, Have you had a chance to work on a patch for the security vulnerabilities?
While there is understandably not much interest in “resurrecting” the Log4j 1.x project, overall people are positive about releasing a 1.2.18 with security patches. I think it would be most helpful if we can stay focused on those security patches rather than pushing the PMC for an effort to revive an EOL project. I can see how things appear to be moving very slowly from your perspective, but as Ralph pointed out the PMC is pretty busy with 2.x patch releases and the flood of email that has been piling up. I see your enthusiasm and eagerness to contribute and that’s really great! I would suggest that you direct that energy towards looking at the Log4j 1.x source code, figuring out what classes should be modified in which way, and how to test those changes. And discussing such code changes on the mailing list together with fellow enthusiasts. Migration to git will happen. Maybe not as fast as you would like, but please cut the PMC some slack in this stressful time. Surely you can start working on the actual security improvements without re-incubating a Log4j 1.x project, in parallel with (while waiting for) the migration from svn to git? Onwards, Remko > On Dec 21, 2021, at 20:52, Vladimir Sitnikov <sitnikov.vladi...@gmail.com> > wrote: > > Ron, > > I know these are not easy times for you, > however, it looks like we are going in circles. > > There's visible demand for releasing fixes for 1.x: > https://lists.apache.org/thread/llgp7b9v1t081o3215o7xq4zpct1x0b4 > > So the question is > "Could you sponsor the project or do you want Incubator to do that?" > > I see the current crew is not interested in fixing and releasing 1.x. > Why don't you just allow others to fix things? > > Vladimir
