The Log4j1 project is EOL, and assuming that it remains EOL and we are only doing security patches, I vote in favor of this repo change, to facilitate making such security patches. +1
I agree we need to get consensus on the scope of any Log4j1 work. On Fri, Dec 24, 2021 at 8:55 AM Ralph Goers <[email protected]> wrote: > That will be the next separate discussion and vote. > > Ralph > > > On Dec 23, 2021, at 4:53 PM, Matt Sicker <[email protected]> wrote: > > > > I tend to agree here. Even if we go ahead with the repo rename, we’ll > still need some consensus on the scope of this work. > > -- > > Matt Sicker > > > >> On Dec 23, 2021, at 17:11, Christian Grobmeier <[email protected]> > wrote: > >> > >> hi > >> > >> at the moment I am -1 too, mostly for the reasons Gary mentioned. > >> Most important is that we don't have a clear goal on what we are trying > to achieve here. We should be very explicit of why we are doing what. > >> > >> Cheers, > >> Christian > >> > >> > >> On Thu, Dec 23, 2021, at 22:50, Gary Gregory wrote: > >>> -1 > >>> We just created logging-log4j1 and converted the SVN repo into it, > let's > >>> stick to that. I even made a commit ;-) > >>> I claim it is a good thing to start with a new repo because it creates > a > >>> tiny bit of friction, for a project that is still End-of-Life after > all. > >>> Even if it is a bit of friction to bring in old stuff from the old > repo, > >>> this would provide a kind of effort/value filter. > >>> The concurrent consensus I see on the PMC is to fix the one listed CVE > on > >>> our site plus other fixes in the style of the recent 2.x fixes. > >>> Bringing in all of the cruft from the old repo will give the wrong > >>> impression that we actually might be merging this or that random fix > and > >>> feature. Which I claim is not the goal here. > >>> > >>> I feel we might need an addendum or a subsequent VOTE with a stated > goal or > >>> charter for this repo to only provide CVE fixes (see above). Projects > >>> usually have a charter, not components I do not think, but I think we > >>> should have one here and put it in front and center in the README.md > so we > >>> can manage expectations for people finding the repo on GitHub. > >>> > >>> Gary > >>> > >>> On Thu, Dec 23, 2021 at 4:35 PM Ralph Goers < > [email protected]> > >>> wrote: > >>> > >>>> In https://issues.apache.org/jira/browse/INFRA-22654 Chris Lambertus > has > >>>> recommended that we can divorce > >>>> the read-only SVN repo from https://github.com/apache/log4j. > However, it > >>>> will not be able to keep the same > >>>> name as all Git repos owned by the logging project must start with > >>>> “logging-“. > >>>> > >>>> So this vote is to: > >>>> 1. Delete the apache/logging-log4j1 repo I created last night. > >>>> 2. Divorce the apache/log4j repo from SVN. > >>>> 3. Rename apache/log4j to apache/logging-log4j1. > >>>> 4. Create a branch named “main” from the v1_2_17 tag. > >>>> 5. Make main the default branch in GitHub. > >>>> > >>>> While all votes are welcome Infra needs consensus from the PMC on this > >>>> vote so the result will separate > >>>> binding from non-binding votes. > >>>> > >>>> Ralph > >>>> > >>>> PS - I’ve separated this from the previous vote thread since it was > mostly > >>>> discussion. If you want to discuss > >>>> this please prefix the subject with [DISCUSS] > > > > > >
