Here it is: https://github.com/apache/logging-log4j2/pull/690
Mind somebody reviewing and merging it, please? On Fri, Jan 7, 2022 at 1:35 PM Gary Gregory <[email protected]> wrote: > Hi all, > > Where can we record this decision? In a text file in the repo? Wiki? Both? > > Gary > > On Fri, Jan 7, 2022, 05:22 Volkan Yazıcı <[email protected]> wrote: > > > Hello, > > > > This is the result of the vote introducing the process that enforces > > CVE submissions[1] and their content to be first subject to voting by > > means of "lazy approval"[2] using the (private) > > `[email protected]` mailing list: > > > > 6x +1 (accepting the process), all binding > > 2x +0 (abstaining) > > > > Details: > > > > +1 (accepting the process): > > Ralph Goers (binding) > > Gary Gregory (binding) > > Christian Grobmeier (binding) > > Carter Kozak (binding) > > Matt Sicker (binding) > > Volkan Yazıcı (binding) > > > > +0: > > Xeno Amess (non binding) > > Dominik Psenner (binding) > > > > The PMC decided unanimously to introduce the aforementioned CVE > > creation process. > > > > Kind regards, > > Volkan > > > > [1] Note that this process only involves the creation of CVEs and > > doesn't interfere with any form of fixes or releases. > > [2] An action with lazy approval is implicitly allowed unless a -1 > > vote is received, at which time, depending on the type of action, > > either lazy majority or lazy consensus approval must be obtained. For > > details see https://logging.apache.org/guidelines.html > > >
