Scott, could you (or anybody else) spare time to perform the following
maintenance tasks?

   1. Update dependencies (e.g., `hsqldb:hsqldb:1.8.0.7` has a CVE)
   2. Revamp the CI (preferably move it to GitHub Actions)
   3. Migrate to GitHub Issues
   4. Document the release process (unless it already exists)
   5. Clean up the code base (e.g., `pom.xml` still refers to SVN)
   6. Clean up the docs

Otherwise, I agree with Ralph's points and I think it is better we
communicate to our users that the project is not maintained anymore by
means of archiving the repository. We can still keep links, docs, etc.
around. If anybody later on steps up to maintain it and starts landing
digestible, regular PRs, PMC can always decide to re-activate the archived
repository.


On Tue, Sep 19, 2023 at 8:27 PM Scott Deboy <scott.de...@gmail.com> wrote:

> Ralph,
>
> I already removed the socket appender vulnerability. I believe that was the
> only one.
>
> Scott
>
> On Tue, Sep 19, 2023, 11:10 AM Ralph Goers <ralph.go...@dslextreme.com>
> wrote:
>
> > Scott,
> >
> > Apparently Chainsaw has dependencies that have CVEs reported against them
> > (or so I am told). We haven’t enabled GitHub Issues for Chainsaw AFAIK.
> > Both of these need to be addressed if the project is going to be
> considered
> > active.  Are you willing to help with both of these?
> >
> > Ralph
> >
> > > On Sep 19, 2023, at 3:25 AM, Scott Deboy <scott.de...@gmail.com>
> wrote:
> > >
> > > Well, it still works well, and real time log analysis and Chainsaw's
> > > support for filtering are very powerful for many dev-local use cases.
> > >
> > > User base I can't speak to, but I agree based on lack of questions it's
> > > probably very low to non-existent.
> > >
> > > I'd prefer we find an option that isn't "nuke it from orbit".
> > >
> > > Scott
> > >
> > >
> > >
> > > On Tue, Sep 19, 2023, 12:00 AM Volkan Yazıcı <vol...@yazi.ci> wrote:
> > >
> > >> AFAIC, Chainsaw is hardly getting any maintenance. Considering its
> > activity
> > >> over the years, I haven't witnessed a user base either. I suppose the
> > trend
> > >> in processing logs (i.e., rendering them into JSON and storing them in
> > >> Elasticsearch, GCP/AWS log sinks, etc.) is shifted away from
> > >> `PatternLayout`-rendered files collected under `/var/logs`. I would
> > like to
> > >> retire[1] Chainsaw in a vote thread. Thoughts?
> > >>
> > >> [1] Retirement translates to archival of the repository and clearing
> up
> > its
> > >> mentions in `logging.apache.org`.
> > >>
> >
> >
>

Reply via email to