Ralph, I didn't misunderstand.
Scott On Tue, Sep 19, 2023, 12:30 PM Ralph Goers <ralph.go...@dslextreme.com> wrote: > Scott, > > I think you misunderstood. I wasn’t referring to any CVEs in Chainsaw code > but in dependencies Chainsaw uses. Users expect dependencies to be updated > periodically so that they can build a project that passes all their > security scans. > > Ralph > > > On Sep 19, 2023, at 11:26 AM, Scott Deboy <scott.de...@gmail.com> wrote: > > > > Ralph, > > > > I already removed the socket appender vulnerability. I believe that was > the > > only one. > > > > Scott > > > > On Tue, Sep 19, 2023, 11:10 AM Ralph Goers <ralph.go...@dslextreme.com> > > wrote: > > > >> Scott, > >> > >> Apparently Chainsaw has dependencies that have CVEs reported against > them > >> (or so I am told). We haven’t enabled GitHub Issues for Chainsaw AFAIK. > >> Both of these need to be addressed if the project is going to be > considered > >> active. Are you willing to help with both of these? > >> > >> Ralph > >> > >>> On Sep 19, 2023, at 3:25 AM, Scott Deboy <scott.de...@gmail.com> > wrote: > >>> > >>> Well, it still works well, and real time log analysis and Chainsaw's > >>> support for filtering are very powerful for many dev-local use cases. > >>> > >>> User base I can't speak to, but I agree based on lack of questions it's > >>> probably very low to non-existent. > >>> > >>> I'd prefer we find an option that isn't "nuke it from orbit". > >>> > >>> Scott > >>> > >>> > >>> > >>> On Tue, Sep 19, 2023, 12:00 AM Volkan Yazıcı <vol...@yazi.ci> wrote: > >>> > >>>> AFAIC, Chainsaw is hardly getting any maintenance. Considering its > >> activity > >>>> over the years, I haven't witnessed a user base either. I suppose the > >> trend > >>>> in processing logs (i.e., rendering them into JSON and storing them in > >>>> Elasticsearch, GCP/AWS log sinks, etc.) is shifted away from > >>>> `PatternLayout`-rendered files collected under `/var/logs`. I would > >> like to > >>>> retire[1] Chainsaw in a vote thread. Thoughts? > >>>> > >>>> [1] Retirement translates to archival of the repository and clearing > up > >> its > >>>> mentions in `logging.apache.org`. > >>>> > >> > >> > >