I think I was the last person to perform a release of Chainsaw. The release process I followed was the same one used for Log4j2, Log4j Kotlin, etc., as documented in Confluence. The main thing I was unable to do, though, was make binaries besides regular jar files. To publish binaries for Windows and macOS, you typically need to use some code signing mechanism, too, which ASF Security does have some service for, but I don’t know much at all about packaging desktop software (unless your desktop happens to be a server).
> On Sep 19, 2023, at 1:45 PM, Volkan Yazıcı <vol...@yazi.ci> wrote: > > Scott, could you (or anybody else) spare time to perform the following > maintenance tasks? > > 1. Update dependencies (e.g., `hsqldb:hsqldb:1.8.0.7` has a CVE) > 2. Revamp the CI (preferably move it to GitHub Actions) > 3. Migrate to GitHub Issues > 4. Document the release process (unless it already exists) > 5. Clean up the code base (e.g., `pom.xml` still refers to SVN) > 6. Clean up the docs > > Otherwise, I agree with Ralph's points and I think it is better we > communicate to our users that the project is not maintained anymore by > means of archiving the repository. We can still keep links, docs, etc. > around. If anybody later on steps up to maintain it and starts landing > digestible, regular PRs, PMC can always decide to re-activate the archived > repository. > > > On Tue, Sep 19, 2023 at 8:27 PM Scott Deboy <scott.de...@gmail.com> wrote: > >> Ralph, >> >> I already removed the socket appender vulnerability. I believe that was the >> only one. >> >> Scott >> >> On Tue, Sep 19, 2023, 11:10 AM Ralph Goers <ralph.go...@dslextreme.com> >> wrote: >> >>> Scott, >>> >>> Apparently Chainsaw has dependencies that have CVEs reported against them >>> (or so I am told). We haven’t enabled GitHub Issues for Chainsaw AFAIK. >>> Both of these need to be addressed if the project is going to be >> considered >>> active. Are you willing to help with both of these? >>> >>> Ralph >>> >>>> On Sep 19, 2023, at 3:25 AM, Scott Deboy <scott.de...@gmail.com> >> wrote: >>>> >>>> Well, it still works well, and real time log analysis and Chainsaw's >>>> support for filtering are very powerful for many dev-local use cases. >>>> >>>> User base I can't speak to, but I agree based on lack of questions it's >>>> probably very low to non-existent. >>>> >>>> I'd prefer we find an option that isn't "nuke it from orbit". >>>> >>>> Scott >>>> >>>> >>>> >>>> On Tue, Sep 19, 2023, 12:00 AM Volkan Yazıcı <vol...@yazi.ci> wrote: >>>> >>>>> AFAIC, Chainsaw is hardly getting any maintenance. Considering its >>> activity >>>>> over the years, I haven't witnessed a user base either. I suppose the >>> trend >>>>> in processing logs (i.e., rendering them into JSON and storing them in >>>>> Elasticsearch, GCP/AWS log sinks, etc.) is shifted away from >>>>> `PatternLayout`-rendered files collected under `/var/logs`. I would >>> like to >>>>> retire[1] Chainsaw in a vote thread. Thoughts? >>>>> >>>>> [1] Retirement translates to archival of the repository and clearing >> up >>> its >>>>> mentions in `logging.apache.org`. >>>>> >>> >>> >>
