On Fri, Jan 7, 2022 at 12:10 PM Ted Dunning <ted.dunn...@gmail.com> wrote:
> I have been watching the private and public mailing lists for Apache > Logging as part of $dayjob as well. > > I read the mood there differently. The most recent comment I remember was a > confirmation that "no bugfixes or security patches are planned for log4j1". > > Log4j2 really is much larger than necessary. This is, in my opinion, the > root cause of the recent farago. > > But having a cutaway by using slf4j is a very reasonable position to take > there. Customers can use log4j2 if they want to or opt for simpler systems. > Our default can be as simple as we like (even just util.logging). > > That is a really good point Ted, one that came to mind a couple weeks ago but I never circled back on - why are we not using util.logging by default? Assuming end users can configure (slf4j) whatever they want. Perhaps we could even ship "samples" for the various options if there is interest... Regards, Patrick > On Fri, Jan 7, 2022 at 9:57 AM Patrick Hunt <ph...@apache.org> wrote: > > > ... > > > > I also see that there is interest (upstream/apache I mean) in > > resurrecting log4j1 - imo that could also be a good path for us. > > > > > > >
