Hm yeah, for "larger" contributions, a CLA is good. I'm not sure when larger is large enough though.
Gary On Tue, Jan 12, 2016 at 4:31 AM, Mikael Ståldal <[email protected]> wrote: > > I am looking for some guidance on how I should go about submitting these > changes back to the Apache Log4j 2.x team for inclusion in the code base. > > You would need to sign and submit an Apache CLA, see here: > > http://www.apache.org/dev/new-committers-guide.html#cla > > > On Fri, Jan 8, 2016 at 5:13 PM, Bryan Krol <[email protected]> > wrote: > >> Hello all, >> >> As part of some other work I have been doing, our team has decided that >> it would be worth extending the Log4j2 library in such a way as to better >> support logging of security events. We also thought what we did would be >> of interest to the larger Apache community, mostly because the need for >> application-level security auditing is growing to help mitigate the >> increase of application security incidents. In order to facilitate better >> auditing practices, developers now have a need to include better security >> logging practices in the development process. Application logs provide >> valuable data for: >> >> - >> >> Identifying security threats >> - >> >> Monitoring policy violations >> - >> >> Providing details about problems and unusual conditions >> - >> >> Contributing application-specific data for auditing which is lacking >> in other sources >> - >> >> Helping defend against vulnerability identification and exploitation >> through attack detection. >> >> I have attached a document that more thoroughly explains what we have >> done and what "problems" we were looking to solve with our changes. >> I am looking for some guidance on how I should go about submitting these >> changes back to the Apache Log4j 2.x team for inclusion in the code base. I >> have implemented both the functionality and the appropriate JUnit code for >> testing of the additions. >> >> If anyone could respond with some information to help, I would greatly >> appreciate it. >> >> Thank you, >> >> -- >> Bryan Krol >> Software Engineer >> Technergetics, LLC >> [email protected] >> Phone: (315) 271-2096 >> Fax: (886) 307-4382 >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] >> > > > > -- > [image: MagineTV] > > *Mikael Ståldal* > Senior software developer > > *Magine TV* > [email protected] > Grev Turegatan 3 | 114 46 Stockholm, Sweden | www.magine.com > > Privileged and/or Confidential Information may be contained in this > message. If you are not the addressee indicated in this message > (or responsible for delivery of the message to such a person), you may not > copy or deliver this message to anyone. In such case, > you should destroy this message and kindly notify the sender by reply > email. > -- E-Mail: [email protected] | [email protected] Java Persistence with Hibernate, Second Edition <http://www.manning.com/bauer3/> JUnit in Action, Second Edition <http://www.manning.com/tahchiev/> Spring Batch in Action <http://www.manning.com/templier/> Blog: http://garygregory.wordpress.com Home: http://garygregory.com/ Tweet! http://twitter.com/GaryGregory
