Re: [VOTE] Release Log4Net 2.0.9
Great! How do we get the nupkg to nuget.org? This is the final step that most users are going to be interested in. Having a look at what's at the url you posted, I have ideas on how to streamline future releases, so the next time I'm in that area, I'm definitely implementing those ideas. I don't see changes to the Release Notes area -- if I were to try to streamline that into a release, would a CHANGELOG file be useful? Or is there a better way? -d On 2020/08/16 23:26:07, Matt Sicker wrote: I committed them to dist already. I don't know how long we should wait for any mirroring to catch up, though on my end, I see updated artifacts on https://downloads.apache.org/logging/log4net/ other than the release notes. On Sun, 16 Aug 2020 at 15:09, Ralph Goers wrote: > > +1 to that! > > Let me know when these are published. I can update the web site to reflect > that it is no longer dormant. > > Ralph > > > On Aug 16, 2020, at 11:54 AM, Matt Sicker wrote: > > > > Thanks so much for your help in releasing this! > > > > On Sun, 16 Aug 2020 at 13:53, Davyd McColl wrote: > >> > >> I'll make changes to the automated build to affect all changes you have > >> made (and perhaps will make) automatically to future releases for the next > >> release. Apologies for making this more difficult than it needs to be (: > >> > >> -d > >> > >> > >> On August 16, 2020 20:37:01 Matt Sicker wrote: > >> > >>> Just a simple copy of the LICENSE and NOTICE file into the binaries > >>> zip, and a rename of the files to include "apache" in the name. I've > >>> uploaded them to dist along with updating the KEYS file for log4net, > >>> though that should probably be merged together with the project-wide > >>> KEYS file in the parent directory. There's an outdated README.html in > >>> the directory still containing the old release notes, but we can > >>> address that next. > >>> > >>> On Sun, 16 Aug 2020 at 13:12, Matt Sicker wrote: > > One issue I found in one of the artifacts that I can address before > uploading since it wasn't signed is the binaries zip is missing the > LICENSE file. I'm not sure if there's a standard way to include that > in the nupkg file, but I did see that in its metadata, it explicitly > says the code is Apache2 licensed at least. > > On Sun, 16 Aug 2020 at 13:03, Matt Sicker wrote: > > > > I'll sign and publish the artifacts today. > > > > On Mon, 3 Aug 2020 at 17:43, Ralph Goers wrote: > >> > >> Thanks Remko. That makes 3 +1 votes from PMC members. > >> > >> Ralph > >> > >>> On Aug 3, 2020, at 2:12 PM, Remko Popma wrote: > >>> > >>> +1 Remko. > >>> > >>> On Tue, Aug 4, 2020 at 1:04 AM Matt Sicker wrote: > >>> > +1 from me. We can handle the release signing afterwards as Ralph > suggests. > > On Mon, 3 Aug 2020 at 10:30, Ralph Goers > wrote: > > > > Can other PMC members please review this? It has been more than 72 > hours. > > > > Ralph > > > >> On Jul 30, 2020, at 11:17 PM, Davyd McColl > wrote: > >> > >> Hi all, I've never done this before, so bear with me if I fluff it: > >> > >> This is a proposed vote to release log4net 2.0.9 from PR > https://github.com/apache/logging-log4net/pull/61 > >> > >> Release artifacts (including source zip) are at: > > https://ci.appveyor.com/project/fluffynuts/logging-log4net/builds/34063235/artifacts > >> Source can be checked out from > https://github.com/fluffynuts/logging-log4net/logging-log4net, tag > rel/ > 2.0.9. I can't push tags to the upstream, but this tag is exactly the > same commit as the last in the PR mentioned above, which was > accepted into > master a few days ago. > >> > >> Please check out the artifacts & if everyone is ok with what's > >> there, > please can someone with the rights to publish to nuget do so. > >> > >> Once I've seen how this process works, I'd like to tackle the CVE > >> that > has been brought up on this list more than once -- it's a simple > change > which was already committed to the develop branch some time ago, so > there > are a couple of options here: > >> 1. cherry-pick that commit & do a 2.0.10 release pronto, with only > that change > >> 2. trawl the develop branch to see what else was already solved in > there, and get that out as 2.0.10, and perhaps close out that branch > to > avoid future confusion. > >> > >> Thanks for your time > >> -d > > > > > > > -- > Matt Sicker > > >> > >> > > > > > > -- > > Matt Sicker > > > > >
Re: [VOTE] [log4xx] Release log4cxx 0.11.0
I noticed that the files have she and md5 files. We are not supposed to use either of these any more and only use sha512. I can fix that. I vote +1 Ralph > On Aug 9, 2020, at 10:24 AM, Robert Middleton wrote: > > I've run through the release of log4cxx 0.11.0. There's still something > strange about how it all works(mostly due to the tooling of shell > script/maven/ant/cmake/autotools). However, I do believe that I have a > workable release at this point. A quick note on the release: I did the > 'mvn release:prepare' manually, which is where these artifacts come from; > running through the 'mvn release:perform' causes the generated files to be > -SNAPSHOT versioned, instead of 0.11.0. This means that the version of the > pom.xml in the tag is still 0.11.0-SNAPSHOT, but since maven isn't really > used to build I don't think this will be an issue. > > Artifacts uploaded here: > https://dist.apache.org/repos/dist/dev/logging/log4cxx/ > tag: https://github.com/apache/logging-log4cxx/tree/v0.11.0-RC2 > > The artifacts are signed, although I still need to send my key to Matt so > he can import it into the logging KEYS file. > > -Robert Middleton
Re: [VOTE] Release Log4Net 2.0.9
I committed them to dist already. I don't know how long we should wait for any mirroring to catch up, though on my end, I see updated artifacts on https://downloads.apache.org/logging/log4net/ other than the release notes. On Sun, 16 Aug 2020 at 15:09, Ralph Goers wrote: > > +1 to that! > > Let me know when these are published. I can update the web site to reflect > that it is no longer dormant. > > Ralph > > > On Aug 16, 2020, at 11:54 AM, Matt Sicker wrote: > > > > Thanks so much for your help in releasing this! > > > > On Sun, 16 Aug 2020 at 13:53, Davyd McColl wrote: > >> > >> I'll make changes to the automated build to affect all changes you have > >> made (and perhaps will make) automatically to future releases for the next > >> release. Apologies for making this more difficult than it needs to be (: > >> > >> -d > >> > >> > >> On August 16, 2020 20:37:01 Matt Sicker wrote: > >> > >>> Just a simple copy of the LICENSE and NOTICE file into the binaries > >>> zip, and a rename of the files to include "apache" in the name. I've > >>> uploaded them to dist along with updating the KEYS file for log4net, > >>> though that should probably be merged together with the project-wide > >>> KEYS file in the parent directory. There's an outdated README.html in > >>> the directory still containing the old release notes, but we can > >>> address that next. > >>> > >>> On Sun, 16 Aug 2020 at 13:12, Matt Sicker wrote: > > One issue I found in one of the artifacts that I can address before > uploading since it wasn't signed is the binaries zip is missing the > LICENSE file. I'm not sure if there's a standard way to include that > in the nupkg file, but I did see that in its metadata, it explicitly > says the code is Apache2 licensed at least. > > On Sun, 16 Aug 2020 at 13:03, Matt Sicker wrote: > > > > I'll sign and publish the artifacts today. > > > > On Mon, 3 Aug 2020 at 17:43, Ralph Goers > > wrote: > >> > >> Thanks Remko. That makes 3 +1 votes from PMC members. > >> > >> Ralph > >> > >>> On Aug 3, 2020, at 2:12 PM, Remko Popma wrote: > >>> > >>> +1 Remko. > >>> > >>> On Tue, Aug 4, 2020 at 1:04 AM Matt Sicker wrote: > >>> > +1 from me. We can handle the release signing afterwards as Ralph > suggests. > > On Mon, 3 Aug 2020 at 10:30, Ralph Goers > wrote: > > > > Can other PMC members please review this? It has been more than 72 > hours. > > > > Ralph > > > >> On Jul 30, 2020, at 11:17 PM, Davyd McColl > >> > wrote: > >> > >> Hi all, I've never done this before, so bear with me if I fluff it: > >> > >> This is a proposed vote to release log4net 2.0.9 from PR > https://github.com/apache/logging-log4net/pull/61 > >> > >> Release artifacts (including source zip) are at: > > https://ci.appveyor.com/project/fluffynuts/logging-log4net/builds/34063235/artifacts > >> Source can be checked out from > https://github.com/fluffynuts/logging-log4net/logging-log4net, tag > rel/ > 2.0.9. I can't push tags to the upstream, but this tag is exactly the > same commit as the last in the PR mentioned above, which was > accepted into > master a few days ago. > >> > >> Please check out the artifacts & if everyone is ok with what's > >> there, > please can someone with the rights to publish to nuget do so. > >> > >> Once I've seen how this process works, I'd like to tackle the CVE > >> that > has been brought up on this list more than once -- it's a simple > change > which was already committed to the develop branch some time ago, so > there > are a couple of options here: > >> 1. cherry-pick that commit & do a 2.0.10 release pronto, with only > that change > >> 2. trawl the develop branch to see what else was already solved in > there, and get that out as 2.0.10, and perhaps close out that branch > to > avoid future confusion. > >> > >> Thanks for your time > >> -d > > > > > > > -- > Matt Sicker > > >> > >> > > > > > > -- > > Matt Sicker > > > > -- > Matt Sicker > >>> > >>> > >>> > >>> -- > >>> Matt Sicker > > > > > > > > -- > > Matt Sicker > > > > -- Matt Sicker
Re: [VOTE] Release Log4Net 2.0.9
+1 to that! Let me know when these are published. I can update the web site to reflect that it is no longer dormant. Ralph > On Aug 16, 2020, at 11:54 AM, Matt Sicker wrote: > > Thanks so much for your help in releasing this! > > On Sun, 16 Aug 2020 at 13:53, Davyd McColl wrote: >> >> I'll make changes to the automated build to affect all changes you have >> made (and perhaps will make) automatically to future releases for the next >> release. Apologies for making this more difficult than it needs to be (: >> >> -d >> >> >> On August 16, 2020 20:37:01 Matt Sicker wrote: >> >>> Just a simple copy of the LICENSE and NOTICE file into the binaries >>> zip, and a rename of the files to include "apache" in the name. I've >>> uploaded them to dist along with updating the KEYS file for log4net, >>> though that should probably be merged together with the project-wide >>> KEYS file in the parent directory. There's an outdated README.html in >>> the directory still containing the old release notes, but we can >>> address that next. >>> >>> On Sun, 16 Aug 2020 at 13:12, Matt Sicker wrote: One issue I found in one of the artifacts that I can address before uploading since it wasn't signed is the binaries zip is missing the LICENSE file. I'm not sure if there's a standard way to include that in the nupkg file, but I did see that in its metadata, it explicitly says the code is Apache2 licensed at least. On Sun, 16 Aug 2020 at 13:03, Matt Sicker wrote: > > I'll sign and publish the artifacts today. > > On Mon, 3 Aug 2020 at 17:43, Ralph Goers > wrote: >> >> Thanks Remko. That makes 3 +1 votes from PMC members. >> >> Ralph >> >>> On Aug 3, 2020, at 2:12 PM, Remko Popma wrote: >>> >>> +1 Remko. >>> >>> On Tue, Aug 4, 2020 at 1:04 AM Matt Sicker wrote: >>> +1 from me. We can handle the release signing afterwards as Ralph suggests. On Mon, 3 Aug 2020 at 10:30, Ralph Goers wrote: > > Can other PMC members please review this? It has been more than 72 hours. > > Ralph > >> On Jul 30, 2020, at 11:17 PM, Davyd McColl wrote: >> >> Hi all, I've never done this before, so bear with me if I fluff it: >> >> This is a proposed vote to release log4net 2.0.9 from PR https://github.com/apache/logging-log4net/pull/61 >> >> Release artifacts (including source zip) are at: https://ci.appveyor.com/project/fluffynuts/logging-log4net/builds/34063235/artifacts >> Source can be checked out from https://github.com/fluffynuts/logging-log4net/logging-log4net, tag rel/ 2.0.9. I can't push tags to the upstream, but this tag is exactly the same commit as the last in the PR mentioned above, which was accepted into master a few days ago. >> >> Please check out the artifacts & if everyone is ok with what's there, please can someone with the rights to publish to nuget do so. >> >> Once I've seen how this process works, I'd like to tackle the CVE >> that has been brought up on this list more than once -- it's a simple change which was already committed to the develop branch some time ago, so there are a couple of options here: >> 1. cherry-pick that commit & do a 2.0.10 release pronto, with only that change >> 2. trawl the develop branch to see what else was already solved in there, and get that out as 2.0.10, and perhaps close out that branch to avoid future confusion. >> >> Thanks for your time >> -d > > -- Matt Sicker >> >> > > > -- > Matt Sicker -- Matt Sicker >>> >>> >>> >>> -- >>> Matt Sicker > > > > -- > Matt Sicker >
[VOTE][LAZY] Release Logging Parent POM version 3
It's been over two years since the last parent POM release. In that time, its own parent POM has been upgraded from version 19 to version 23. We don't really have any other explicit changes here, though the build pipeline from last time has since been moved to our unified logging-pipelines git repository. This is a vote using lazy consensus to release version 3 of Logging Parent POM. After 72 hours, if there are no objections, we will release this parent pom. Please leave your votes if you wish. Staging repository: https://repository.apache.org/content/repositories/orgapachelogging-1060/ Git repository: https://gitbox.apache.org/repos/asf/logging-parent.git Tag: logging-parent-3 Signed using key fingerprint = 748F 15B2 CF9B A8F0 2415 5E6E D7C9 2B70 FA1C 814D as provided in the Logging Services PMC KEYS file: https://downloads.apache.org/logging/KEYS You can import the project KEYS file for verifying releases using the command: gpg --import <(curl https://downloads.apache.org/logging/KEYS) The key can also be imported from public GPG keyservers using the command: gpg --recv-keys 748F15B2CF9BA8F024155E6ED7C92B70FA1C814D -- Matt Sicker
Re: [VOTE] Release Log4Net 2.0.9
Thanks so much for your help in releasing this! On Sun, 16 Aug 2020 at 13:53, Davyd McColl wrote: > > I'll make changes to the automated build to affect all changes you have > made (and perhaps will make) automatically to future releases for the next > release. Apologies for making this more difficult than it needs to be (: > > -d > > > On August 16, 2020 20:37:01 Matt Sicker wrote: > > > Just a simple copy of the LICENSE and NOTICE file into the binaries > > zip, and a rename of the files to include "apache" in the name. I've > > uploaded them to dist along with updating the KEYS file for log4net, > > though that should probably be merged together with the project-wide > > KEYS file in the parent directory. There's an outdated README.html in > > the directory still containing the old release notes, but we can > > address that next. > > > > On Sun, 16 Aug 2020 at 13:12, Matt Sicker wrote: > >> > >> One issue I found in one of the artifacts that I can address before > >> uploading since it wasn't signed is the binaries zip is missing the > >> LICENSE file. I'm not sure if there's a standard way to include that > >> in the nupkg file, but I did see that in its metadata, it explicitly > >> says the code is Apache2 licensed at least. > >> > >> On Sun, 16 Aug 2020 at 13:03, Matt Sicker wrote: > >> > > >> > I'll sign and publish the artifacts today. > >> > > >> > On Mon, 3 Aug 2020 at 17:43, Ralph Goers > >> > wrote: > >> > > > >> > > Thanks Remko. That makes 3 +1 votes from PMC members. > >> > > > >> > > Ralph > >> > > > >> > > > On Aug 3, 2020, at 2:12 PM, Remko Popma > >> > > > wrote: > >> > > > > >> > > > +1 Remko. > >> > > > > >> > > > On Tue, Aug 4, 2020 at 1:04 AM Matt Sicker wrote: > >> > > > > >> > > >> +1 from me. We can handle the release signing afterwards as Ralph > >> suggests. > >> > > >> > >> > > >> On Mon, 3 Aug 2020 at 10:30, Ralph Goers > >> > > >> > >> > > >> wrote: > >> > > >>> > >> > > >>> Can other PMC members please review this? It has been more than 72 > >> > > >> hours. > >> > > >>> > >> > > >>> Ralph > >> > > >>> > >> > > On Jul 30, 2020, at 11:17 PM, Davyd McColl > >> > > > >> > > >> wrote: > >> > > > >> > > Hi all, I've never done this before, so bear with me if I fluff > >> > > it: > >> > > > >> > > This is a proposed vote to release log4net 2.0.9 from PR > >> > > >> https://github.com/apache/logging-log4net/pull/61 > >> > > > >> > > Release artifacts (including source zip) are at: > >> > > >> > >> https://ci.appveyor.com/project/fluffynuts/logging-log4net/builds/34063235/artifacts > >> > > Source can be checked out from > >> > > >> https://github.com/fluffynuts/logging-log4net/logging-log4net, tag > >> > > >> rel/ > >> > > >> 2.0.9. I can't push tags to the upstream, but this tag is exactly > >> > > >> the > >> > > >> same commit as the last in the PR mentioned above, which was > >> accepted into > >> > > >> master a few days ago. > >> > > > >> > > Please check out the artifacts & if everyone is ok with what's > >> > > there, > >> > > >> please can someone with the rights to publish to nuget do so. > >> > > > >> > > Once I've seen how this process works, I'd like to tackle the CVE > >> > > that > >> > > >> has been brought up on this list more than once -- it's a simple > >> > > >> change > >> > > >> which was already committed to the develop branch some time ago, so > >> there > >> > > >> are a couple of options here: > >> > > 1. cherry-pick that commit & do a 2.0.10 release pronto, with only > >> > > >> that change > >> > > 2. trawl the develop branch to see what else was already solved in > >> > > >> there, and get that out as 2.0.10, and perhaps close out that > >> > > >> branch to > >> > > >> avoid future confusion. > >> > > > >> > > Thanks for your time > >> > > -d > >> > > >>> > >> > > >>> > >> > > >> > >> > > >> > >> > > >> -- > >> > > >> Matt Sicker > >> > > >> > >> > > > >> > > > >> > > >> > > >> > -- > >> > Matt Sicker > >> > >> > >> > >> -- > >> Matt Sicker > > > > > > > > -- > > Matt Sicker -- Matt Sicker
Re: [VOTE] Release Log4Net 2.0.9
I'll make changes to the automated build to affect all changes you have made (and perhaps will make) automatically to future releases for the next release. Apologies for making this more difficult than it needs to be (: -d On August 16, 2020 20:37:01 Matt Sicker wrote: Just a simple copy of the LICENSE and NOTICE file into the binaries zip, and a rename of the files to include "apache" in the name. I've uploaded them to dist along with updating the KEYS file for log4net, though that should probably be merged together with the project-wide KEYS file in the parent directory. There's an outdated README.html in the directory still containing the old release notes, but we can address that next. On Sun, 16 Aug 2020 at 13:12, Matt Sicker wrote: One issue I found in one of the artifacts that I can address before uploading since it wasn't signed is the binaries zip is missing the LICENSE file. I'm not sure if there's a standard way to include that in the nupkg file, but I did see that in its metadata, it explicitly says the code is Apache2 licensed at least. On Sun, 16 Aug 2020 at 13:03, Matt Sicker wrote: > > I'll sign and publish the artifacts today. > > On Mon, 3 Aug 2020 at 17:43, Ralph Goers wrote: > > > > Thanks Remko. That makes 3 +1 votes from PMC members. > > > > Ralph > > > > > On Aug 3, 2020, at 2:12 PM, Remko Popma wrote: > > > > > > +1 Remko. > > > > > > On Tue, Aug 4, 2020 at 1:04 AM Matt Sicker wrote: > > > > > >> +1 from me. We can handle the release signing afterwards as Ralph suggests. > > >> > > >> On Mon, 3 Aug 2020 at 10:30, Ralph Goers > > >> wrote: > > >>> > > >>> Can other PMC members please review this? It has been more than 72 > > >> hours. > > >>> > > >>> Ralph > > >>> > > On Jul 30, 2020, at 11:17 PM, Davyd McColl > > >> wrote: > > > > Hi all, I've never done this before, so bear with me if I fluff it: > > > > This is a proposed vote to release log4net 2.0.9 from PR > > >> https://github.com/apache/logging-log4net/pull/61 > > > > Release artifacts (including source zip) are at: > > >> https://ci.appveyor.com/project/fluffynuts/logging-log4net/builds/34063235/artifacts > > Source can be checked out from > > >> https://github.com/fluffynuts/logging-log4net/logging-log4net, tag rel/ > > >> 2.0.9. I can't push tags to the upstream, but this tag is exactly the > > >> same commit as the last in the PR mentioned above, which was accepted into > > >> master a few days ago. > > > > Please check out the artifacts & if everyone is ok with what's there, > > >> please can someone with the rights to publish to nuget do so. > > > > Once I've seen how this process works, I'd like to tackle the CVE that > > >> has been brought up on this list more than once -- it's a simple change > > >> which was already committed to the develop branch some time ago, so there > > >> are a couple of options here: > > 1. cherry-pick that commit & do a 2.0.10 release pronto, with only > > >> that change > > 2. trawl the develop branch to see what else was already solved in > > >> there, and get that out as 2.0.10, and perhaps close out that branch to > > >> avoid future confusion. > > > > Thanks for your time > > -d > > >>> > > >>> > > >> > > >> > > >> -- > > >> Matt Sicker > > >> > > > > > > > -- > Matt Sicker -- Matt Sicker -- Matt Sicker
Re: [VOTE] Release Log4Net 2.0.9
Just a simple copy of the LICENSE and NOTICE file into the binaries zip, and a rename of the files to include "apache" in the name. I've uploaded them to dist along with updating the KEYS file for log4net, though that should probably be merged together with the project-wide KEYS file in the parent directory. There's an outdated README.html in the directory still containing the old release notes, but we can address that next. On Sun, 16 Aug 2020 at 13:12, Matt Sicker wrote: > > One issue I found in one of the artifacts that I can address before > uploading since it wasn't signed is the binaries zip is missing the > LICENSE file. I'm not sure if there's a standard way to include that > in the nupkg file, but I did see that in its metadata, it explicitly > says the code is Apache2 licensed at least. > > On Sun, 16 Aug 2020 at 13:03, Matt Sicker wrote: > > > > I'll sign and publish the artifacts today. > > > > On Mon, 3 Aug 2020 at 17:43, Ralph Goers wrote: > > > > > > Thanks Remko. That makes 3 +1 votes from PMC members. > > > > > > Ralph > > > > > > > On Aug 3, 2020, at 2:12 PM, Remko Popma wrote: > > > > > > > > +1 Remko. > > > > > > > > On Tue, Aug 4, 2020 at 1:04 AM Matt Sicker wrote: > > > > > > > >> +1 from me. We can handle the release signing afterwards as Ralph > > > >> suggests. > > > >> > > > >> On Mon, 3 Aug 2020 at 10:30, Ralph Goers > > > >> wrote: > > > >>> > > > >>> Can other PMC members please review this? It has been more than 72 > > > >> hours. > > > >>> > > > >>> Ralph > > > >>> > > > On Jul 30, 2020, at 11:17 PM, Davyd McColl > > > >> wrote: > > > > > > Hi all, I've never done this before, so bear with me if I fluff it: > > > > > > This is a proposed vote to release log4net 2.0.9 from PR > > > >> https://github.com/apache/logging-log4net/pull/61 > > > > > > Release artifacts (including source zip) are at: > > > >> https://ci.appveyor.com/project/fluffynuts/logging-log4net/builds/34063235/artifacts > > > Source can be checked out from > > > >> https://github.com/fluffynuts/logging-log4net/logging-log4net, tag rel/ > > > >> 2.0.9. I can't push tags to the upstream, but this tag is exactly the > > > >> same commit as the last in the PR mentioned above, which was accepted > > > >> into > > > >> master a few days ago. > > > > > > Please check out the artifacts & if everyone is ok with what's there, > > > >> please can someone with the rights to publish to nuget do so. > > > > > > Once I've seen how this process works, I'd like to tackle the CVE > > > that > > > >> has been brought up on this list more than once -- it's a simple change > > > >> which was already committed to the develop branch some time ago, so > > > >> there > > > >> are a couple of options here: > > > 1. cherry-pick that commit & do a 2.0.10 release pronto, with only > > > >> that change > > > 2. trawl the develop branch to see what else was already solved in > > > >> there, and get that out as 2.0.10, and perhaps close out that branch to > > > >> avoid future confusion. > > > > > > Thanks for your time > > > -d > > > >>> > > > >>> > > > >> > > > >> > > > >> -- > > > >> Matt Sicker > > > >> > > > > > > > > > > > > -- > > Matt Sicker > > > > -- > Matt Sicker -- Matt Sicker
Re: [VOTE] Release Log4Net 2.0.9
One issue I found in one of the artifacts that I can address before uploading since it wasn't signed is the binaries zip is missing the LICENSE file. I'm not sure if there's a standard way to include that in the nupkg file, but I did see that in its metadata, it explicitly says the code is Apache2 licensed at least. On Sun, 16 Aug 2020 at 13:03, Matt Sicker wrote: > > I'll sign and publish the artifacts today. > > On Mon, 3 Aug 2020 at 17:43, Ralph Goers wrote: > > > > Thanks Remko. That makes 3 +1 votes from PMC members. > > > > Ralph > > > > > On Aug 3, 2020, at 2:12 PM, Remko Popma wrote: > > > > > > +1 Remko. > > > > > > On Tue, Aug 4, 2020 at 1:04 AM Matt Sicker wrote: > > > > > >> +1 from me. We can handle the release signing afterwards as Ralph > > >> suggests. > > >> > > >> On Mon, 3 Aug 2020 at 10:30, Ralph Goers > > >> wrote: > > >>> > > >>> Can other PMC members please review this? It has been more than 72 > > >> hours. > > >>> > > >>> Ralph > > >>> > > On Jul 30, 2020, at 11:17 PM, Davyd McColl > > >> wrote: > > > > Hi all, I've never done this before, so bear with me if I fluff it: > > > > This is a proposed vote to release log4net 2.0.9 from PR > > >> https://github.com/apache/logging-log4net/pull/61 > > > > Release artifacts (including source zip) are at: > > >> https://ci.appveyor.com/project/fluffynuts/logging-log4net/builds/34063235/artifacts > > Source can be checked out from > > >> https://github.com/fluffynuts/logging-log4net/logging-log4net, tag rel/ > > >> 2.0.9. I can't push tags to the upstream, but this tag is exactly the > > >> same commit as the last in the PR mentioned above, which was accepted > > >> into > > >> master a few days ago. > > > > Please check out the artifacts & if everyone is ok with what's there, > > >> please can someone with the rights to publish to nuget do so. > > > > Once I've seen how this process works, I'd like to tackle the CVE that > > >> has been brought up on this list more than once -- it's a simple change > > >> which was already committed to the develop branch some time ago, so there > > >> are a couple of options here: > > 1. cherry-pick that commit & do a 2.0.10 release pronto, with only > > >> that change > > 2. trawl the develop branch to see what else was already solved in > > >> there, and get that out as 2.0.10, and perhaps close out that branch to > > >> avoid future confusion. > > > > Thanks for your time > > -d > > >>> > > >>> > > >> > > >> > > >> -- > > >> Matt Sicker > > >> > > > > > > > -- > Matt Sicker -- Matt Sicker
Re: [VOTE] Release Log4Net 2.0.9
I'll sign and publish the artifacts today. On Mon, 3 Aug 2020 at 17:43, Ralph Goers wrote: > > Thanks Remko. That makes 3 +1 votes from PMC members. > > Ralph > > > On Aug 3, 2020, at 2:12 PM, Remko Popma wrote: > > > > +1 Remko. > > > > On Tue, Aug 4, 2020 at 1:04 AM Matt Sicker wrote: > > > >> +1 from me. We can handle the release signing afterwards as Ralph suggests. > >> > >> On Mon, 3 Aug 2020 at 10:30, Ralph Goers > >> wrote: > >>> > >>> Can other PMC members please review this? It has been more than 72 > >> hours. > >>> > >>> Ralph > >>> > On Jul 30, 2020, at 11:17 PM, Davyd McColl > >> wrote: > > Hi all, I've never done this before, so bear with me if I fluff it: > > This is a proposed vote to release log4net 2.0.9 from PR > >> https://github.com/apache/logging-log4net/pull/61 > > Release artifacts (including source zip) are at: > >> https://ci.appveyor.com/project/fluffynuts/logging-log4net/builds/34063235/artifacts > Source can be checked out from > >> https://github.com/fluffynuts/logging-log4net/logging-log4net, tag rel/ > >> 2.0.9. I can't push tags to the upstream, but this tag is exactly the > >> same commit as the last in the PR mentioned above, which was accepted into > >> master a few days ago. > > Please check out the artifacts & if everyone is ok with what's there, > >> please can someone with the rights to publish to nuget do so. > > Once I've seen how this process works, I'd like to tackle the CVE that > >> has been brought up on this list more than once -- it's a simple change > >> which was already committed to the develop branch some time ago, so there > >> are a couple of options here: > 1. cherry-pick that commit & do a 2.0.10 release pronto, with only > >> that change > 2. trawl the develop branch to see what else was already solved in > >> there, and get that out as 2.0.10, and perhaps close out that branch to > >> avoid future confusion. > > Thanks for your time > -d > >>> > >>> > >> > >> > >> -- > >> Matt Sicker > >> > > -- Matt Sicker