Re: [VOTE] [log4net] Release 2.0.11
Yeah, now that you point that out the artifact I looked at was the one in the original email in this thread - 2.0.11.zip. I can’t say what everyone else voted on. Ralph > On Oct 26, 2020, at 7:41 AM, Davyd McColl wrote: > > Ralph, I think this thread has been a little confused along the way -- I see > that the title of this mail includes the version 2.0.11, but the current > release is 2.0.12, which includes the versioning fix mentioned in this > thread, as well as fixes for LOG4NET-(652|653) wherein the username > associated with the current thread was not being properly handled on > non-win32 targets (and was, in fact, throwing an exception). I'm not entirely > sure when the confusion settled in, but the initial vote was set off on > Friday 23 October, and was voted +1 by both Remko and Matt, however your > response has been to this thread, so I'd like to double-check whether your > vote is for the 2.0.12 release? I know the cat's kinda out the proverbial > bag... however, before I go declaring that I have 3 votes on 2.0.12, I'd like > to make sure! > > I swear, one of these days I'm going to do a release without a hiccup :| > > -d > > On 2020/10/26 16:35:46, Davyd McColl wrote: > Hi Matt > > Thanks, I still forget some of the dots and crosses ): > > -d > > On 2020/10/26 16:20:58, Matt Sicker wrote: > Yes, an email confirming the vote passed along with the tally. Then, > after everything has been uploaded and mirrored, we can send an > announcement email about the release. > > On Mon, 26 Oct 2020 at 06:58, Davyd McColl wrote: >> >> By results, I understand you mean a tally? There were only three votes, all >> positive. I've pushed the nupkg. >> >> -d >> >> >> On October 26, 2020 13:35:15 Apache wrote: >> >>> You need to close the vote thread with the results first before performing >>> the final release steps. >>> >>> Ralph >>> On Oct 25, 2020, at 11:24 PM, Davyd McColl wrote: Thanks Ralph Could you assist with getting artifacts up to downloads.apache.org? I'm going to push the nupkg because people are waiting on it, and will have to set the new documentation live because people will expect it, but right now, the download links are broken. Thanks -d On 2020/10/25 01:21:15, Ralph Goers wrote: My +1 Ralph > On Sep 22, 2020, at 11:21 PM, Davyd McColl wrote: > > Thanks all; I've completed the release as far as I can (Ralph, please push > the relevant artifacts from > https://github.com/apache/logging-log4net/releases/tag/rel%2F2.0.11 the > last mile) and pushed the nuget package. > > -d > > On 2020/09/22 17:34:34, Matt Sicker wrote: > +1 > >> On Tue, Sep 22, 2020 at 04:23 Dominik Psenner wrote: >> >> +1 >> >> >> >> -- >> >> Sent from my phone. Typos are a kind gift to anyone who happens to find >> >> them. >> >> >> >>> On Tue, Sep 22, 2020, 08:37 Davyd McColl wrote: >> >> >> >>> Hi all >> >>> >> >>> I'd appreciate any more +1's (thanks, Remko!). I'd like to get this out >> >>> the door because it fixes confusing versioning on the released binaries >> (in >> >>> particular, nuget consumers) >> >>> >> >>> Thanks >> >>> -d >> On 2020/09/20 22:33:49, Matt Sicker wrote: >> >>> I can use whatever. >> >>> >> On Sun, 20 Sep 2020 at 15:26, Ralph Goers wrote: >> >> I don’t have google meet and I can’t use Skype since Microsoft hosed my >> >>> authentication. I have zoom. My company uses Amazon Chime, which is >> fairly >> >>> new, as part of our product offering. I’ve sent you both emails for a >> >>> meeting using that. >> >> Ralph >> >> >> On Sep 20, 2020, at 1:01 PM, Matt Sicker wrote: >> > >> > I sent a Google Meet invite to you. >> > >> >> On Sun, 20 Sep 2020 at 14:26, Davyd McColl wrote: >> >> >> >> I'm happy to be available at 8am my side, if that works for everyone >> >>> else. >> >> It sounds like earlier would be better, but I'm doing the morning >> >>> school >> >> run from 7am and can't guarantee I'll be back significantly before >> >>> 8am. >> >> >> >> How to do this? I have zoom and slack on my work machine, can >> install >> >> Skype if that's more convenient, can do google meet, I assume, >> though >> >> haven't ever tried, so may need a bit of a crash intro. >> >> >> >> If posting meeting details to the mailing list is not on, feel free >> to >> >> email me directly (: >>
Re: [VOTE] [log4net] Release 2.0.11
Ralph, I think this thread has been a little confused along the way -- I see that the title of this mail includes the version 2.0.11, but the current release is 2.0.12, which includes the versioning fix mentioned in this thread, as well as fixes for LOG4NET-(652|653) wherein the username associated with the current thread was not being properly handled on non-win32 targets (and was, in fact, throwing an exception). I'm not entirely sure when the confusion settled in, but the initial vote was set off on Friday 23 October, and was voted +1 by both Remko and Matt, however your response has been to this thread, so I'd like to double-check whether your vote is for the 2.0.12 release? I know the cat's kinda out the proverbial bag... however, before I go declaring that I have 3 votes on 2.0.12, I'd like to make sure! I swear, one of these days I'm going to do a release without a hiccup :| -d On 2020/10/26 16:35:46, Davyd McColl wrote: Hi Matt Thanks, I still forget some of the dots and crosses ): -d On 2020/10/26 16:20:58, Matt Sicker wrote: Yes, an email confirming the vote passed along with the tally. Then, after everything has been uploaded and mirrored, we can send an announcement email about the release. On Mon, 26 Oct 2020 at 06:58, Davyd McColl wrote: > > By results, I understand you mean a tally? There were only three votes, all > positive. I've pushed the nupkg. > > -d > > > On October 26, 2020 13:35:15 Apache wrote: > > > You need to close the vote thread with the results first before performing > > the final release steps. > > > > Ralph > > > >> On Oct 25, 2020, at 11:24 PM, Davyd McColl wrote: > >> > >> Thanks Ralph > >> > >> Could you assist with getting artifacts up to downloads.apache.org? I'm > >> going to push the nupkg because people are waiting on it, and will have to > >> set the new documentation live because people will expect it, but right > >> now, the download links are broken. > >> > >> Thanks > >> -d > >> > >> On 2020/10/25 01:21:15, Ralph Goers wrote: > >> My +1 > >> > >> Ralph > >> > >>> On Sep 22, 2020, at 11:21 PM, Davyd McColl wrote: > >>> > >>> Thanks all; I've completed the release as far as I can (Ralph, please push > >>> the relevant artifacts from > >>> https://github.com/apache/logging-log4net/releases/tag/rel%2F2.0.11 the > >>> last mile) and pushed the nuget package. > >>> > >>> -d > >>> > >>> On 2020/09/22 17:34:34, Matt Sicker wrote: > >>> +1 > >>> > On Tue, Sep 22, 2020 at 04:23 Dominik Psenner wrote: > > +1 > > > > -- > > Sent from my phone. Typos are a kind gift to anyone who happens to find > > them. > > > > > On Tue, Sep 22, 2020, 08:37 Davyd McColl wrote: > > > > > Hi all > > > > > > I'd appreciate any more +1's (thanks, Remko!). I'd like to get this out > > > the door because it fixes confusing versioning on the released binaries > (in > > > particular, nuget consumers) > > > > > > Thanks > > > -d > > >> On 2020/09/20 22:33:49, Matt Sicker wrote: > > > I can use whatever. > > > > > >> On Sun, 20 Sep 2020 at 15:26, Ralph Goers wrote: > > >> > > >> I don’t have google meet and I can’t use Skype since Microsoft hosed my > > > authentication. I have zoom. My company uses Amazon Chime, which is > fairly > > > new, as part of our product offering. I’ve sent you both emails for a > > > meeting using that. > > >> > > >> Ralph > > >> > > On Sep 20, 2020, at 1:01 PM, Matt Sicker wrote: > > >>> > > >>> I sent a Google Meet invite to you. > > >>> > > On Sun, 20 Sep 2020 at 14:26, Davyd McColl wrote: > > > > I'm happy to be available at 8am my side, if that works for everyone > > > else. > > It sounds like earlier would be better, but I'm doing the morning > > > school > > run from 7am and can't guarantee I'll be back significantly before > > > 8am. > > > > How to do this? I have zoom and slack on my work machine, can > install > > Skype if that's more convenient, can do google meet, I assume, > though > > haven't ever tried, so may need a bit of a crash intro. > > > > If posting meeting details to the mailing list is not on, feel free > to > > email me directly (: > > > > -d > > > > > > > On September 20, 2020 20:58:29 Ralph Goers wrote: > > > > > 8am in Durban South Africa is 11pm the night before in Phoenix AZ. > > > However, I frequently am up until midnight so that could work. > > > 5-5:30 pm is > > > 7:30-8 a
Re: [VOTE] [log4net] Release 2.0.11
Hi Matt Thanks, I still forget some of the dots and crosses ): -d On 2020/10/26 16:20:58, Matt Sicker wrote: Yes, an email confirming the vote passed along with the tally. Then, after everything has been uploaded and mirrored, we can send an announcement email about the release. On Mon, 26 Oct 2020 at 06:58, Davyd McColl wrote: > > By results, I understand you mean a tally? There were only three votes, all > positive. I've pushed the nupkg. > > -d > > > On October 26, 2020 13:35:15 Apache wrote: > > > You need to close the vote thread with the results first before performing > > the final release steps. > > > > Ralph > > > >> On Oct 25, 2020, at 11:24 PM, Davyd McColl wrote: > >> > >> Thanks Ralph > >> > >> Could you assist with getting artifacts up to downloads.apache.org? I'm > >> going to push the nupkg because people are waiting on it, and will have to > >> set the new documentation live because people will expect it, but right > >> now, the download links are broken. > >> > >> Thanks > >> -d > >> > >> On 2020/10/25 01:21:15, Ralph Goers wrote: > >> My +1 > >> > >> Ralph > >> > >>> On Sep 22, 2020, at 11:21 PM, Davyd McColl wrote: > >>> > >>> Thanks all; I've completed the release as far as I can (Ralph, please push > >>> the relevant artifacts from > >>> https://github.com/apache/logging-log4net/releases/tag/rel%2F2.0.11 the > >>> last mile) and pushed the nuget package. > >>> > >>> -d > >>> > >>> On 2020/09/22 17:34:34, Matt Sicker wrote: > >>> +1 > >>> > On Tue, Sep 22, 2020 at 04:23 Dominik Psenner wrote: > > +1 > > > > -- > > Sent from my phone. Typos are a kind gift to anyone who happens to find > > them. > > > > > On Tue, Sep 22, 2020, 08:37 Davyd McColl wrote: > > > > > Hi all > > > > > > I'd appreciate any more +1's (thanks, Remko!). I'd like to get this out > > > the door because it fixes confusing versioning on the released binaries > (in > > > particular, nuget consumers) > > > > > > Thanks > > > -d > > >> On 2020/09/20 22:33:49, Matt Sicker wrote: > > > I can use whatever. > > > > > >> On Sun, 20 Sep 2020 at 15:26, Ralph Goers wrote: > > >> > > >> I don’t have google meet and I can’t use Skype since Microsoft hosed my > > > authentication. I have zoom. My company uses Amazon Chime, which is > fairly > > > new, as part of our product offering. I’ve sent you both emails for a > > > meeting using that. > > >> > > >> Ralph > > >> > > On Sep 20, 2020, at 1:01 PM, Matt Sicker wrote: > > >>> > > >>> I sent a Google Meet invite to you. > > >>> > > On Sun, 20 Sep 2020 at 14:26, Davyd McColl wrote: > > > > I'm happy to be available at 8am my side, if that works for everyone > > > else. > > It sounds like earlier would be better, but I'm doing the morning > > > school > > run from 7am and can't guarantee I'll be back significantly before > > > 8am. > > > > How to do this? I have zoom and slack on my work machine, can > install > > Skype if that's more convenient, can do google meet, I assume, > though > > haven't ever tried, so may need a bit of a crash intro. > > > > If posting meeting details to the mailing list is not on, feel free > to > > email me directly (: > > > > -d > > > > > > > On September 20, 2020 20:58:29 Ralph Goers wrote: > > > > > 8am in Durban South Africa is 11pm the night before in Phoenix AZ. > > > However, I frequently am up until midnight so that could work. > > > 5-5:30 pm is > > > 7:30-8 am in Phoenix. I usually am not in front of my computer on a > > > weekday > > > until 8 am but on occasion I can do earlier. > > > > > > Ralph > > > > > >>> On Sep 20, 2020, at 9:46 AM, Davyd McColl wrote: > > >> > > >> Any time 08h00 - 17h30 utc+2, except 13h00-14h00 (that's when I > > > fetch my > > >> son from school) > > >> > > >> -d > > >> > > >> > > >>> On September 20, 2020 18:44:19 Matt Sicker wrote: > > >> > > >>> We’re not quite as strict as Debian for keys (though if you can > > > find a > > >>> Debian group locally, they’re great for key signing). The video > > > call idea > > >>> could work for exchanging keys. What times would you be available > > > to do > > >>>
Re: [VOTE] [log4net] Release 2.0.11
Yes, an email confirming the vote passed along with the tally. Then, after everything has been uploaded and mirrored, we can send an announcement email about the release. On Mon, 26 Oct 2020 at 06:58, Davyd McColl wrote: > > By results, I understand you mean a tally? There were only three votes, all > positive. I've pushed the nupkg. > > -d > > > On October 26, 2020 13:35:15 Apache wrote: > > > You need to close the vote thread with the results first before performing > > the final release steps. > > > > Ralph > > > >> On Oct 25, 2020, at 11:24 PM, Davyd McColl wrote: > >> > >> Thanks Ralph > >> > >> Could you assist with getting artifacts up to downloads.apache.org? I'm > >> going to push the nupkg because people are waiting on it, and will have to > >> set the new documentation live because people will expect it, but right > >> now, the download links are broken. > >> > >> Thanks > >> -d > >> > >> On 2020/10/25 01:21:15, Ralph Goers wrote: > >> My +1 > >> > >> Ralph > >> > >>> On Sep 22, 2020, at 11:21 PM, Davyd McColl wrote: > >>> > >>> Thanks all; I've completed the release as far as I can (Ralph, please push > >>> the relevant artifacts from > >>> https://github.com/apache/logging-log4net/releases/tag/rel%2F2.0.11 the > >>> last mile) and pushed the nuget package. > >>> > >>> -d > >>> > >>> On 2020/09/22 17:34:34, Matt Sicker wrote: > >>> +1 > >>> > On Tue, Sep 22, 2020 at 04:23 Dominik Psenner wrote: > > +1 > > > > -- > > Sent from my phone. Typos are a kind gift to anyone who happens to find > > them. > > > > > On Tue, Sep 22, 2020, 08:37 Davyd McColl wrote: > > > > > Hi all > > > > > > I'd appreciate any more +1's (thanks, Remko!). I'd like to get this out > > > the door because it fixes confusing versioning on the released binaries > (in > > > particular, nuget consumers) > > > > > > Thanks > > > -d > > >> On 2020/09/20 22:33:49, Matt Sicker wrote: > > > I can use whatever. > > > > > >> On Sun, 20 Sep 2020 at 15:26, Ralph Goers wrote: > > >> > > >> I don’t have google meet and I can’t use Skype since Microsoft hosed my > > > authentication. I have zoom. My company uses Amazon Chime, which is > fairly > > > new, as part of our product offering. I’ve sent you both emails for a > > > meeting using that. > > >> > > >> Ralph > > >> > > On Sep 20, 2020, at 1:01 PM, Matt Sicker wrote: > > >>> > > >>> I sent a Google Meet invite to you. > > >>> > > On Sun, 20 Sep 2020 at 14:26, Davyd McColl wrote: > > > > I'm happy to be available at 8am my side, if that works for everyone > > > else. > > It sounds like earlier would be better, but I'm doing the morning > > > school > > run from 7am and can't guarantee I'll be back significantly before > > > 8am. > > > > How to do this? I have zoom and slack on my work machine, can > install > > Skype if that's more convenient, can do google meet, I assume, > though > > haven't ever tried, so may need a bit of a crash intro. > > > > If posting meeting details to the mailing list is not on, feel free > to > > email me directly (: > > > > -d > > > > > > > On September 20, 2020 20:58:29 Ralph Goers wrote: > > > > > 8am in Durban South Africa is 11pm the night before in Phoenix AZ. > > > However, I frequently am up until midnight so that could work. > > > 5-5:30 pm is > > > 7:30-8 am in Phoenix. I usually am not in front of my computer on a > > > weekday > > > until 8 am but on occasion I can do earlier. > > > > > > Ralph > > > > > >>> On Sep 20, 2020, at 9:46 AM, Davyd McColl wrote: > > >> > > >> Any time 08h00 - 17h30 utc+2, except 13h00-14h00 (that's when I > > > fetch my > > >> son from school) > > >> > > >> -d > > >> > > >> > > >>> On September 20, 2020 18:44:19 Matt Sicker wrote: > > >> > > >>> We’re not quite as strict as Debian for keys (though if you can > > > find a > > >>> Debian group locally, they’re great for key signing). The video > > > call idea > > >>> could work for exchanging keys. What times would you be available > > > to do > > >>> that? > > >>> > > On Sun, Sep 20, 2020 at 03:09 Davyd McColl wrote: >
Re: [VOTE] [log4net] Release 2.0.11
By results, I understand you mean a tally? There were only three votes, all positive. I've pushed the nupkg. -d On October 26, 2020 13:35:15 Apache wrote: You need to close the vote thread with the results first before performing the final release steps. Ralph On Oct 25, 2020, at 11:24 PM, Davyd McColl wrote: Thanks Ralph Could you assist with getting artifacts up to downloads.apache.org? I'm going to push the nupkg because people are waiting on it, and will have to set the new documentation live because people will expect it, but right now, the download links are broken. Thanks -d On 2020/10/25 01:21:15, Ralph Goers wrote: My +1 Ralph On Sep 22, 2020, at 11:21 PM, Davyd McColl wrote: Thanks all; I've completed the release as far as I can (Ralph, please push the relevant artifacts from https://github.com/apache/logging-log4net/releases/tag/rel%2F2.0.11 the last mile) and pushed the nuget package. -d On 2020/09/22 17:34:34, Matt Sicker wrote: +1 On Tue, Sep 22, 2020 at 04:23 Dominik Psenner wrote: +1 -- Sent from my phone. Typos are a kind gift to anyone who happens to find them. On Tue, Sep 22, 2020, 08:37 Davyd McColl wrote: Hi all I'd appreciate any more +1's (thanks, Remko!). I'd like to get this out the door because it fixes confusing versioning on the released binaries (in particular, nuget consumers) Thanks -d On 2020/09/20 22:33:49, Matt Sicker wrote: I can use whatever. On Sun, 20 Sep 2020 at 15:26, Ralph Goers wrote: I don’t have google meet and I can’t use Skype since Microsoft hosed my authentication. I have zoom. My company uses Amazon Chime, which is fairly new, as part of our product offering. I’ve sent you both emails for a meeting using that. Ralph On Sep 20, 2020, at 1:01 PM, Matt Sicker wrote: I sent a Google Meet invite to you. On Sun, 20 Sep 2020 at 14:26, Davyd McColl wrote: I'm happy to be available at 8am my side, if that works for everyone else. It sounds like earlier would be better, but I'm doing the morning school run from 7am and can't guarantee I'll be back significantly before 8am. How to do this? I have zoom and slack on my work machine, can install Skype if that's more convenient, can do google meet, I assume, though haven't ever tried, so may need a bit of a crash intro. If posting meeting details to the mailing list is not on, feel free to email me directly (: -d On September 20, 2020 20:58:29 Ralph Goers wrote: 8am in Durban South Africa is 11pm the night before in Phoenix AZ. However, I frequently am up until midnight so that could work. 5-5:30 pm is 7:30-8 am in Phoenix. I usually am not in front of my computer on a weekday until 8 am but on occasion I can do earlier. Ralph On Sep 20, 2020, at 9:46 AM, Davyd McColl wrote: Any time 08h00 - 17h30 utc+2, except 13h00-14h00 (that's when I fetch my son from school) -d On September 20, 2020 18:44:19 Matt Sicker wrote: We’re not quite as strict as Debian for keys (though if you can find a Debian group locally, they’re great for key signing). The video call idea could work for exchanging keys. What times would you be available to do that? On Sun, Sep 20, 2020 at 03:09 Davyd McColl wrote: Hi Ralph I think I miscommunicated: I'm not regenerating my signing key - just the nuget API key for package upload. This forces me to log in in nuget.org which has 2fa and then I only use that key on the cli for the immediate upload. My gpg key as at https://GitHub.com/fluffynuts.gpg is the same that I used last time. -d On September 20, 2020 09:01:36 Ralph Goers wrote: In the long run you don’t want to be regenerating your signing key for every release. The point is that you would upload the key to a central keystore and other people would sign it there. At ApacheCon we would have a key signing “party” where we recorded each others keys and then would take our list and update the central keystore. When people verify the key they can look at the keystore and see that it is signed by a number of people, who then have their keys by a number of people and so on so you are building a web of trust. Sooner or later there will be someone in that web that you personally know and trust. Ralph On Sep 19, 2020, at 11:26 PM, Davyd McColl wrote: Thanks Matt, I've updated the artifacts on GitHub to have detached signatures. I had previously also uploaded my key to sks-keyservers.net, but I've also uploaded to MIT, though search there always times out. The document y
Re: [VOTE] [log4net] Release 2.0.11
You need to close the vote thread with the results first before performing the final release steps. Ralph > On Oct 25, 2020, at 11:24 PM, Davyd McColl wrote: > > Thanks Ralph > > Could you assist with getting artifacts up to downloads.apache.org? I'm going > to push the nupkg because people are waiting on it, and will have to set the > new documentation live because people will expect it, but right now, the > download links are broken. > > Thanks > -d > > On 2020/10/25 01:21:15, Ralph Goers wrote: > My +1 > > Ralph > >> On Sep 22, 2020, at 11:21 PM, Davyd McColl wrote: >> >> Thanks all; I've completed the release as far as I can (Ralph, please push >> the relevant artifacts from >> https://github.com/apache/logging-log4net/releases/tag/rel%2F2.0.11 the last >> mile) and pushed the nuget package. >> >> -d >> >> On 2020/09/22 17:34:34, Matt Sicker wrote: >> +1 >> >>> On Tue, Sep 22, 2020 at 04:23 Dominik Psenner wrote: >>> >>> +1 >>> >>> >>> >>> -- >>> >>> Sent from my phone. Typos are a kind gift to anyone who happens to find >>> >>> them. >>> >>> >>> On Tue, Sep 22, 2020, 08:37 Davyd McColl wrote: >>> >>> >>> Hi all >>> >>> I'd appreciate any more +1's (thanks, Remko!). I'd like to get this out >>> the door because it fixes confusing versioning on the released binaries >>> (in >>> particular, nuget consumers) >>> >>> Thanks >>> -d >>> > On 2020/09/20 22:33:49, Matt Sicker wrote: >>> I can use whatever. >>> >>> > On Sun, 20 Sep 2020 at 15:26, Ralph Goers wrote: >>> > >>> > I don’t have google meet and I can’t use Skype since Microsoft hosed my >>> authentication. I have zoom. My company uses Amazon Chime, which is >>> fairly >>> new, as part of our product offering. I’ve sent you both emails for a >>> meeting using that. >>> > >>> > Ralph >>> > >>> >>> On Sep 20, 2020, at 1:01 PM, Matt Sicker wrote: >>> >> >>> >> I sent a Google Meet invite to you. >>> >> >>> >>> On Sun, 20 Sep 2020 at 14:26, Davyd McColl wrote: >>> >>> >>> >>> I'm happy to be available at 8am my side, if that works for everyone >>> else. >>> >>> It sounds like earlier would be better, but I'm doing the morning >>> school >>> >>> run from 7am and can't guarantee I'll be back significantly before >>> 8am. >>> >>> >>> >>> How to do this? I have zoom and slack on my work machine, can >>> install >>> >>> Skype if that's more convenient, can do google meet, I assume, >>> though >>> >>> haven't ever tried, so may need a bit of a crash intro. >>> >>> >>> >>> If posting meeting details to the mailing list is not on, feel free >>> to >>> >>> email me directly (: >>> >>> >>> >>> -d >>> >>> >>> >>> >>> On September 20, 2020 20:58:29 Ralph Goers wrote: >>> >>> >>> 8am in Durban South Africa is 11pm the night before in Phoenix AZ. >>> However, I frequently am up until midnight so that could work. >>> 5-5:30 pm is >>> 7:30-8 am in Phoenix. I usually am not in front of my computer on a >>> weekday >>> until 8 am but on occasion I can do earlier. >>> >>> Ralph >>> >>> >> On Sep 20, 2020, at 9:46 AM, Davyd McColl wrote: >>> > >>> > Any time 08h00 - 17h30 utc+2, except 13h00-14h00 (that's when I >>> fetch my >>> > son from school) >>> > >>> > -d >>> > >>> > >>> >> On September 20, 2020 18:44:19 Matt Sicker wrote: >>> > >>> >> We’re not quite as strict as Debian for keys (though if you can >>> find a >>> >> Debian group locally, they’re great for key signing). The video >>> call idea >>> >> could work for exchanging keys. What times would you be available >>> to do >>> >> that? >>> >> >>> >>> On Sun, Sep 20, 2020 at 03:09 Davyd McColl wrote: >>> >> >>> >>> Hi Ralph >>> >>> >>> >>> >>> >>> >>> >>> I think I miscommunicated: I'm not regenerating my signing key - >>> just the >>> >>> >>> >>> nuget API key for package upload. This forces me to log in in >>> nuget.org >>> >>> >>> >>> which has 2fa and then I only use that key on the cli for the >>> immediate >>> >>> upload. >>> >>> >>> >>> >>> >>> >>> >>> My gpg key as at https://GitHub.com/fluffynuts.gpg is the same >>> that I >>> >>> used >>> >>> >>> >>> last time. >>> >>> >>> >>> >>> >>> >>> >>> -d >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> On September 20, 2020 09:01:36
Re: [VOTE] [log4net] Release 2.0.11
Thanks Ralph Could you assist with getting artifacts up to downloads.apache.org? I'm going to push the nupkg because people are waiting on it, and will have to set the new documentation live because people will expect it, but right now, the download links are broken. Thanks -d On 2020/10/25 01:21:15, Ralph Goers wrote: My +1 Ralph > On Sep 22, 2020, at 11:21 PM, Davyd McColl wrote: > > Thanks all; I've completed the release as far as I can (Ralph, please push > the relevant artifacts from > https://github.com/apache/logging-log4net/releases/tag/rel%2F2.0.11 the last > mile) and pushed the nuget package. > > -d > > On 2020/09/22 17:34:34, Matt Sicker wrote: > +1 > > On Tue, Sep 22, 2020 at 04:23 Dominik Psenner wrote: > >> +1 >> >> >> >> -- >> >> Sent from my phone. Typos are a kind gift to anyone who happens to find >> >> them. >> >> >> >> On Tue, Sep 22, 2020, 08:37 Davyd McColl wrote: >> >> >> >>> Hi all >> >>> >> >>> I'd appreciate any more +1's (thanks, Remko!). I'd like to get this out >> >>> the door because it fixes confusing versioning on the released binaries >> (in >> >>> particular, nuget consumers) >> >>> >> >>> Thanks >> >>> -d >> >>> On 2020/09/20 22:33:49, Matt Sicker wrote: >> >>> I can use whatever. >> >>> >> >>> On Sun, 20 Sep 2020 at 15:26, Ralph Goers wrote: >> >> I don’t have google meet and I can’t use Skype since Microsoft hosed my >> >>> authentication. I have zoom. My company uses Amazon Chime, which is >> fairly >> >>> new, as part of our product offering. I’ve sent you both emails for a >> >>> meeting using that. >> >> Ralph >> >> > On Sep 20, 2020, at 1:01 PM, Matt Sicker wrote: >> > >> > I sent a Google Meet invite to you. >> > >> > On Sun, 20 Sep 2020 at 14:26, Davyd McColl wrote: >> >> >> >> I'm happy to be available at 8am my side, if that works for everyone >> >>> else. >> >> It sounds like earlier would be better, but I'm doing the morning >> >>> school >> >> run from 7am and can't guarantee I'll be back significantly before >> >>> 8am. >> >> >> >> How to do this? I have zoom and slack on my work machine, can >> install >> >> Skype if that's more convenient, can do google meet, I assume, >> though >> >> haven't ever tried, so may need a bit of a crash intro. >> >> >> >> If posting meeting details to the mailing list is not on, feel free >> to >> >> email me directly (: >> >> >> >> -d >> >> >> >> >> >> On September 20, 2020 20:58:29 Ralph Goers wrote: >> >> >> >>> 8am in Durban South Africa is 11pm the night before in Phoenix AZ. >> >>> However, I frequently am up until midnight so that could work. >> >>> 5-5:30 pm is >> >>> 7:30-8 am in Phoenix. I usually am not in front of my computer on a >> >>> weekday >> >>> until 8 am but on occasion I can do earlier. >> >>> >> >>> Ralph >> >>> >> On Sep 20, 2020, at 9:46 AM, Davyd McColl wrote: >> >> Any time 08h00 - 17h30 utc+2, except 13h00-14h00 (that's when I >> >>> fetch my >> son from school) >> >> -d >> >> >> On September 20, 2020 18:44:19 Matt Sicker wrote: >> >> > We’re not quite as strict as Debian for keys (though if you can >> >>> find a >> > Debian group locally, they’re great for key signing). The video >> >>> call idea >> > could work for exchanging keys. What times would you be available >> >>> to do >> > that? >> > >> > On Sun, Sep 20, 2020 at 03:09 Davyd McColl wrote: >> > >> >> Hi Ralph >> >> >> >> >> >> >> >> I think I miscommunicated: I'm not regenerating my signing key - >> >>> just the >> >> >> >> nuget API key for package upload. This forces me to log in in >> >>> nuget.org >> >> >> >> which has 2fa and then I only use that key on the cli for the >> >>> immediate >> >> upload. >> >> >> >> >> >> >> >> My gpg key as at https://GitHub.com/fluffynuts.gpg is the same >> >>> that I >> >> used >> >> >> >> last time. >> >> >> >> >> >> >> >> -d >> >> >> >> >> >> >> >> >> >> >> >> On September 20, 2020 09:01:36 Ralph Goers >> >> wrote: >> >> >> >> >> >> >> >>> In the long run you don’t want to be regenerating your signing >> >>> key for >> >> >> >>> every release. The point is that you would upload the key to a >> >>> central >> >> >> >>> keystore and other people would sign it there. At ApacheCon we >> >>> would >> >> have a >> >> >> >>> key signing “party” where we recorded each others keys and then >> >>> would >> >> take >> >> >> >>> our list and update the central keystore. When people verify
Re: [VOTE] [log4net] Release 2.0.11
My +1 Ralph > On Sep 22, 2020, at 11:21 PM, Davyd McColl wrote: > > Thanks all; I've completed the release as far as I can (Ralph, please push > the relevant artifacts from > https://github.com/apache/logging-log4net/releases/tag/rel%2F2.0.11 the last > mile) and pushed the nuget package. > > -d > > On 2020/09/22 17:34:34, Matt Sicker wrote: > +1 > > On Tue, Sep 22, 2020 at 04:23 Dominik Psenner wrote: > >> +1 >> >> >> >> -- >> >> Sent from my phone. Typos are a kind gift to anyone who happens to find >> >> them. >> >> >> >> On Tue, Sep 22, 2020, 08:37 Davyd McColl wrote: >> >> >> >>> Hi all >> >>> >> >>> I'd appreciate any more +1's (thanks, Remko!). I'd like to get this out >> >>> the door because it fixes confusing versioning on the released binaries >> (in >> >>> particular, nuget consumers) >> >>> >> >>> Thanks >> >>> -d >> >>> On 2020/09/20 22:33:49, Matt Sicker wrote: >> >>> I can use whatever. >> >>> >> >>> On Sun, 20 Sep 2020 at 15:26, Ralph Goers wrote: >> >> I don’t have google meet and I can’t use Skype since Microsoft hosed my >> >>> authentication. I have zoom. My company uses Amazon Chime, which is >> fairly >> >>> new, as part of our product offering. I’ve sent you both emails for a >> >>> meeting using that. >> >> Ralph >> >> > On Sep 20, 2020, at 1:01 PM, Matt Sicker wrote: >> > >> > I sent a Google Meet invite to you. >> > >> > On Sun, 20 Sep 2020 at 14:26, Davyd McColl wrote: >> >> >> >> I'm happy to be available at 8am my side, if that works for everyone >> >>> else. >> >> It sounds like earlier would be better, but I'm doing the morning >> >>> school >> >> run from 7am and can't guarantee I'll be back significantly before >> >>> 8am. >> >> >> >> How to do this? I have zoom and slack on my work machine, can >> install >> >> Skype if that's more convenient, can do google meet, I assume, >> though >> >> haven't ever tried, so may need a bit of a crash intro. >> >> >> >> If posting meeting details to the mailing list is not on, feel free >> to >> >> email me directly (: >> >> >> >> -d >> >> >> >> >> >> On September 20, 2020 20:58:29 Ralph Goers wrote: >> >> >> >>> 8am in Durban South Africa is 11pm the night before in Phoenix AZ. >> >>> However, I frequently am up until midnight so that could work. >> >>> 5-5:30 pm is >> >>> 7:30-8 am in Phoenix. I usually am not in front of my computer on a >> >>> weekday >> >>> until 8 am but on occasion I can do earlier. >> >>> >> >>> Ralph >> >>> >> On Sep 20, 2020, at 9:46 AM, Davyd McColl wrote: >> >> Any time 08h00 - 17h30 utc+2, except 13h00-14h00 (that's when I >> >>> fetch my >> son from school) >> >> -d >> >> >> On September 20, 2020 18:44:19 Matt Sicker wrote: >> >> > We’re not quite as strict as Debian for keys (though if you can >> >>> find a >> > Debian group locally, they’re great for key signing). The video >> >>> call idea >> > could work for exchanging keys. What times would you be available >> >>> to do >> > that? >> > >> > On Sun, Sep 20, 2020 at 03:09 Davyd McColl wrote: >> > >> >> Hi Ralph >> >> >> >> >> >> >> >> I think I miscommunicated: I'm not regenerating my signing key - >> >>> just the >> >> >> >> nuget API key for package upload. This forces me to log in in >> >>> nuget.org >> >> >> >> which has 2fa and then I only use that key on the cli for the >> >>> immediate >> >> upload. >> >> >> >> >> >> >> >> My gpg key as at https://GitHub.com/fluffynuts.gpg is the same >> >>> that I >> >> used >> >> >> >> last time. >> >> >> >> >> >> >> >> -d >> >> >> >> >> >> >> >> >> >> >> >> On September 20, 2020 09:01:36 Ralph Goers >> >> wrote: >> >> >> >> >> >> >> >>> In the long run you don’t want to be regenerating your signing >> >>> key for >> >> >> >>> every release. The point is that you would upload the key to a >> >>> central >> >> >> >>> keystore and other people would sign it there. At ApacheCon we >> >>> would >> >> have a >> >> >> >>> key signing “party” where we recorded each others keys and then >> >>> would >> >> take >> >> >> >>> our list and update the central keystore. When people verify >> the >> >>> key >> >> they >> >> >> >>> can look at the keystore and see that it is signed by a number >>
Re: [VOTE] [log4net] Release 2.0.11
Thanks all; I've completed the release as far as I can (Ralph, please push the relevant artifacts from https://github.com/apache/logging-log4net/releases/tag/rel%2F2.0.11 the last mile) and pushed the nuget package. -d On 2020/09/22 17:34:34, Matt Sicker wrote: +1 On Tue, Sep 22, 2020 at 04:23 Dominik Psenner wrote: > +1 > > > > -- > > Sent from my phone. Typos are a kind gift to anyone who happens to find > > them. > > > > On Tue, Sep 22, 2020, 08:37 Davyd McColl wrote: > > > > > Hi all > > > > > > I'd appreciate any more +1's (thanks, Remko!). I'd like to get this out > > > the door because it fixes confusing versioning on the released binaries > (in > > > particular, nuget consumers) > > > > > > Thanks > > > -d > > > On 2020/09/20 22:33:49, Matt Sicker wrote: > > > I can use whatever. > > > > > > On Sun, 20 Sep 2020 at 15:26, Ralph Goers wrote: > > > > > > > > I don’t have google meet and I can’t use Skype since Microsoft hosed my > > > authentication. I have zoom. My company uses Amazon Chime, which is > fairly > > > new, as part of our product offering. I’ve sent you both emails for a > > > meeting using that. > > > > > > > > Ralph > > > > > > > > > On Sep 20, 2020, at 1:01 PM, Matt Sicker wrote: > > > > > > > > > > I sent a Google Meet invite to you. > > > > > > > > > > On Sun, 20 Sep 2020 at 14:26, Davyd McColl wrote: > > > > >> > > > > >> I'm happy to be available at 8am my side, if that works for everyone > > > else. > > > > >> It sounds like earlier would be better, but I'm doing the morning > > > school > > > > >> run from 7am and can't guarantee I'll be back significantly before > > > 8am. > > > > >> > > > > >> How to do this? I have zoom and slack on my work machine, can > install > > > > >> Skype if that's more convenient, can do google meet, I assume, > though > > > > >> haven't ever tried, so may need a bit of a crash intro. > > > > >> > > > > >> If posting meeting details to the mailing list is not on, feel free > to > > > > >> email me directly (: > > > > >> > > > > >> -d > > > > >> > > > > >> > > > > >> On September 20, 2020 20:58:29 Ralph Goers wrote: > > > > >> > > > > >>> 8am in Durban South Africa is 11pm the night before in Phoenix AZ. > > > > >>> However, I frequently am up until midnight so that could work. > > > 5-5:30 pm is > > > > >>> 7:30-8 am in Phoenix. I usually am not in front of my computer on a > > > weekday > > > > >>> until 8 am but on occasion I can do earlier. > > > > >>> > > > > >>> Ralph > > > > >>> > > > > On Sep 20, 2020, at 9:46 AM, Davyd McColl wrote: > > > > > > > > Any time 08h00 - 17h30 utc+2, except 13h00-14h00 (that's when I > > > fetch my > > > > son from school) > > > > > > > > -d > > > > > > > > > > > > On September 20, 2020 18:44:19 Matt Sicker wrote: > > > > > > > > > We’re not quite as strict as Debian for keys (though if you can > > > find a > > > > > Debian group locally, they’re great for key signing). The video > > > call idea > > > > > could work for exchanging keys. What times would you be available > > > to do > > > > > that? > > > > > > > > > > On Sun, Sep 20, 2020 at 03:09 Davyd McColl wrote: > > > > > > > > > >> Hi Ralph > > > > >> > > > > >> > > > > >> > > > > >> I think I miscommunicated: I'm not regenerating my signing key - > > > just the > > > > >> > > > > >> nuget API key for package upload. This forces me to log in in > > > nuget.org > > > > >> > > > > >> which has 2fa and then I only use that key on the cli for the > > > immediate > > > > >> upload. > > > > >> > > > > >> > > > > >> > > > > >> My gpg key as at https://GitHub.com/fluffynuts.gpg is the same > > > that I > > > > >> used > > > > >> > > > > >> last time. > > > > >> > > > > >> > > > > >> > > > > >> -d > > > > >> > > > > >> > > > > >> > > > > >> > > > > >> > > > > >> On September 20, 2020 09:01:36 Ralph Goers > > > > >> wrote: > > > > >> > > > > >> > > > > >> > > > > >>> In the long run you don’t want to be regenerating your signing > > > key for > > > > >> > > > > >>> every release. The point is that you would upload the key to a > > > central > > > > >> > > > > >>> keystore and other people would sign it there. At ApacheCon we > > > would > > > > >> have a > > > > >> > > > > >>> key signing “party” where we recorded each others keys and then > > > would > > > > >> take > > > > >> > > > > >>> our list and update the central keystore. When people verify > the > > > key > > > > >> they > > > > >> > > > > >>> can look at the keystore and see that it is signed by a number > of > > > > >> people, > > > > >> > > > > >>> who then have their keys by a number of people and so on so you > > > are > > > > >> > > > > >>> building a web of trust. Sooner or later there will be someone > > > in that > > > >
Re: [VOTE] [log4net] Release 2.0.11
+1 On Tue, Sep 22, 2020 at 04:23 Dominik Psenner wrote: > +1 > > > > -- > > Sent from my phone. Typos are a kind gift to anyone who happens to find > > them. > > > > On Tue, Sep 22, 2020, 08:37 Davyd McColl wrote: > > > > > Hi all > > > > > > I'd appreciate any more +1's (thanks, Remko!). I'd like to get this out > > > the door because it fixes confusing versioning on the released binaries > (in > > > particular, nuget consumers) > > > > > > Thanks > > > -d > > > On 2020/09/20 22:33:49, Matt Sicker wrote: > > > I can use whatever. > > > > > > On Sun, 20 Sep 2020 at 15:26, Ralph Goers wrote: > > > > > > > > I don’t have google meet and I can’t use Skype since Microsoft hosed my > > > authentication. I have zoom. My company uses Amazon Chime, which is > fairly > > > new, as part of our product offering. I’ve sent you both emails for a > > > meeting using that. > > > > > > > > Ralph > > > > > > > > > On Sep 20, 2020, at 1:01 PM, Matt Sicker wrote: > > > > > > > > > > I sent a Google Meet invite to you. > > > > > > > > > > On Sun, 20 Sep 2020 at 14:26, Davyd McColl wrote: > > > > >> > > > > >> I'm happy to be available at 8am my side, if that works for everyone > > > else. > > > > >> It sounds like earlier would be better, but I'm doing the morning > > > school > > > > >> run from 7am and can't guarantee I'll be back significantly before > > > 8am. > > > > >> > > > > >> How to do this? I have zoom and slack on my work machine, can > install > > > > >> Skype if that's more convenient, can do google meet, I assume, > though > > > > >> haven't ever tried, so may need a bit of a crash intro. > > > > >> > > > > >> If posting meeting details to the mailing list is not on, feel free > to > > > > >> email me directly (: > > > > >> > > > > >> -d > > > > >> > > > > >> > > > > >> On September 20, 2020 20:58:29 Ralph Goers wrote: > > > > >> > > > > >>> 8am in Durban South Africa is 11pm the night before in Phoenix AZ. > > > > >>> However, I frequently am up until midnight so that could work. > > > 5-5:30 pm is > > > > >>> 7:30-8 am in Phoenix. I usually am not in front of my computer on a > > > weekday > > > > >>> until 8 am but on occasion I can do earlier. > > > > >>> > > > > >>> Ralph > > > > >>> > > > > On Sep 20, 2020, at 9:46 AM, Davyd McColl wrote: > > > > > > > > Any time 08h00 - 17h30 utc+2, except 13h00-14h00 (that's when I > > > fetch my > > > > son from school) > > > > > > > > -d > > > > > > > > > > > > On September 20, 2020 18:44:19 Matt Sicker wrote: > > > > > > > > > We’re not quite as strict as Debian for keys (though if you can > > > find a > > > > > Debian group locally, they’re great for key signing). The video > > > call idea > > > > > could work for exchanging keys. What times would you be available > > > to do > > > > > that? > > > > > > > > > > On Sun, Sep 20, 2020 at 03:09 Davyd McColl wrote: > > > > > > > > > >> Hi Ralph > > > > >> > > > > >> > > > > >> > > > > >> I think I miscommunicated: I'm not regenerating my signing key - > > > just the > > > > >> > > > > >> nuget API key for package upload. This forces me to log in in > > > nuget.org > > > > >> > > > > >> which has 2fa and then I only use that key on the cli for the > > > immediate > > > > >> upload. > > > > >> > > > > >> > > > > >> > > > > >> My gpg key as at https://GitHub.com/fluffynuts.gpg is the same > > > that I > > > > >> used > > > > >> > > > > >> last time. > > > > >> > > > > >> > > > > >> > > > > >> -d > > > > >> > > > > >> > > > > >> > > > > >> > > > > >> > > > > >> On September 20, 2020 09:01:36 Ralph Goers > > > > >> wrote: > > > > >> > > > > >> > > > > >> > > > > >>> In the long run you don’t want to be regenerating your signing > > > key for > > > > >> > > > > >>> every release. The point is that you would upload the key to a > > > central > > > > >> > > > > >>> keystore and other people would sign it there. At ApacheCon we > > > would > > > > >> have a > > > > >> > > > > >>> key signing “party” where we recorded each others keys and then > > > would > > > > >> take > > > > >> > > > > >>> our list and update the central keystore. When people verify > the > > > key > > > > >> they > > > > >> > > > > >>> can look at the keystore and see that it is signed by a number > of > > > > >> people, > > > > >> > > > > >>> who then have their keys by a number of people and so on so you > > > are > > > > >> > > > > >>> building a web of trust. Sooner or later there will be someone > > > in that > > > > >> web > > > > >> > > > > >>> that you personally know and trust. > > > > >> > > > > >>> > > > > >> > > > > >>> Ralph > > > > >> > > > > >>> > > > > >> > > > > On Sep 19, 2020, at 11:26 PM, Davyd McColl wrote: > > >
Re: [VOTE] [log4net] Release 2.0.11
+1 -- Sent from my phone. Typos are a kind gift to anyone who happens to find them. On Tue, Sep 22, 2020, 08:37 Davyd McColl wrote: > Hi all > > I'd appreciate any more +1's (thanks, Remko!). I'd like to get this out > the door because it fixes confusing versioning on the released binaries (in > particular, nuget consumers) > > Thanks > -d > On 2020/09/20 22:33:49, Matt Sicker wrote: > I can use whatever. > > On Sun, 20 Sep 2020 at 15:26, Ralph Goers wrote: > > > > I don’t have google meet and I can’t use Skype since Microsoft hosed my > authentication. I have zoom. My company uses Amazon Chime, which is fairly > new, as part of our product offering. I’ve sent you both emails for a > meeting using that. > > > > Ralph > > > > > On Sep 20, 2020, at 1:01 PM, Matt Sicker wrote: > > > > > > I sent a Google Meet invite to you. > > > > > > On Sun, 20 Sep 2020 at 14:26, Davyd McColl wrote: > > >> > > >> I'm happy to be available at 8am my side, if that works for everyone > else. > > >> It sounds like earlier would be better, but I'm doing the morning > school > > >> run from 7am and can't guarantee I'll be back significantly before > 8am. > > >> > > >> How to do this? I have zoom and slack on my work machine, can install > > >> Skype if that's more convenient, can do google meet, I assume, though > > >> haven't ever tried, so may need a bit of a crash intro. > > >> > > >> If posting meeting details to the mailing list is not on, feel free to > > >> email me directly (: > > >> > > >> -d > > >> > > >> > > >> On September 20, 2020 20:58:29 Ralph Goers wrote: > > >> > > >>> 8am in Durban South Africa is 11pm the night before in Phoenix AZ. > > >>> However, I frequently am up until midnight so that could work. > 5-5:30 pm is > > >>> 7:30-8 am in Phoenix. I usually am not in front of my computer on a > weekday > > >>> until 8 am but on occasion I can do earlier. > > >>> > > >>> Ralph > > >>> > > On Sep 20, 2020, at 9:46 AM, Davyd McColl wrote: > > > > Any time 08h00 - 17h30 utc+2, except 13h00-14h00 (that's when I > fetch my > > son from school) > > > > -d > > > > > > On September 20, 2020 18:44:19 Matt Sicker wrote: > > > > > We’re not quite as strict as Debian for keys (though if you can > find a > > > Debian group locally, they’re great for key signing). The video > call idea > > > could work for exchanging keys. What times would you be available > to do > > > that? > > > > > > On Sun, Sep 20, 2020 at 03:09 Davyd McColl wrote: > > > > > >> Hi Ralph > > >> > > >> > > >> > > >> I think I miscommunicated: I'm not regenerating my signing key - > just the > > >> > > >> nuget API key for package upload. This forces me to log in in > nuget.org > > >> > > >> which has 2fa and then I only use that key on the cli for the > immediate > > >> upload. > > >> > > >> > > >> > > >> My gpg key as at https://GitHub.com/fluffynuts.gpg is the same > that I > > >> used > > >> > > >> last time. > > >> > > >> > > >> > > >> -d > > >> > > >> > > >> > > >> > > >> > > >> On September 20, 2020 09:01:36 Ralph Goers > > >> wrote: > > >> > > >> > > >> > > >>> In the long run you don’t want to be regenerating your signing > key for > > >> > > >>> every release. The point is that you would upload the key to a > central > > >> > > >>> keystore and other people would sign it there. At ApacheCon we > would > > >> have a > > >> > > >>> key signing “party” where we recorded each others keys and then > would > > >> take > > >> > > >>> our list and update the central keystore. When people verify the > key > > >> they > > >> > > >>> can look at the keystore and see that it is signed by a number of > > >> people, > > >> > > >>> who then have their keys by a number of people and so on so you > are > > >> > > >>> building a web of trust. Sooner or later there will be someone > in that > > >> web > > >> > > >>> that you personally know and trust. > > >> > > >>> > > >> > > >>> Ralph > > >> > > >>> > > >> > > On Sep 19, 2020, at 11:26 PM, Davyd McColl wrote: > > >> > > > > >> > > Thanks Matt, I've updated the artifacts on GitHub to have > detached > > >> > > signatures. I had previously also uploaded my key to > sks-keyservers.net, > > >> > > >> > > but I've also uploaded to MIT, though search there always times > out. > > >> > > > > >> > > The document you've linked mentions face-to-face interactions > to get my > > >> key > > >> > > into the official KEYS file. Not sure how many apache people > are at my > > >> end > > >> > > of the world (Durban, South Africa), but I can do an online > meeting if > > >> that > > >
Re: [VOTE] [log4net] Release 2.0.11
Hi all I'd appreciate any more +1's (thanks, Remko!). I'd like to get this out the door because it fixes confusing versioning on the released binaries (in particular, nuget consumers) Thanks -d On 2020/09/20 22:33:49, Matt Sicker wrote: I can use whatever. On Sun, 20 Sep 2020 at 15:26, Ralph Goers wrote: > > I don’t have google meet and I can’t use Skype since Microsoft hosed my > authentication. I have zoom. My company uses Amazon Chime, which is fairly > new, as part of our product offering. I’ve sent you both emails for a meeting > using that. > > Ralph > > > On Sep 20, 2020, at 1:01 PM, Matt Sicker wrote: > > > > I sent a Google Meet invite to you. > > > > On Sun, 20 Sep 2020 at 14:26, Davyd McColl wrote: > >> > >> I'm happy to be available at 8am my side, if that works for everyone else. > >> It sounds like earlier would be better, but I'm doing the morning school > >> run from 7am and can't guarantee I'll be back significantly before 8am. > >> > >> How to do this? I have zoom and slack on my work machine, can install > >> Skype if that's more convenient, can do google meet, I assume, though > >> haven't ever tried, so may need a bit of a crash intro. > >> > >> If posting meeting details to the mailing list is not on, feel free to > >> email me directly (: > >> > >> -d > >> > >> > >> On September 20, 2020 20:58:29 Ralph Goers wrote: > >> > >>> 8am in Durban South Africa is 11pm the night before in Phoenix AZ. > >>> However, I frequently am up until midnight so that could work. 5-5:30 pm > >>> is > >>> 7:30-8 am in Phoenix. I usually am not in front of my computer on a > >>> weekday > >>> until 8 am but on occasion I can do earlier. > >>> > >>> Ralph > >>> > On Sep 20, 2020, at 9:46 AM, Davyd McColl wrote: > > Any time 08h00 - 17h30 utc+2, except 13h00-14h00 (that's when I fetch my > son from school) > > -d > > > On September 20, 2020 18:44:19 Matt Sicker wrote: > > > We’re not quite as strict as Debian for keys (though if you can find a > > Debian group locally, they’re great for key signing). The video call > > idea > > could work for exchanging keys. What times would you be available to do > > that? > > > > On Sun, Sep 20, 2020 at 03:09 Davyd McColl wrote: > > > >> Hi Ralph > >> > >> > >> > >> I think I miscommunicated: I'm not regenerating my signing key - just > >> the > >> > >> nuget API key for package upload. This forces me to log in in nuget.org > >> > >> which has 2fa and then I only use that key on the cli for the immediate > >> upload. > >> > >> > >> > >> My gpg key as at https://GitHub.com/fluffynuts.gpg is the same that I > >> used > >> > >> last time. > >> > >> > >> > >> -d > >> > >> > >> > >> > >> > >> On September 20, 2020 09:01:36 Ralph Goers > >> wrote: > >> > >> > >> > >>> In the long run you don’t want to be regenerating your signing key for > >> > >>> every release. The point is that you would upload the key to a central > >> > >>> keystore and other people would sign it there. At ApacheCon we would > >> have a > >> > >>> key signing “party” where we recorded each others keys and then would > >> take > >> > >>> our list and update the central keystore. When people verify the key > >> they > >> > >>> can look at the keystore and see that it is signed by a number of > >> people, > >> > >>> who then have their keys by a number of people and so on so you are > >> > >>> building a web of trust. Sooner or later there will be someone in that > >> web > >> > >>> that you personally know and trust. > >> > >>> > >> > >>> Ralph > >> > >>> > >> > On Sep 19, 2020, at 11:26 PM, Davyd McColl wrote: > >> > > >> > Thanks Matt, I've updated the artifacts on GitHub to have detached > >> > signatures. I had previously also uploaded my key to > sks-keyservers.net, > >> > >> > but I've also uploaded to MIT, though search there always times out. > >> > > >> > The document you've linked mentions face-to-face interactions to get > my > >> key > >> > into the official KEYS file. Not sure how many apache people are at > my > >> end > >> > of the world (Durban, South Africa), but I can do an online meeting > if > >> that > >> > helps. Last release, Ralph said I should sign, so I did. I'm new to > >> signing > >> > release artifacts - I've generally relied on authentication during > >> upload > >> > as verification of authenticity, with 2FA wherever possible (GitHub > and > >> > NPM; nuget survives with an apikey - but for the last 2 releases
Re: [VOTE] [log4net] Release 2.0.11
I can use whatever. On Sun, 20 Sep 2020 at 15:26, Ralph Goers wrote: > > I don’t have google meet and I can’t use Skype since Microsoft hosed my > authentication. I have zoom. My company uses Amazon Chime, which is fairly > new, as part of our product offering. I’ve sent you both emails for a > meeting using that. > > Ralph > > > On Sep 20, 2020, at 1:01 PM, Matt Sicker wrote: > > > > I sent a Google Meet invite to you. > > > > On Sun, 20 Sep 2020 at 14:26, Davyd McColl wrote: > >> > >> I'm happy to be available at 8am my side, if that works for everyone else. > >> It sounds like earlier would be better, but I'm doing the morning school > >> run from 7am and can't guarantee I'll be back significantly before 8am. > >> > >> How to do this? I have zoom and slack on my work machine, can install > >> Skype if that's more convenient, can do google meet, I assume, though > >> haven't ever tried, so may need a bit of a crash intro. > >> > >> If posting meeting details to the mailing list is not on, feel free to > >> email me directly (: > >> > >> -d > >> > >> > >> On September 20, 2020 20:58:29 Ralph Goers > >> wrote: > >> > >>> 8am in Durban South Africa is 11pm the night before in Phoenix AZ. > >>> However, I frequently am up until midnight so that could work. 5-5:30 pm > >>> is > >>> 7:30-8 am in Phoenix. I usually am not in front of my computer on a > >>> weekday > >>> until 8 am but on occasion I can do earlier. > >>> > >>> Ralph > >>> > On Sep 20, 2020, at 9:46 AM, Davyd McColl wrote: > > Any time 08h00 - 17h30 utc+2, except 13h00-14h00 (that's when I fetch my > son from school) > > -d > > > On September 20, 2020 18:44:19 Matt Sicker wrote: > > > We’re not quite as strict as Debian for keys (though if you can find a > > Debian group locally, they’re great for key signing). The video call > > idea > > could work for exchanging keys. What times would you be available to do > > that? > > > > On Sun, Sep 20, 2020 at 03:09 Davyd McColl wrote: > > > >> Hi Ralph > >> > >> > >> > >> I think I miscommunicated: I'm not regenerating my signing key - just > >> the > >> > >> nuget API key for package upload. This forces me to log in in nuget.org > >> > >> which has 2fa and then I only use that key on the cli for the immediate > >> upload. > >> > >> > >> > >> My gpg key as at https://GitHub.com/fluffynuts.gpg is the same that I > >> used > >> > >> last time. > >> > >> > >> > >> -d > >> > >> > >> > >> > >> > >> On September 20, 2020 09:01:36 Ralph Goers > >> wrote: > >> > >> > >> > >>> In the long run you don’t want to be regenerating your signing key for > >> > >>> every release. The point is that you would upload the key to a central > >> > >>> keystore and other people would sign it there. At ApacheCon we would > >> have a > >> > >>> key signing “party” where we recorded each others keys and then would > >> take > >> > >>> our list and update the central keystore. When people verify the key > >> they > >> > >>> can look at the keystore and see that it is signed by a number of > >> people, > >> > >>> who then have their keys by a number of people and so on so you are > >> > >>> building a web of trust. Sooner or later there will be someone in > >>> that > >> web > >> > >>> that you personally know and trust. > >> > >>> > >> > >>> Ralph > >> > >>> > >> > On Sep 19, 2020, at 11:26 PM, Davyd McColl wrote: > >> > > >> > Thanks Matt, I've updated the artifacts on GitHub to have detached > >> > signatures. I had previously also uploaded my key to > sks-keyservers.net, > >> > >> > but I've also uploaded to MIT, though search there always times out. > >> > > >> > The document you've linked mentions face-to-face interactions to get > my > >> key > >> > into the official KEYS file. Not sure how many apache people are at > my > >> end > >> > of the world (Durban, South Africa), but I can do an online meeting > if > >> that > >> > helps. Last release, Ralph said I should sign, so I did. I'm new to > >> signing > >> > release artifacts - I've generally relied on authentication during > >> upload > >> > as verification of authenticity, with 2FA wherever possible (GitHub > and > >> > NPM; nuget survives with an apikey - but for the last 2 releases, > I've > >> > regenerated the key on each use and only supplied it on the cli at > >> upload, > >> > so as not to store it locally) > >> > > >> >
Re: [VOTE] [log4net] Release 2.0.11
I don’t have google meet and I can’t use Skype since Microsoft hosed my authentication. I have zoom. My company uses Amazon Chime, which is fairly new, as part of our product offering. I’ve sent you both emails for a meeting using that. Ralph > On Sep 20, 2020, at 1:01 PM, Matt Sicker wrote: > > I sent a Google Meet invite to you. > > On Sun, 20 Sep 2020 at 14:26, Davyd McColl wrote: >> >> I'm happy to be available at 8am my side, if that works for everyone else. >> It sounds like earlier would be better, but I'm doing the morning school >> run from 7am and can't guarantee I'll be back significantly before 8am. >> >> How to do this? I have zoom and slack on my work machine, can install >> Skype if that's more convenient, can do google meet, I assume, though >> haven't ever tried, so may need a bit of a crash intro. >> >> If posting meeting details to the mailing list is not on, feel free to >> email me directly (: >> >> -d >> >> >> On September 20, 2020 20:58:29 Ralph Goers >> wrote: >> >>> 8am in Durban South Africa is 11pm the night before in Phoenix AZ. >>> However, I frequently am up until midnight so that could work. 5-5:30 pm is >>> 7:30-8 am in Phoenix. I usually am not in front of my computer on a weekday >>> until 8 am but on occasion I can do earlier. >>> >>> Ralph >>> On Sep 20, 2020, at 9:46 AM, Davyd McColl wrote: Any time 08h00 - 17h30 utc+2, except 13h00-14h00 (that's when I fetch my son from school) -d On September 20, 2020 18:44:19 Matt Sicker wrote: > We’re not quite as strict as Debian for keys (though if you can find a > Debian group locally, they’re great for key signing). The video call idea > could work for exchanging keys. What times would you be available to do > that? > > On Sun, Sep 20, 2020 at 03:09 Davyd McColl wrote: > >> Hi Ralph >> >> >> >> I think I miscommunicated: I'm not regenerating my signing key - just the >> >> nuget API key for package upload. This forces me to log in in nuget.org >> >> which has 2fa and then I only use that key on the cli for the immediate >> upload. >> >> >> >> My gpg key as at https://GitHub.com/fluffynuts.gpg is the same that I >> used >> >> last time. >> >> >> >> -d >> >> >> >> >> >> On September 20, 2020 09:01:36 Ralph Goers >> wrote: >> >> >> >>> In the long run you don’t want to be regenerating your signing key for >> >>> every release. The point is that you would upload the key to a central >> >>> keystore and other people would sign it there. At ApacheCon we would >> have a >> >>> key signing “party” where we recorded each others keys and then would >> take >> >>> our list and update the central keystore. When people verify the key >> they >> >>> can look at the keystore and see that it is signed by a number of >> people, >> >>> who then have their keys by a number of people and so on so you are >> >>> building a web of trust. Sooner or later there will be someone in that >> web >> >>> that you personally know and trust. >> >>> >> >>> Ralph >> >>> >> On Sep 19, 2020, at 11:26 PM, Davyd McColl wrote: >> >> Thanks Matt, I've updated the artifacts on GitHub to have detached >> signatures. I had previously also uploaded my key to sks-keyservers.net, >> >> but I've also uploaded to MIT, though search there always times out. >> >> The document you've linked mentions face-to-face interactions to get my >> key >> into the official KEYS file. Not sure how many apache people are at my >> end >> of the world (Durban, South Africa), but I can do an online meeting if >> that >> helps. Last release, Ralph said I should sign, so I did. I'm new to >> signing >> release artifacts - I've generally relied on authentication during >> upload >> as verification of authenticity, with 2FA wherever possible (GitHub and >> NPM; nuget survives with an apikey - but for the last 2 releases, I've >> regenerated the key on each use and only supplied it on the cli at >> upload, >> so as not to store it locally) >> >> -d >> >> >> On September 19, 2020 22:23:41 Matt Sicker wrote: >> >> > Oh and there's a bit of an issue with the signed files: it looks like >> > you included _signed files_ rather than detached signatures. Thus, the >> > .asc files are only verifying themselves rather than the accompanying >> > file.
Re: [VOTE] [log4net] Release 2.0.11
I sent a Google Meet invite to you. On Sun, 20 Sep 2020 at 14:26, Davyd McColl wrote: > > I'm happy to be available at 8am my side, if that works for everyone else. > It sounds like earlier would be better, but I'm doing the morning school > run from 7am and can't guarantee I'll be back significantly before 8am. > > How to do this? I have zoom and slack on my work machine, can install > Skype if that's more convenient, can do google meet, I assume, though > haven't ever tried, so may need a bit of a crash intro. > > If posting meeting details to the mailing list is not on, feel free to > email me directly (: > > -d > > > On September 20, 2020 20:58:29 Ralph Goers wrote: > > > 8am in Durban South Africa is 11pm the night before in Phoenix AZ. > > However, I frequently am up until midnight so that could work. 5-5:30 pm is > > 7:30-8 am in Phoenix. I usually am not in front of my computer on a weekday > > until 8 am but on occasion I can do earlier. > > > > Ralph > > > >> On Sep 20, 2020, at 9:46 AM, Davyd McColl wrote: > >> > >> Any time 08h00 - 17h30 utc+2, except 13h00-14h00 (that's when I fetch my > >> son from school) > >> > >> -d > >> > >> > >> On September 20, 2020 18:44:19 Matt Sicker wrote: > >> > >>> We’re not quite as strict as Debian for keys (though if you can find a > >>> Debian group locally, they’re great for key signing). The video call idea > >>> could work for exchanging keys. What times would you be available to do > >>> that? > >>> > >>> On Sun, Sep 20, 2020 at 03:09 Davyd McColl wrote: > >>> > Hi Ralph > > > > I think I miscommunicated: I'm not regenerating my signing key - just the > > nuget API key for package upload. This forces me to log in in nuget.org > > which has 2fa and then I only use that key on the cli for the immediate > upload. > > > > My gpg key as at https://GitHub.com/fluffynuts.gpg is the same that I > used > > last time. > > > > -d > > > > > > On September 20, 2020 09:01:36 Ralph Goers > wrote: > > > > > In the long run you don’t want to be regenerating your signing key for > > > every release. The point is that you would upload the key to a central > > > keystore and other people would sign it there. At ApacheCon we would > have a > > > key signing “party” where we recorded each others keys and then would > take > > > our list and update the central keystore. When people verify the key > they > > > can look at the keystore and see that it is signed by a number of > people, > > > who then have their keys by a number of people and so on so you are > > > building a web of trust. Sooner or later there will be someone in that > web > > > that you personally know and trust. > > > > > > Ralph > > > > > >> On Sep 19, 2020, at 11:26 PM, Davyd McColl wrote: > > >> > > >> Thanks Matt, I've updated the artifacts on GitHub to have detached > > >> signatures. I had previously also uploaded my key to > >> sks-keyservers.net, > > > >> but I've also uploaded to MIT, though search there always times out. > > >> > > >> The document you've linked mentions face-to-face interactions to get > >> my > key > > >> into the official KEYS file. Not sure how many apache people are at my > end > > >> of the world (Durban, South Africa), but I can do an online meeting if > that > > >> helps. Last release, Ralph said I should sign, so I did. I'm new to > signing > > >> release artifacts - I've generally relied on authentication during > upload > > >> as verification of authenticity, with 2FA wherever possible (GitHub > >> and > > >> NPM; nuget survives with an apikey - but for the last 2 releases, I've > > >> regenerated the key on each use and only supplied it on the cli at > upload, > > >> so as not to store it locally) > > >> > > >> -d > > >> > > >> > > >> On September 19, 2020 22:23:41 Matt Sicker wrote: > > >> > > >>> Oh and there's a bit of an issue with the signed files: it looks like > > >>> you included _signed files_ rather than detached signatures. Thus, > >>> the > > >>> .asc files are only verifying themselves rather than the accompanying > > >>> file. > > >>> > > >>> There's a --detached option in gpg for this (yeah, it's always had a > bad UI). > > >>> > > >>> On Sat, 19 Sep 2020 at 15:19, Matt Sicker wrote: > > > > The KEYS file [1] that's linked on the download page does not have > > your k
Re: [VOTE] [log4net] Release 2.0.11
I'm happy to be available at 8am my side, if that works for everyone else. It sounds like earlier would be better, but I'm doing the morning school run from 7am and can't guarantee I'll be back significantly before 8am. How to do this? I have zoom and slack on my work machine, can install Skype if that's more convenient, can do google meet, I assume, though haven't ever tried, so may need a bit of a crash intro. If posting meeting details to the mailing list is not on, feel free to email me directly (: -d On September 20, 2020 20:58:29 Ralph Goers wrote: 8am in Durban South Africa is 11pm the night before in Phoenix AZ. However, I frequently am up until midnight so that could work. 5-5:30 pm is 7:30-8 am in Phoenix. I usually am not in front of my computer on a weekday until 8 am but on occasion I can do earlier. Ralph On Sep 20, 2020, at 9:46 AM, Davyd McColl wrote: Any time 08h00 - 17h30 utc+2, except 13h00-14h00 (that's when I fetch my son from school) -d On September 20, 2020 18:44:19 Matt Sicker wrote: We’re not quite as strict as Debian for keys (though if you can find a Debian group locally, they’re great for key signing). The video call idea could work for exchanging keys. What times would you be available to do that? On Sun, Sep 20, 2020 at 03:09 Davyd McColl wrote: Hi Ralph I think I miscommunicated: I'm not regenerating my signing key - just the nuget API key for package upload. This forces me to log in in nuget.org which has 2fa and then I only use that key on the cli for the immediate upload. My gpg key as at https://GitHub.com/fluffynuts.gpg is the same that I used last time. -d On September 20, 2020 09:01:36 Ralph Goers wrote: > In the long run you don’t want to be regenerating your signing key for > every release. The point is that you would upload the key to a central > keystore and other people would sign it there. At ApacheCon we would have a > key signing “party” where we recorded each others keys and then would take > our list and update the central keystore. When people verify the key they > can look at the keystore and see that it is signed by a number of people, > who then have their keys by a number of people and so on so you are > building a web of trust. Sooner or later there will be someone in that web > that you personally know and trust. > > Ralph > >> On Sep 19, 2020, at 11:26 PM, Davyd McColl wrote: >> >> Thanks Matt, I've updated the artifacts on GitHub to have detached >> signatures. I had previously also uploaded my key to sks-keyservers.net, >> but I've also uploaded to MIT, though search there always times out. >> >> The document you've linked mentions face-to-face interactions to get my key >> into the official KEYS file. Not sure how many apache people are at my end >> of the world (Durban, South Africa), but I can do an online meeting if that >> helps. Last release, Ralph said I should sign, so I did. I'm new to signing >> release artifacts - I've generally relied on authentication during upload >> as verification of authenticity, with 2FA wherever possible (GitHub and >> NPM; nuget survives with an apikey - but for the last 2 releases, I've >> regenerated the key on each use and only supplied it on the cli at upload, >> so as not to store it locally) >> >> -d >> >> >> On September 19, 2020 22:23:41 Matt Sicker wrote: >> >>> Oh and there's a bit of an issue with the signed files: it looks like >>> you included _signed files_ rather than detached signatures. Thus, the >>> .asc files are only verifying themselves rather than the accompanying >>> file. >>> >>> There's a --detached option in gpg for this (yeah, it's always had a bad UI). >>> >>> On Sat, 19 Sep 2020 at 15:19, Matt Sicker wrote: The KEYS file [1] that's linked on the download page does not have your key in it. Neither does other KEYS file [2]. Check out [3] for more info. [1]: https://downloads.apache.org/logging/log4net/KEYS [2]: https://downloads.apache.org/logging/KEYS [3]: https://infra.apache.org/release-signing.html#keys-policy On Sat, 19 Sep 2020 at 12:48, Davyd McColl wrote: > > Thanks Matt, I've done so. Hopefully that makes it easier to verify > artifacts that I have signed. > > -d > > > On September 18, 2020 23:11:48 Matt Sicker wrote: > > > If you upload your key to your GitHub profile, that also makes it > > simple to find. For example, just add ".gpg" to your profile URL: > > https://github.com/fluffynuts.gpg > > > > On Fri, 18 Sep 2020 at 16:08, Remko Popma wrote: > >> > >> +1 remko > >> > >> On Sat, Sep 19, 2020 at 5:56 AM Matt Sicker wrote: > >> > >> > How about your gpg key? I don't think we've imported that to the KEYS > >> > file as far as I can tell? > >> > > >> > On Fri, 18
Re: [VOTE] [log4net] Release 2.0.11
8am in Durban South Africa is 11pm the night before in Phoenix AZ. However, I frequently am up until midnight so that could work. 5-5:30 pm is 7:30-8 am in Phoenix. I usually am not in front of my computer on a weekday until 8 am but on occasion I can do earlier. Ralph > On Sep 20, 2020, at 9:46 AM, Davyd McColl wrote: > > Any time 08h00 - 17h30 utc+2, except 13h00-14h00 (that's when I fetch my son > from school) > > -d > > > On September 20, 2020 18:44:19 Matt Sicker wrote: > >> We’re not quite as strict as Debian for keys (though if you can find a >> Debian group locally, they’re great for key signing). The video call idea >> could work for exchanging keys. What times would you be available to do >> that? >> >> On Sun, Sep 20, 2020 at 03:09 Davyd McColl wrote: >> >>> Hi Ralph >>> >>> >>> >>> I think I miscommunicated: I'm not regenerating my signing key - just the >>> >>> nuget API key for package upload. This forces me to log in in nuget.org >>> >>> which has 2fa and then I only use that key on the cli for the immediate >>> upload. >>> >>> >>> >>> My gpg key as at https://GitHub.com/fluffynuts.gpg is the same that I >>> used >>> >>> last time. >>> >>> >>> >>> -d >>> >>> >>> >>> >>> >>> On September 20, 2020 09:01:36 Ralph Goers >>> wrote: >>> >>> >>> >>> > In the long run you don’t want to be regenerating your signing key for >>> >>> > every release. The point is that you would upload the key to a central >>> >>> > keystore and other people would sign it there. At ApacheCon we would >>> have a >>> >>> > key signing “party” where we recorded each others keys and then would >>> take >>> >>> > our list and update the central keystore. When people verify the key >>> they >>> >>> > can look at the keystore and see that it is signed by a number of >>> people, >>> >>> > who then have their keys by a number of people and so on so you are >>> >>> > building a web of trust. Sooner or later there will be someone in that >>> web >>> >>> > that you personally know and trust. >>> >>> > >>> >>> > Ralph >>> >>> > >>> >>> >> On Sep 19, 2020, at 11:26 PM, Davyd McColl wrote: >>> >>> >> >>> >>> >> Thanks Matt, I've updated the artifacts on GitHub to have detached >>> >>> >> signatures. I had previously also uploaded my key to sks-keyservers.net, >>> >>> >>> >> but I've also uploaded to MIT, though search there always times out. >>> >>> >> >>> >>> >> The document you've linked mentions face-to-face interactions to get my >>> key >>> >>> >> into the official KEYS file. Not sure how many apache people are at my >>> end >>> >>> >> of the world (Durban, South Africa), but I can do an online meeting if >>> that >>> >>> >> helps. Last release, Ralph said I should sign, so I did. I'm new to >>> signing >>> >>> >> release artifacts - I've generally relied on authentication during >>> upload >>> >>> >> as verification of authenticity, with 2FA wherever possible (GitHub and >>> >>> >> NPM; nuget survives with an apikey - but for the last 2 releases, I've >>> >>> >> regenerated the key on each use and only supplied it on the cli at >>> upload, >>> >>> >> so as not to store it locally) >>> >>> >> >>> >>> >> -d >>> >>> >> >>> >>> >> >>> >>> >> On September 19, 2020 22:23:41 Matt Sicker wrote: >>> >>> >> >>> >>> >>> Oh and there's a bit of an issue with the signed files: it looks like >>> >>> >>> you included _signed files_ rather than detached signatures. Thus, the >>> >>> >>> .asc files are only verifying themselves rather than the accompanying >>> >>> >>> file. >>> >>> >>> >>> >>> >>> There's a --detached option in gpg for this (yeah, it's always had a >>> bad UI). >>> >>> >>> >>> >>> >>> On Sat, 19 Sep 2020 at 15:19, Matt Sicker wrote: >>> >>> >>> >>> The KEYS file [1] that's linked on the download page does not have >>> >>> your key in it. Neither does other KEYS file [2]. Check out [3] for >>> >>> more info. >>> >>> >>> >>> [1]: https://downloads.apache.org/logging/log4net/KEYS >>> >>> [2]: https://downloads.apache.org/logging/KEYS >>> >>> [3]: https://infra.apache.org/release-signing.html#keys-policy >>> >>> >>> >>> >>> >>> >>> >>> On Sat, 19 Sep 2020 at 12:48, Davyd McColl wrote: >>> >>> > >>> >>> > Thanks Matt, I've done so. Hopefully that makes it easier to verify >>> >>> > artifacts that I have signed. >>> >>> > >>> >>> > -d >>> >>> > >>> >>> > >>> >>> > On September 18, 2020 23:11:48 Matt Sicker >>> wrote: >>> >>> > >>> >>> > > If you upload your key to your GitHub profile, that also makes it >>> >>> > > simple to find. For example, just add ".gpg" to your profile URL: >>> >>> > > https://github.com/fluffynuts.gpg >>> >>> > > >>> >>> > > On Fri, 18 Sep 2020 at 16:08, Remko Popma >>> wrote: >>> >>> > >> >>> >>> > >> +1 remko >>> >>> > >> >>> >>> > >> On Sat, Sep 19
Re: [VOTE] [log4net] Release 2.0.11
I should be able to do 08:00 tomorrow morning (still night in my time zone but technically still tomorrow either way). If I weren’t on vacation at the moment, we’d have to do the other end of your schedule which would be during my typical “meetings with the other hemisphere” hours (some of my work teammates are in the same time zone as you out in EU). On Sun, Sep 20, 2020 at 11:47 Davyd McColl wrote: > Any time 08h00 - 17h30 utc+2, except 13h00-14h00 (that's when I fetch my > > son from school) > > > > -d > > > > > > On September 20, 2020 18:44:19 Matt Sicker wrote: > > > > > We’re not quite as strict as Debian for keys (though if you can find a > > > Debian group locally, they’re great for key signing). The video call idea > > > could work for exchanging keys. What times would you be available to do > > > that? > > > > > > On Sun, Sep 20, 2020 at 03:09 Davyd McColl wrote: > > > > > >> Hi Ralph > > >> > > >> > > >> > > >> I think I miscommunicated: I'm not regenerating my signing key - just > the > > >> > > >> nuget API key for package upload. This forces me to log in in nuget.org > > >> > > >> which has 2fa and then I only use that key on the cli for the immediate > > >> upload. > > >> > > >> > > >> > > >> My gpg key as at https://GitHub.com/fluffynuts.gpg is the same that I > > >> used > > >> > > >> last time. > > >> > > >> > > >> > > >> -d > > >> > > >> > > >> > > >> > > >> > > >> On September 20, 2020 09:01:36 Ralph Goers > > >> wrote: > > >> > > >> > > >> > > >> > In the long run you don’t want to be regenerating your signing key for > > >> > > >> > every release. The point is that you would upload the key to a central > > >> > > >> > keystore and other people would sign it there. At ApacheCon we would > > >> have a > > >> > > >> > key signing “party” where we recorded each others keys and then would > > >> take > > >> > > >> > our list and update the central keystore. When people verify the key > > >> they > > >> > > >> > can look at the keystore and see that it is signed by a number of > > >> people, > > >> > > >> > who then have their keys by a number of people and so on so you are > > >> > > >> > building a web of trust. Sooner or later there will be someone in > that > > >> web > > >> > > >> > that you personally know and trust. > > >> > > >> > > > >> > > >> > Ralph > > >> > > >> > > > >> > > >> >> On Sep 19, 2020, at 11:26 PM, Davyd McColl wrote: > > >> > > >> >> > > >> > > >> >> Thanks Matt, I've updated the artifacts on GitHub to have detached > > >> > > >> >> signatures. I had previously also uploaded my key to > sks-keyservers.net, > > >> > > >> > > >> >> but I've also uploaded to MIT, though search there always times out. > > >> > > >> >> > > >> > > >> >> The document you've linked mentions face-to-face interactions to get > my > > >> key > > >> > > >> >> into the official KEYS file. Not sure how many apache people are at > my > > >> end > > >> > > >> >> of the world (Durban, South Africa), but I can do an online meeting > if > > >> that > > >> > > >> >> helps. Last release, Ralph said I should sign, so I did. I'm new to > > >> signing > > >> > > >> >> release artifacts - I've generally relied on authentication during > > >> upload > > >> > > >> >> as verification of authenticity, with 2FA wherever possible (GitHub > and > > >> > > >> >> NPM; nuget survives with an apikey - but for the last 2 releases, > I've > > >> > > >> >> regenerated the key on each use and only supplied it on the cli at > > >> upload, > > >> > > >> >> so as not to store it locally) > > >> > > >> >> > > >> > > >> >> -d > > >> > > >> >> > > >> > > >> >> > > >> > > >> >> On September 19, 2020 22:23:41 Matt Sicker wrote: > > >> > > >> >> > > >> > > >> >>> Oh and there's a bit of an issue with the signed files: it looks > like > > >> > > >> >>> you included _signed files_ rather than detached signatures. Thus, > the > > >> > > >> >>> .asc files are only verifying themselves rather than the > accompanying > > >> > > >> >>> file. > > >> > > >> >>> > > >> > > >> >>> There's a --detached option in gpg for this (yeah, it's always had a > > >> bad UI). > > >> > > >> >>> > > >> > > >> >>> On Sat, 19 Sep 2020 at 15:19, Matt Sicker wrote: > > >> > > >> > > >> > > >> The KEYS file [1] that's linked on the download page does not have > > >> > > >> your key in it. Neither does other KEYS file [2]. Check out [3] for > > >> > > >> more info. > > >> > > >> > > >> > > >> [1]: https://downloads.apache.org/logging/log4net/KEYS > > >> > > >> [2]: https://downloads.apache.org/logging/KEYS > > >> > > >> [3]: https://infra.apache.org/release-signing.html#keys-policy > > >> > > >> > > >> > > >> > > >> > > >> > > >> > > >> On Sat, 19 Sep 2020 at 12:48, Davyd McColl > wrote: > > >> > > >> > > > >> > > >> > Thanks Matt, I've done so. Hopefully that makes it easier to > verify > > >> > > >> > artifacts that I have signed. > > >> > > >> > > > >> > > >> > -d
Re: [VOTE] [log4net] Release 2.0.11
Any time 08h00 - 17h30 utc+2, except 13h00-14h00 (that's when I fetch my son from school) -d On September 20, 2020 18:44:19 Matt Sicker wrote: We’re not quite as strict as Debian for keys (though if you can find a Debian group locally, they’re great for key signing). The video call idea could work for exchanging keys. What times would you be available to do that? On Sun, Sep 20, 2020 at 03:09 Davyd McColl wrote: Hi Ralph I think I miscommunicated: I'm not regenerating my signing key - just the nuget API key for package upload. This forces me to log in in nuget.org which has 2fa and then I only use that key on the cli for the immediate upload. My gpg key as at https://GitHub.com/fluffynuts.gpg is the same that I used last time. -d On September 20, 2020 09:01:36 Ralph Goers wrote: > In the long run you don’t want to be regenerating your signing key for > every release. The point is that you would upload the key to a central > keystore and other people would sign it there. At ApacheCon we would have a > key signing “party” where we recorded each others keys and then would take > our list and update the central keystore. When people verify the key they > can look at the keystore and see that it is signed by a number of people, > who then have their keys by a number of people and so on so you are > building a web of trust. Sooner or later there will be someone in that web > that you personally know and trust. > > Ralph > >> On Sep 19, 2020, at 11:26 PM, Davyd McColl wrote: >> >> Thanks Matt, I've updated the artifacts on GitHub to have detached >> signatures. I had previously also uploaded my key to sks-keyservers.net, >> but I've also uploaded to MIT, though search there always times out. >> >> The document you've linked mentions face-to-face interactions to get my key >> into the official KEYS file. Not sure how many apache people are at my end >> of the world (Durban, South Africa), but I can do an online meeting if that >> helps. Last release, Ralph said I should sign, so I did. I'm new to signing >> release artifacts - I've generally relied on authentication during upload >> as verification of authenticity, with 2FA wherever possible (GitHub and >> NPM; nuget survives with an apikey - but for the last 2 releases, I've >> regenerated the key on each use and only supplied it on the cli at upload, >> so as not to store it locally) >> >> -d >> >> >> On September 19, 2020 22:23:41 Matt Sicker wrote: >> >>> Oh and there's a bit of an issue with the signed files: it looks like >>> you included _signed files_ rather than detached signatures. Thus, the >>> .asc files are only verifying themselves rather than the accompanying >>> file. >>> >>> There's a --detached option in gpg for this (yeah, it's always had a bad UI). >>> >>> On Sat, 19 Sep 2020 at 15:19, Matt Sicker wrote: The KEYS file [1] that's linked on the download page does not have your key in it. Neither does other KEYS file [2]. Check out [3] for more info. [1]: https://downloads.apache.org/logging/log4net/KEYS [2]: https://downloads.apache.org/logging/KEYS [3]: https://infra.apache.org/release-signing.html#keys-policy On Sat, 19 Sep 2020 at 12:48, Davyd McColl wrote: > > Thanks Matt, I've done so. Hopefully that makes it easier to verify > artifacts that I have signed. > > -d > > > On September 18, 2020 23:11:48 Matt Sicker wrote: > > > If you upload your key to your GitHub profile, that also makes it > > simple to find. For example, just add ".gpg" to your profile URL: > > https://github.com/fluffynuts.gpg > > > > On Fri, 18 Sep 2020 at 16:08, Remko Popma wrote: > >> > >> +1 remko > >> > >> On Sat, Sep 19, 2020 at 5:56 AM Matt Sicker wrote: > >> > >> > How about your gpg key? I don't think we've imported that to the KEYS > >> > file as far as I can tell? > >> > > >> > On Fri, 18 Sep 2020 at 15:53, Matt Sicker wrote: > >> > > > >> > > Oh sorry, I didn't notice that you uploaded them there (wasn't even > >> > > aware that it was possible to be honest). > >> > > > >> > > On Fri, 18 Sep 2020 at 14:43, Davyd McColl wrote: > >> > > > > >> > > > Hi Matt > >> > > > > >> > > > Release artifacts are available on the GitHub release page > >> > > > (https://GitHub.com/Apache/logging-log4net/releases) - expand the > >> > assets > >> > > > list if it's collapsed. > >> > > > > >> > > > I'll need someone to upload them to the downloads source as I think I > >> > don't > >> > > > have access to do so (if I'm wrong, I'd love to be corrected, because > >> > I'd > >> > > > be less of an annoyance then!). Ralph has stepped in to help here in > >> > the past. >
Re: [VOTE] [log4net] Release 2.0.11
We’re not quite as strict as Debian for keys (though if you can find a Debian group locally, they’re great for key signing). The video call idea could work for exchanging keys. What times would you be available to do that? On Sun, Sep 20, 2020 at 03:09 Davyd McColl wrote: > Hi Ralph > > > > I think I miscommunicated: I'm not regenerating my signing key - just the > > nuget API key for package upload. This forces me to log in in nuget.org > > which has 2fa and then I only use that key on the cli for the immediate > upload. > > > > My gpg key as at https://GitHub.com/fluffynuts.gpg is the same that I > used > > last time. > > > > -d > > > > > > On September 20, 2020 09:01:36 Ralph Goers > wrote: > > > > > In the long run you don’t want to be regenerating your signing key for > > > every release. The point is that you would upload the key to a central > > > keystore and other people would sign it there. At ApacheCon we would > have a > > > key signing “party” where we recorded each others keys and then would > take > > > our list and update the central keystore. When people verify the key > they > > > can look at the keystore and see that it is signed by a number of > people, > > > who then have their keys by a number of people and so on so you are > > > building a web of trust. Sooner or later there will be someone in that > web > > > that you personally know and trust. > > > > > > Ralph > > > > > >> On Sep 19, 2020, at 11:26 PM, Davyd McColl wrote: > > >> > > >> Thanks Matt, I've updated the artifacts on GitHub to have detached > > >> signatures. I had previously also uploaded my key to sks-keyservers.net, > > > >> but I've also uploaded to MIT, though search there always times out. > > >> > > >> The document you've linked mentions face-to-face interactions to get my > key > > >> into the official KEYS file. Not sure how many apache people are at my > end > > >> of the world (Durban, South Africa), but I can do an online meeting if > that > > >> helps. Last release, Ralph said I should sign, so I did. I'm new to > signing > > >> release artifacts - I've generally relied on authentication during > upload > > >> as verification of authenticity, with 2FA wherever possible (GitHub and > > >> NPM; nuget survives with an apikey - but for the last 2 releases, I've > > >> regenerated the key on each use and only supplied it on the cli at > upload, > > >> so as not to store it locally) > > >> > > >> -d > > >> > > >> > > >> On September 19, 2020 22:23:41 Matt Sicker wrote: > > >> > > >>> Oh and there's a bit of an issue with the signed files: it looks like > > >>> you included _signed files_ rather than detached signatures. Thus, the > > >>> .asc files are only verifying themselves rather than the accompanying > > >>> file. > > >>> > > >>> There's a --detached option in gpg for this (yeah, it's always had a > bad UI). > > >>> > > >>> On Sat, 19 Sep 2020 at 15:19, Matt Sicker wrote: > > > > The KEYS file [1] that's linked on the download page does not have > > your key in it. Neither does other KEYS file [2]. Check out [3] for > > more info. > > > > [1]: https://downloads.apache.org/logging/log4net/KEYS > > [2]: https://downloads.apache.org/logging/KEYS > > [3]: https://infra.apache.org/release-signing.html#keys-policy > > > > > > > > On Sat, 19 Sep 2020 at 12:48, Davyd McColl wrote: > > > > > > Thanks Matt, I've done so. Hopefully that makes it easier to verify > > > artifacts that I have signed. > > > > > > -d > > > > > > > > > On September 18, 2020 23:11:48 Matt Sicker > wrote: > > > > > > > If you upload your key to your GitHub profile, that also makes it > > > > simple to find. For example, just add ".gpg" to your profile URL: > > > > https://github.com/fluffynuts.gpg > > > > > > > > On Fri, 18 Sep 2020 at 16:08, Remko Popma > wrote: > > > >> > > > >> +1 remko > > > >> > > > >> On Sat, Sep 19, 2020 at 5:56 AM Matt Sicker > wrote: > > > >> > > > >> > How about your gpg key? I don't think we've imported that to > the KEYS > > > >> > file as far as I can tell? > > > >> > > > > >> > On Fri, 18 Sep 2020 at 15:53, Matt Sicker > wrote: > > > >> > > > > > >> > > Oh sorry, I didn't notice that you uploaded them there > (wasn't even > > > >> > > aware that it was possible to be honest). > > > >> > > > > > >> > > On Fri, 18 Sep 2020 at 14:43, Davyd McColl > wrote: > > > >> > > > > > > >> > > > Hi Matt > > > >> > > > > > > >> > > > Release artifacts are available on the GitHub release page > > > >> > > > (https://GitHub.com/Apache/logging-log4net/releases) - > expand the > > > >> > assets > > > >> > > > list if it's collapsed. > > > >> > > > > > > >> > > > I'll need someone to upload them to the downloads source > as I > > think I > > > >> > don't > > > >>
Re: [VOTE] [log4net] Release 2.0.11
Hi Ralph I think I miscommunicated: I'm not regenerating my signing key - just the nuget API key for package upload. This forces me to log in in nuget.org which has 2fa and then I only use that key on the cli for the immediate upload. My gpg key as at https://GitHub.com/fluffynuts.gpg is the same that I used last time. -d On September 20, 2020 09:01:36 Ralph Goers wrote: In the long run you don’t want to be regenerating your signing key for every release. The point is that you would upload the key to a central keystore and other people would sign it there. At ApacheCon we would have a key signing “party” where we recorded each others keys and then would take our list and update the central keystore. When people verify the key they can look at the keystore and see that it is signed by a number of people, who then have their keys by a number of people and so on so you are building a web of trust. Sooner or later there will be someone in that web that you personally know and trust. Ralph On Sep 19, 2020, at 11:26 PM, Davyd McColl wrote: Thanks Matt, I've updated the artifacts on GitHub to have detached signatures. I had previously also uploaded my key to sks-keyservers.net, but I've also uploaded to MIT, though search there always times out. The document you've linked mentions face-to-face interactions to get my key into the official KEYS file. Not sure how many apache people are at my end of the world (Durban, South Africa), but I can do an online meeting if that helps. Last release, Ralph said I should sign, so I did. I'm new to signing release artifacts - I've generally relied on authentication during upload as verification of authenticity, with 2FA wherever possible (GitHub and NPM; nuget survives with an apikey - but for the last 2 releases, I've regenerated the key on each use and only supplied it on the cli at upload, so as not to store it locally) -d On September 19, 2020 22:23:41 Matt Sicker wrote: Oh and there's a bit of an issue with the signed files: it looks like you included _signed files_ rather than detached signatures. Thus, the .asc files are only verifying themselves rather than the accompanying file. There's a --detached option in gpg for this (yeah, it's always had a bad UI). On Sat, 19 Sep 2020 at 15:19, Matt Sicker wrote: The KEYS file [1] that's linked on the download page does not have your key in it. Neither does other KEYS file [2]. Check out [3] for more info. [1]: https://downloads.apache.org/logging/log4net/KEYS [2]: https://downloads.apache.org/logging/KEYS [3]: https://infra.apache.org/release-signing.html#keys-policy On Sat, 19 Sep 2020 at 12:48, Davyd McColl wrote: > > Thanks Matt, I've done so. Hopefully that makes it easier to verify > artifacts that I have signed. > > -d > > > On September 18, 2020 23:11:48 Matt Sicker wrote: > > > If you upload your key to your GitHub profile, that also makes it > > simple to find. For example, just add ".gpg" to your profile URL: > > https://github.com/fluffynuts.gpg > > > > On Fri, 18 Sep 2020 at 16:08, Remko Popma wrote: > >> > >> +1 remko > >> > >> On Sat, Sep 19, 2020 at 5:56 AM Matt Sicker wrote: > >> > >> > How about your gpg key? I don't think we've imported that to the KEYS > >> > file as far as I can tell? > >> > > >> > On Fri, 18 Sep 2020 at 15:53, Matt Sicker wrote: > >> > > > >> > > Oh sorry, I didn't notice that you uploaded them there (wasn't even > >> > > aware that it was possible to be honest). > >> > > > >> > > On Fri, 18 Sep 2020 at 14:43, Davyd McColl wrote: > >> > > > > >> > > > Hi Matt > >> > > > > >> > > > Release artifacts are available on the GitHub release page > >> > > > (https://GitHub.com/Apache/logging-log4net/releases) - expand the > >> > assets > >> > > > list if it's collapsed. > >> > > > > >> > > > I'll need someone to upload them to the downloads source as I think I > >> > don't > >> > > > have access to do so (if I'm wrong, I'd love to be corrected, because > >> > I'd > >> > > > be less of an annoyance then!). Ralph has stepped in to help here in > >> > the past. > >> > > > > >> > > > -d > >> > > > > >> > > > > >> > > > On September 18, 2020 20:09:07 Matt Sicker wrote: > >> > > > > >> > > > > Do you have links to the release artifacts? The download page links > >> > to > >> > > > > the live site which doesn't have the artifacts yet since they're not > >> > > > > released yet. :) > >> > > > > > >> > > > > On Fri, 18 Sep 2020 at 09:05, Davyd McColl > >> > wrote: > >> > > > >> > >> > > > >> Hi all > >> > > > >> > >> > > > >> I have another potential release available: 2.0.11, tagged as > >> > rc/2.0.11 > >> > > > >> > >> > > > >> Changes are really minor: > >> > > > >> - fixed assembly versioning (all assemblies should report 2.0.11.0 > >> > as their > >> > > > >> version now) > >> > > > >> - properly dispose of StreamWriters within logging appenders > >> > (thanks to > >> > > > >> @NicholasNoise) > >> > > > >> > >> > > > >> Binar
Re: [VOTE] [log4net] Release 2.0.11
In the long run you don’t want to be regenerating your signing key for every release. The point is that you would upload the key to a central keystore and other people would sign it there. At ApacheCon we would have a key signing “party” where we recorded each others keys and then would take our list and update the central keystore. When people verify the key they can look at the keystore and see that it is signed by a number of people, who then have their keys by a number of people and so on so you are building a web of trust. Sooner or later there will be someone in that web that you personally know and trust. Ralph > On Sep 19, 2020, at 11:26 PM, Davyd McColl wrote: > > Thanks Matt, I've updated the artifacts on GitHub to have detached > signatures. I had previously also uploaded my key to sks-keyservers.net, but > I've also uploaded to MIT, though search there always times out. > > The document you've linked mentions face-to-face interactions to get my key > into the official KEYS file. Not sure how many apache people are at my end of > the world (Durban, South Africa), but I can do an online meeting if that > helps. Last release, Ralph said I should sign, so I did. I'm new to signing > release artifacts - I've generally relied on authentication during upload as > verification of authenticity, with 2FA wherever possible (GitHub and NPM; > nuget survives with an apikey - but for the last 2 releases, I've regenerated > the key on each use and only supplied it on the cli at upload, so as not to > store it locally) > > -d > > > On September 19, 2020 22:23:41 Matt Sicker wrote: > >> Oh and there's a bit of an issue with the signed files: it looks like >> you included _signed files_ rather than detached signatures. Thus, the >> .asc files are only verifying themselves rather than the accompanying >> file. >> >> There's a --detached option in gpg for this (yeah, it's always had a bad UI). >> >> On Sat, 19 Sep 2020 at 15:19, Matt Sicker wrote: >>> >>> The KEYS file [1] that's linked on the download page does not have >>> your key in it. Neither does other KEYS file [2]. Check out [3] for >>> more info. >>> >>> [1]: https://downloads.apache.org/logging/log4net/KEYS >>> [2]: https://downloads.apache.org/logging/KEYS >>> [3]: https://infra.apache.org/release-signing.html#keys-policy >>> >>> >>> >>> On Sat, 19 Sep 2020 at 12:48, Davyd McColl wrote: >>> > >>> > Thanks Matt, I've done so. Hopefully that makes it easier to verify >>> > artifacts that I have signed. >>> > >>> > -d >>> > >>> > >>> > On September 18, 2020 23:11:48 Matt Sicker wrote: >>> > >>> > > If you upload your key to your GitHub profile, that also makes it >>> > > simple to find. For example, just add ".gpg" to your profile URL: >>> > > https://github.com/fluffynuts.gpg >>> > > >>> > > On Fri, 18 Sep 2020 at 16:08, Remko Popma wrote: >>> > >> >>> > >> +1 remko >>> > >> >>> > >> On Sat, Sep 19, 2020 at 5:56 AM Matt Sicker wrote: >>> > >> >>> > >> > How about your gpg key? I don't think we've imported that to the KEYS >>> > >> > file as far as I can tell? >>> > >> > >>> > >> > On Fri, 18 Sep 2020 at 15:53, Matt Sicker wrote: >>> > >> > > >>> > >> > > Oh sorry, I didn't notice that you uploaded them there (wasn't even >>> > >> > > aware that it was possible to be honest). >>> > >> > > >>> > >> > > On Fri, 18 Sep 2020 at 14:43, Davyd McColl >>> > >> > > wrote: >>> > >> > > > >>> > >> > > > Hi Matt >>> > >> > > > >>> > >> > > > Release artifacts are available on the GitHub release page >>> > >> > > > (https://GitHub.com/Apache/logging-log4net/releases) - expand the >>> > >> > assets >>> > >> > > > list if it's collapsed. >>> > >> > > > >>> > >> > > > I'll need someone to upload them to the downloads source as I >>> > >> > > > think I >>> > >> > don't >>> > >> > > > have access to do so (if I'm wrong, I'd love to be corrected, >>> > >> > > > because >>> > >> > I'd >>> > >> > > > be less of an annoyance then!). Ralph has stepped in to help >>> > >> > > > here in >>> > >> > the past. >>> > >> > > > >>> > >> > > > -d >>> > >> > > > >>> > >> > > > >>> > >> > > > On September 18, 2020 20:09:07 Matt Sicker >>> > >> > > > wrote: >>> > >> > > > >>> > >> > > > > Do you have links to the release artifacts? The download page >>> > >> > > > > links >>> > >> > to >>> > >> > > > > the live site which doesn't have the artifacts yet since >>> > >> > > > > they're not >>> > >> > > > > released yet. :) >>> > >> > > > > >>> > >> > > > > On Fri, 18 Sep 2020 at 09:05, Davyd McColl >>> > >> > > > > >>> > >> > wrote: >>> > >> > > > >> >>> > >> > > > >> Hi all >>> > >> > > > >> >>> > >> > > > >> I have another potential release available: 2.0.11, tagged as >>> > >> > rc/2.0.11 >>> > >> > > > >> >>> > >> > > > >> Changes are really minor: >>> > >> > > > >> - fixed assembly versioning (all assemblies should report >>> > >> > > > >> 2.0.11.0 >>> > >> > as their >>> > >> > > > >> version now) >>> > >> > > > >> - properly dispose
Re: [VOTE] [log4net] Release 2.0.11
Thanks Matt, I've updated the artifacts on GitHub to have detached signatures. I had previously also uploaded my key to sks-keyservers.net, but I've also uploaded to MIT, though search there always times out. The document you've linked mentions face-to-face interactions to get my key into the official KEYS file. Not sure how many apache people are at my end of the world (Durban, South Africa), but I can do an online meeting if that helps. Last release, Ralph said I should sign, so I did. I'm new to signing release artifacts - I've generally relied on authentication during upload as verification of authenticity, with 2FA wherever possible (GitHub and NPM; nuget survives with an apikey - but for the last 2 releases, I've regenerated the key on each use and only supplied it on the cli at upload, so as not to store it locally) -d On September 19, 2020 22:23:41 Matt Sicker wrote: Oh and there's a bit of an issue with the signed files: it looks like you included _signed files_ rather than detached signatures. Thus, the .asc files are only verifying themselves rather than the accompanying file. There's a --detached option in gpg for this (yeah, it's always had a bad UI). On Sat, 19 Sep 2020 at 15:19, Matt Sicker wrote: The KEYS file [1] that's linked on the download page does not have your key in it. Neither does other KEYS file [2]. Check out [3] for more info. [1]: https://downloads.apache.org/logging/log4net/KEYS [2]: https://downloads.apache.org/logging/KEYS [3]: https://infra.apache.org/release-signing.html#keys-policy On Sat, 19 Sep 2020 at 12:48, Davyd McColl wrote: > > Thanks Matt, I've done so. Hopefully that makes it easier to verify > artifacts that I have signed. > > -d > > > On September 18, 2020 23:11:48 Matt Sicker wrote: > > > If you upload your key to your GitHub profile, that also makes it > > simple to find. For example, just add ".gpg" to your profile URL: > > https://github.com/fluffynuts.gpg > > > > On Fri, 18 Sep 2020 at 16:08, Remko Popma wrote: > >> > >> +1 remko > >> > >> On Sat, Sep 19, 2020 at 5:56 AM Matt Sicker wrote: > >> > >> > How about your gpg key? I don't think we've imported that to the KEYS > >> > file as far as I can tell? > >> > > >> > On Fri, 18 Sep 2020 at 15:53, Matt Sicker wrote: > >> > > > >> > > Oh sorry, I didn't notice that you uploaded them there (wasn't even > >> > > aware that it was possible to be honest). > >> > > > >> > > On Fri, 18 Sep 2020 at 14:43, Davyd McColl wrote: > >> > > > > >> > > > Hi Matt > >> > > > > >> > > > Release artifacts are available on the GitHub release page > >> > > > (https://GitHub.com/Apache/logging-log4net/releases) - expand the > >> > assets > >> > > > list if it's collapsed. > >> > > > > >> > > > I'll need someone to upload them to the downloads source as I think I > >> > don't > >> > > > have access to do so (if I'm wrong, I'd love to be corrected, because > >> > I'd > >> > > > be less of an annoyance then!). Ralph has stepped in to help here in > >> > the past. > >> > > > > >> > > > -d > >> > > > > >> > > > > >> > > > On September 18, 2020 20:09:07 Matt Sicker wrote: > >> > > > > >> > > > > Do you have links to the release artifacts? The download page links > >> > to > >> > > > > the live site which doesn't have the artifacts yet since they're not > >> > > > > released yet. :) > >> > > > > > >> > > > > On Fri, 18 Sep 2020 at 09:05, Davyd McColl > >> > wrote: > >> > > > >> > >> > > > >> Hi all > >> > > > >> > >> > > > >> I have another potential release available: 2.0.11, tagged as > >> > rc/2.0.11 > >> > > > >> > >> > > > >> Changes are really minor: > >> > > > >> - fixed assembly versioning (all assemblies should report 2.0.11.0 > >> > as their > >> > > > >> version now) > >> > > > >> - properly dispose of StreamWriters within logging appenders > >> > (thanks to > >> > > > >> @NicholasNoise) > >> > > > >> > >> > > > >> Binaries are up at > >> > > > >> https://github.com/apache/logging-log4net/releases/tag/rc%2F2.0.11 > >> > and I've > >> > > > >> pushed to asf-staging for logging, now up at > >> > > > >> https://logging.staged.apache.org/log4net/download_log4net.html > >> > > > >> > >> > > > >> Thanks > >> > > > >> -d > >> > > > > > >> > > > > > >> > > > > > >> > > > > -- > >> > > > > Matt Sicker > >> > > > >> > > > >> > > > >> > > -- > >> > > Matt Sicker > >> > > >> > > >> > > >> > -- > >> > Matt Sicker > >> > > > > > > > > > -- > > Matt Sicker -- Matt Sicker -- Matt Sicker
Re: [VOTE] [log4net] Release 2.0.11
Oh and there's a bit of an issue with the signed files: it looks like you included _signed files_ rather than detached signatures. Thus, the .asc files are only verifying themselves rather than the accompanying file. There's a --detached option in gpg for this (yeah, it's always had a bad UI). On Sat, 19 Sep 2020 at 15:19, Matt Sicker wrote: > > The KEYS file [1] that's linked on the download page does not have > your key in it. Neither does other KEYS file [2]. Check out [3] for > more info. > > [1]: https://downloads.apache.org/logging/log4net/KEYS > [2]: https://downloads.apache.org/logging/KEYS > [3]: https://infra.apache.org/release-signing.html#keys-policy > > > > On Sat, 19 Sep 2020 at 12:48, Davyd McColl wrote: > > > > Thanks Matt, I've done so. Hopefully that makes it easier to verify > > artifacts that I have signed. > > > > -d > > > > > > On September 18, 2020 23:11:48 Matt Sicker wrote: > > > > > If you upload your key to your GitHub profile, that also makes it > > > simple to find. For example, just add ".gpg" to your profile URL: > > > https://github.com/fluffynuts.gpg > > > > > > On Fri, 18 Sep 2020 at 16:08, Remko Popma wrote: > > >> > > >> +1 remko > > >> > > >> On Sat, Sep 19, 2020 at 5:56 AM Matt Sicker wrote: > > >> > > >> > How about your gpg key? I don't think we've imported that to the KEYS > > >> > file as far as I can tell? > > >> > > > >> > On Fri, 18 Sep 2020 at 15:53, Matt Sicker wrote: > > >> > > > > >> > > Oh sorry, I didn't notice that you uploaded them there (wasn't even > > >> > > aware that it was possible to be honest). > > >> > > > > >> > > On Fri, 18 Sep 2020 at 14:43, Davyd McColl wrote: > > >> > > > > > >> > > > Hi Matt > > >> > > > > > >> > > > Release artifacts are available on the GitHub release page > > >> > > > (https://GitHub.com/Apache/logging-log4net/releases) - expand the > > >> > assets > > >> > > > list if it's collapsed. > > >> > > > > > >> > > > I'll need someone to upload them to the downloads source as I > > >> > > > think I > > >> > don't > > >> > > > have access to do so (if I'm wrong, I'd love to be corrected, > > >> > > > because > > >> > I'd > > >> > > > be less of an annoyance then!). Ralph has stepped in to help here > > >> > > > in > > >> > the past. > > >> > > > > > >> > > > -d > > >> > > > > > >> > > > > > >> > > > On September 18, 2020 20:09:07 Matt Sicker > > >> > > > wrote: > > >> > > > > > >> > > > > Do you have links to the release artifacts? The download page > > >> > > > > links > > >> > to > > >> > > > > the live site which doesn't have the artifacts yet since they're > > >> > > > > not > > >> > > > > released yet. :) > > >> > > > > > > >> > > > > On Fri, 18 Sep 2020 at 09:05, Davyd McColl > > >> > > > > > > >> > wrote: > > >> > > > >> > > >> > > > >> Hi all > > >> > > > >> > > >> > > > >> I have another potential release available: 2.0.11, tagged as > > >> > rc/2.0.11 > > >> > > > >> > > >> > > > >> Changes are really minor: > > >> > > > >> - fixed assembly versioning (all assemblies should report > > >> > > > >> 2.0.11.0 > > >> > as their > > >> > > > >> version now) > > >> > > > >> - properly dispose of StreamWriters within logging appenders > > >> > (thanks to > > >> > > > >> @NicholasNoise) > > >> > > > >> > > >> > > > >> Binaries are up at > > >> > > > >> https://github.com/apache/logging-log4net/releases/tag/rc%2F2.0.11 > > >> > and I've > > >> > > > >> pushed to asf-staging for logging, now up at > > >> > > > >> https://logging.staged.apache.org/log4net/download_log4net.html > > >> > > > >> > > >> > > > >> Thanks > > >> > > > >> -d > > >> > > > > > > >> > > > > > > >> > > > > > > >> > > > > -- > > >> > > > > Matt Sicker > > >> > > > > >> > > > > >> > > > > >> > > -- > > >> > > Matt Sicker > > >> > > > >> > > > >> > > > >> > -- > > >> > Matt Sicker > > >> > > > > > > > > > > > > > -- > > > Matt Sicker > > > > -- > Matt Sicker -- Matt Sicker
Re: [VOTE] [log4net] Release 2.0.11
The KEYS file [1] that's linked on the download page does not have your key in it. Neither does other KEYS file [2]. Check out [3] for more info. [1]: https://downloads.apache.org/logging/log4net/KEYS [2]: https://downloads.apache.org/logging/KEYS [3]: https://infra.apache.org/release-signing.html#keys-policy On Sat, 19 Sep 2020 at 12:48, Davyd McColl wrote: > > Thanks Matt, I've done so. Hopefully that makes it easier to verify > artifacts that I have signed. > > -d > > > On September 18, 2020 23:11:48 Matt Sicker wrote: > > > If you upload your key to your GitHub profile, that also makes it > > simple to find. For example, just add ".gpg" to your profile URL: > > https://github.com/fluffynuts.gpg > > > > On Fri, 18 Sep 2020 at 16:08, Remko Popma wrote: > >> > >> +1 remko > >> > >> On Sat, Sep 19, 2020 at 5:56 AM Matt Sicker wrote: > >> > >> > How about your gpg key? I don't think we've imported that to the KEYS > >> > file as far as I can tell? > >> > > >> > On Fri, 18 Sep 2020 at 15:53, Matt Sicker wrote: > >> > > > >> > > Oh sorry, I didn't notice that you uploaded them there (wasn't even > >> > > aware that it was possible to be honest). > >> > > > >> > > On Fri, 18 Sep 2020 at 14:43, Davyd McColl wrote: > >> > > > > >> > > > Hi Matt > >> > > > > >> > > > Release artifacts are available on the GitHub release page > >> > > > (https://GitHub.com/Apache/logging-log4net/releases) - expand the > >> > assets > >> > > > list if it's collapsed. > >> > > > > >> > > > I'll need someone to upload them to the downloads source as I think I > >> > don't > >> > > > have access to do so (if I'm wrong, I'd love to be corrected, because > >> > I'd > >> > > > be less of an annoyance then!). Ralph has stepped in to help here in > >> > the past. > >> > > > > >> > > > -d > >> > > > > >> > > > > >> > > > On September 18, 2020 20:09:07 Matt Sicker wrote: > >> > > > > >> > > > > Do you have links to the release artifacts? The download page links > >> > to > >> > > > > the live site which doesn't have the artifacts yet since they're > >> > > > > not > >> > > > > released yet. :) > >> > > > > > >> > > > > On Fri, 18 Sep 2020 at 09:05, Davyd McColl > >> > > > > > >> > wrote: > >> > > > >> > >> > > > >> Hi all > >> > > > >> > >> > > > >> I have another potential release available: 2.0.11, tagged as > >> > rc/2.0.11 > >> > > > >> > >> > > > >> Changes are really minor: > >> > > > >> - fixed assembly versioning (all assemblies should report 2.0.11.0 > >> > as their > >> > > > >> version now) > >> > > > >> - properly dispose of StreamWriters within logging appenders > >> > (thanks to > >> > > > >> @NicholasNoise) > >> > > > >> > >> > > > >> Binaries are up at > >> > > > >> https://github.com/apache/logging-log4net/releases/tag/rc%2F2.0.11 > >> > and I've > >> > > > >> pushed to asf-staging for logging, now up at > >> > > > >> https://logging.staged.apache.org/log4net/download_log4net.html > >> > > > >> > >> > > > >> Thanks > >> > > > >> -d > >> > > > > > >> > > > > > >> > > > > > >> > > > > -- > >> > > > > Matt Sicker > >> > > > >> > > > >> > > > >> > > -- > >> > > Matt Sicker > >> > > >> > > >> > > >> > -- > >> > Matt Sicker > >> > > > > > > > > > -- > > Matt Sicker -- Matt Sicker
Re: [VOTE] [log4net] Release 2.0.11
Thanks Matt, I've done so. Hopefully that makes it easier to verify artifacts that I have signed. -d On September 18, 2020 23:11:48 Matt Sicker wrote: If you upload your key to your GitHub profile, that also makes it simple to find. For example, just add ".gpg" to your profile URL: https://github.com/fluffynuts.gpg On Fri, 18 Sep 2020 at 16:08, Remko Popma wrote: +1 remko On Sat, Sep 19, 2020 at 5:56 AM Matt Sicker wrote: > How about your gpg key? I don't think we've imported that to the KEYS > file as far as I can tell? > > On Fri, 18 Sep 2020 at 15:53, Matt Sicker wrote: > > > > Oh sorry, I didn't notice that you uploaded them there (wasn't even > > aware that it was possible to be honest). > > > > On Fri, 18 Sep 2020 at 14:43, Davyd McColl wrote: > > > > > > Hi Matt > > > > > > Release artifacts are available on the GitHub release page > > > (https://GitHub.com/Apache/logging-log4net/releases) - expand the > assets > > > list if it's collapsed. > > > > > > I'll need someone to upload them to the downloads source as I think I > don't > > > have access to do so (if I'm wrong, I'd love to be corrected, because > I'd > > > be less of an annoyance then!). Ralph has stepped in to help here in > the past. > > > > > > -d > > > > > > > > > On September 18, 2020 20:09:07 Matt Sicker wrote: > > > > > > > Do you have links to the release artifacts? The download page links > to > > > > the live site which doesn't have the artifacts yet since they're not > > > > released yet. :) > > > > > > > > On Fri, 18 Sep 2020 at 09:05, Davyd McColl > wrote: > > > >> > > > >> Hi all > > > >> > > > >> I have another potential release available: 2.0.11, tagged as > rc/2.0.11 > > > >> > > > >> Changes are really minor: > > > >> - fixed assembly versioning (all assemblies should report 2.0.11.0 > as their > > > >> version now) > > > >> - properly dispose of StreamWriters within logging appenders > (thanks to > > > >> @NicholasNoise) > > > >> > > > >> Binaries are up at > > > >> https://github.com/apache/logging-log4net/releases/tag/rc%2F2.0.11 > and I've > > > >> pushed to asf-staging for logging, now up at > > > >> https://logging.staged.apache.org/log4net/download_log4net.html > > > >> > > > >> Thanks > > > >> -d > > > > > > > > > > > > > > > > -- > > > > Matt Sicker > > > > > > > > -- > > Matt Sicker > > > > -- > Matt Sicker > -- Matt Sicker
Re: [VOTE] [log4net] Release 2.0.11
Hi Matt Ralph mentioned last time that my key had been incorporated and that I should sign myself (which I did), but I like the idea of making it easily available at GitHub too. I'll do that when I get a moment. -d On September 18, 2020 23:11:48 Matt Sicker wrote: If you upload your key to your GitHub profile, that also makes it simple to find. For example, just add ".gpg" to your profile URL: https://github.com/fluffynuts.gpg On Fri, 18 Sep 2020 at 16:08, Remko Popma wrote: +1 remko On Sat, Sep 19, 2020 at 5:56 AM Matt Sicker wrote: > How about your gpg key? I don't think we've imported that to the KEYS > file as far as I can tell? > > On Fri, 18 Sep 2020 at 15:53, Matt Sicker wrote: > > > > Oh sorry, I didn't notice that you uploaded them there (wasn't even > > aware that it was possible to be honest). > > > > On Fri, 18 Sep 2020 at 14:43, Davyd McColl wrote: > > > > > > Hi Matt > > > > > > Release artifacts are available on the GitHub release page > > > (https://GitHub.com/Apache/logging-log4net/releases) - expand the > assets > > > list if it's collapsed. > > > > > > I'll need someone to upload them to the downloads source as I think I > don't > > > have access to do so (if I'm wrong, I'd love to be corrected, because > I'd > > > be less of an annoyance then!). Ralph has stepped in to help here in > the past. > > > > > > -d > > > > > > > > > On September 18, 2020 20:09:07 Matt Sicker wrote: > > > > > > > Do you have links to the release artifacts? The download page links > to > > > > the live site which doesn't have the artifacts yet since they're not > > > > released yet. :) > > > > > > > > On Fri, 18 Sep 2020 at 09:05, Davyd McColl > wrote: > > > >> > > > >> Hi all > > > >> > > > >> I have another potential release available: 2.0.11, tagged as > rc/2.0.11 > > > >> > > > >> Changes are really minor: > > > >> - fixed assembly versioning (all assemblies should report 2.0.11.0 > as their > > > >> version now) > > > >> - properly dispose of StreamWriters within logging appenders > (thanks to > > > >> @NicholasNoise) > > > >> > > > >> Binaries are up at > > > >> https://github.com/apache/logging-log4net/releases/tag/rc%2F2.0.11 > and I've > > > >> pushed to asf-staging for logging, now up at > > > >> https://logging.staged.apache.org/log4net/download_log4net.html > > > >> > > > >> Thanks > > > >> -d > > > > > > > > > > > > > > > > -- > > > > Matt Sicker > > > > > > > > -- > > Matt Sicker > > > > -- > Matt Sicker > -- Matt Sicker
Re: [VOTE] [log4net] Release 2.0.11
If you upload your key to your GitHub profile, that also makes it simple to find. For example, just add ".gpg" to your profile URL: https://github.com/fluffynuts.gpg On Fri, 18 Sep 2020 at 16:08, Remko Popma wrote: > > +1 remko > > On Sat, Sep 19, 2020 at 5:56 AM Matt Sicker wrote: > > > How about your gpg key? I don't think we've imported that to the KEYS > > file as far as I can tell? > > > > On Fri, 18 Sep 2020 at 15:53, Matt Sicker wrote: > > > > > > Oh sorry, I didn't notice that you uploaded them there (wasn't even > > > aware that it was possible to be honest). > > > > > > On Fri, 18 Sep 2020 at 14:43, Davyd McColl wrote: > > > > > > > > Hi Matt > > > > > > > > Release artifacts are available on the GitHub release page > > > > (https://GitHub.com/Apache/logging-log4net/releases) - expand the > > assets > > > > list if it's collapsed. > > > > > > > > I'll need someone to upload them to the downloads source as I think I > > don't > > > > have access to do so (if I'm wrong, I'd love to be corrected, because > > I'd > > > > be less of an annoyance then!). Ralph has stepped in to help here in > > the past. > > > > > > > > -d > > > > > > > > > > > > On September 18, 2020 20:09:07 Matt Sicker wrote: > > > > > > > > > Do you have links to the release artifacts? The download page links > > to > > > > > the live site which doesn't have the artifacts yet since they're not > > > > > released yet. :) > > > > > > > > > > On Fri, 18 Sep 2020 at 09:05, Davyd McColl > > wrote: > > > > >> > > > > >> Hi all > > > > >> > > > > >> I have another potential release available: 2.0.11, tagged as > > rc/2.0.11 > > > > >> > > > > >> Changes are really minor: > > > > >> - fixed assembly versioning (all assemblies should report 2.0.11.0 > > as their > > > > >> version now) > > > > >> - properly dispose of StreamWriters within logging appenders > > (thanks to > > > > >> @NicholasNoise) > > > > >> > > > > >> Binaries are up at > > > > >> https://github.com/apache/logging-log4net/releases/tag/rc%2F2.0.11 > > and I've > > > > >> pushed to asf-staging for logging, now up at > > > > >> https://logging.staged.apache.org/log4net/download_log4net.html > > > > >> > > > > >> Thanks > > > > >> -d > > > > > > > > > > > > > > > > > > > > -- > > > > > Matt Sicker > > > > > > > > > > > > -- > > > Matt Sicker > > > > > > > > -- > > Matt Sicker > > -- Matt Sicker
Re: [VOTE] [log4net] Release 2.0.11
+1 remko On Sat, Sep 19, 2020 at 5:56 AM Matt Sicker wrote: > How about your gpg key? I don't think we've imported that to the KEYS > file as far as I can tell? > > On Fri, 18 Sep 2020 at 15:53, Matt Sicker wrote: > > > > Oh sorry, I didn't notice that you uploaded them there (wasn't even > > aware that it was possible to be honest). > > > > On Fri, 18 Sep 2020 at 14:43, Davyd McColl wrote: > > > > > > Hi Matt > > > > > > Release artifacts are available on the GitHub release page > > > (https://GitHub.com/Apache/logging-log4net/releases) - expand the > assets > > > list if it's collapsed. > > > > > > I'll need someone to upload them to the downloads source as I think I > don't > > > have access to do so (if I'm wrong, I'd love to be corrected, because > I'd > > > be less of an annoyance then!). Ralph has stepped in to help here in > the past. > > > > > > -d > > > > > > > > > On September 18, 2020 20:09:07 Matt Sicker wrote: > > > > > > > Do you have links to the release artifacts? The download page links > to > > > > the live site which doesn't have the artifacts yet since they're not > > > > released yet. :) > > > > > > > > On Fri, 18 Sep 2020 at 09:05, Davyd McColl > wrote: > > > >> > > > >> Hi all > > > >> > > > >> I have another potential release available: 2.0.11, tagged as > rc/2.0.11 > > > >> > > > >> Changes are really minor: > > > >> - fixed assembly versioning (all assemblies should report 2.0.11.0 > as their > > > >> version now) > > > >> - properly dispose of StreamWriters within logging appenders > (thanks to > > > >> @NicholasNoise) > > > >> > > > >> Binaries are up at > > > >> https://github.com/apache/logging-log4net/releases/tag/rc%2F2.0.11 > and I've > > > >> pushed to asf-staging for logging, now up at > > > >> https://logging.staged.apache.org/log4net/download_log4net.html > > > >> > > > >> Thanks > > > >> -d > > > > > > > > > > > > > > > > -- > > > > Matt Sicker > > > > > > > > -- > > Matt Sicker > > > > -- > Matt Sicker >
Re: [VOTE] [log4net] Release 2.0.11
How about your gpg key? I don't think we've imported that to the KEYS file as far as I can tell? On Fri, 18 Sep 2020 at 15:53, Matt Sicker wrote: > > Oh sorry, I didn't notice that you uploaded them there (wasn't even > aware that it was possible to be honest). > > On Fri, 18 Sep 2020 at 14:43, Davyd McColl wrote: > > > > Hi Matt > > > > Release artifacts are available on the GitHub release page > > (https://GitHub.com/Apache/logging-log4net/releases) - expand the assets > > list if it's collapsed. > > > > I'll need someone to upload them to the downloads source as I think I don't > > have access to do so (if I'm wrong, I'd love to be corrected, because I'd > > be less of an annoyance then!). Ralph has stepped in to help here in the > > past. > > > > -d > > > > > > On September 18, 2020 20:09:07 Matt Sicker wrote: > > > > > Do you have links to the release artifacts? The download page links to > > > the live site which doesn't have the artifacts yet since they're not > > > released yet. :) > > > > > > On Fri, 18 Sep 2020 at 09:05, Davyd McColl > > > wrote: > > >> > > >> Hi all > > >> > > >> I have another potential release available: 2.0.11, tagged as rc/2.0.11 > > >> > > >> Changes are really minor: > > >> - fixed assembly versioning (all assemblies should report 2.0.11.0 as > > >> their > > >> version now) > > >> - properly dispose of StreamWriters within logging appenders (thanks to > > >> @NicholasNoise) > > >> > > >> Binaries are up at > > >> https://github.com/apache/logging-log4net/releases/tag/rc%2F2.0.11 and > > >> I've > > >> pushed to asf-staging for logging, now up at > > >> https://logging.staged.apache.org/log4net/download_log4net.html > > >> > > >> Thanks > > >> -d > > > > > > > > > > > > -- > > > Matt Sicker > > > > -- > Matt Sicker -- Matt Sicker
Re: [VOTE] [log4net] Release 2.0.11
Oh sorry, I didn't notice that you uploaded them there (wasn't even aware that it was possible to be honest). On Fri, 18 Sep 2020 at 14:43, Davyd McColl wrote: > > Hi Matt > > Release artifacts are available on the GitHub release page > (https://GitHub.com/Apache/logging-log4net/releases) - expand the assets > list if it's collapsed. > > I'll need someone to upload them to the downloads source as I think I don't > have access to do so (if I'm wrong, I'd love to be corrected, because I'd > be less of an annoyance then!). Ralph has stepped in to help here in the past. > > -d > > > On September 18, 2020 20:09:07 Matt Sicker wrote: > > > Do you have links to the release artifacts? The download page links to > > the live site which doesn't have the artifacts yet since they're not > > released yet. :) > > > > On Fri, 18 Sep 2020 at 09:05, Davyd McColl wrote: > >> > >> Hi all > >> > >> I have another potential release available: 2.0.11, tagged as rc/2.0.11 > >> > >> Changes are really minor: > >> - fixed assembly versioning (all assemblies should report 2.0.11.0 as their > >> version now) > >> - properly dispose of StreamWriters within logging appenders (thanks to > >> @NicholasNoise) > >> > >> Binaries are up at > >> https://github.com/apache/logging-log4net/releases/tag/rc%2F2.0.11 and I've > >> pushed to asf-staging for logging, now up at > >> https://logging.staged.apache.org/log4net/download_log4net.html > >> > >> Thanks > >> -d > > > > > > > > -- > > Matt Sicker -- Matt Sicker
Re: [VOTE] [log4net] Release 2.0.11
Hi Matt Release artifacts are available on the GitHub release page (https://GitHub.com/Apache/logging-log4net/releases) - expand the assets list if it's collapsed. I'll need someone to upload them to the downloads source as I think I don't have access to do so (if I'm wrong, I'd love to be corrected, because I'd be less of an annoyance then!). Ralph has stepped in to help here in the past. -d On September 18, 2020 20:09:07 Matt Sicker wrote: Do you have links to the release artifacts? The download page links to the live site which doesn't have the artifacts yet since they're not released yet. :) On Fri, 18 Sep 2020 at 09:05, Davyd McColl wrote: Hi all I have another potential release available: 2.0.11, tagged as rc/2.0.11 Changes are really minor: - fixed assembly versioning (all assemblies should report 2.0.11.0 as their version now) - properly dispose of StreamWriters within logging appenders (thanks to @NicholasNoise) Binaries are up at https://github.com/apache/logging-log4net/releases/tag/rc%2F2.0.11 and I've pushed to asf-staging for logging, now up at https://logging.staged.apache.org/log4net/download_log4net.html Thanks -d -- Matt Sicker
Re: [VOTE] [log4net] Release 2.0.11
Do you have links to the release artifacts? The download page links to the live site which doesn't have the artifacts yet since they're not released yet. :) On Fri, 18 Sep 2020 at 09:05, Davyd McColl wrote: > > Hi all > > I have another potential release available: 2.0.11, tagged as rc/2.0.11 > > Changes are really minor: > - fixed assembly versioning (all assemblies should report 2.0.11.0 as their > version now) > - properly dispose of StreamWriters within logging appenders (thanks to > @NicholasNoise) > > Binaries are up at > https://github.com/apache/logging-log4net/releases/tag/rc%2F2.0.11 and I've > pushed to asf-staging for logging, now up at > https://logging.staged.apache.org/log4net/download_log4net.html > > Thanks > -d -- Matt Sicker