Re: [VOTE] [log4net] Release 2.0.11

[Ralph Goers]

Yeah, now that you point that out the artifact I looked at was the one in the 
original email in this thread - 2.0.11.zip.  I can’t say what everyone else 
voted on.

Ralph

> On Oct 26, 2020, at 7:41 AM, Davyd McColl  wrote:
> 
> Ralph, I think this thread has been a little confused along the way -- I see 
> that the title of this mail includes the version 2.0.11, but the current 
> release is 2.0.12, which includes the versioning fix mentioned in this 
> thread, as well as fixes for LOG4NET-(652|653) wherein the username 
> associated with the current thread was not being properly handled on 
> non-win32 targets (and was, in fact, throwing an exception). I'm not entirely 
> sure when the confusion settled in, but the initial vote was set off on 
> Friday 23 October, and was voted +1 by both Remko and Matt, however your 
> response has been to this thread, so I'd like to double-check whether your 
> vote is for the 2.0.12 release? I know the cat's kinda out the proverbial 
> bag... however, before I go declaring that I have 3 votes on 2.0.12, I'd like 
> to make sure!
> 
> I swear, one of these days I'm going to do a release without a hiccup :|
> 
> -d
> 
> On 2020/10/26 16:35:46, Davyd McColl  wrote:
> Hi Matt
> 
> Thanks, I still forget some of the dots and crosses ):
> 
> -d
> 
> On 2020/10/26 16:20:58, Matt Sicker  wrote:
> Yes, an email confirming the vote passed along with the tally. Then,
> after everything has been uploaded and mirrored, we can send an
> announcement email about the release.
> 
> On Mon, 26 Oct 2020 at 06:58, Davyd McColl wrote:
>> 
>> By results, I understand you mean a tally? There were only three votes, all
>> positive. I've pushed the nupkg.
>> 
>> -d
>> 
>> 
>> On October 26, 2020 13:35:15 Apache wrote:
>> 
>>> You need to close the vote thread with the results first before performing
>>> the final release steps.
>>> 
>>> Ralph
>>> 
 On Oct 25, 2020, at 11:24 PM, Davyd McColl wrote:
 
 Thanks Ralph
 
 Could you assist with getting artifacts up to downloads.apache.org? I'm
 going to push the nupkg because people are waiting on it, and will have to
 set the new documentation live because people will expect it, but right
 now, the download links are broken.
 
 Thanks
 -d
 
 On 2020/10/25 01:21:15, Ralph Goers wrote:
 My +1
 
 Ralph
 
> On Sep 22, 2020, at 11:21 PM, Davyd McColl wrote:
> 
> Thanks all; I've completed the release as far as I can (Ralph, please push
> the relevant artifacts from
> https://github.com/apache/logging-log4net/releases/tag/rel%2F2.0.11 the
> last mile) and pushed the nuget package.
> 
> -d
> 
> On 2020/09/22 17:34:34, Matt Sicker wrote:
> +1
> 
>> On Tue, Sep 22, 2020 at 04:23 Dominik Psenner wrote:
>> 
>> +1
>> 
>> 
>> 
>> --
>> 
>> Sent from my phone. Typos are a kind gift to anyone who happens to find
>> 
>> them.
>> 
>> 
>> 
>>> On Tue, Sep 22, 2020, 08:37 Davyd McColl wrote:
>> 
>> 
>> 
>>> Hi all
>> 
>>> 
>> 
>>> I'd appreciate any more +1's (thanks, Remko!). I'd like to get this out
>> 
>>> the door because it fixes confusing versioning on the released binaries
>> (in
>> 
>>> particular, nuget consumers)
>> 
>>> 
>> 
>>> Thanks
>> 
>>> -d
>> 
 On 2020/09/20 22:33:49, Matt Sicker wrote:
>> 
>>> I can use whatever.
>> 
>>> 
>> 
 On Sun, 20 Sep 2020 at 15:26, Ralph Goers wrote:
>> 
 
>> 
 I don’t have google meet and I can’t use Skype since Microsoft hosed my
>> 
>>> authentication. I have zoom. My company uses Amazon Chime, which is
>> fairly
>> 
>>> new, as part of our product offering. I’ve sent you both emails for a
>> 
>>> meeting using that.
>> 
 
>> 
 Ralph
>> 
 
>> 
>> On Sep 20, 2020, at 1:01 PM, Matt Sicker wrote:
>> 
> 
>> 
> I sent a Google Meet invite to you.
>> 
> 
>> 
>> On Sun, 20 Sep 2020 at 14:26, Davyd McColl wrote:
>> 
>> 
>> 
>> I'm happy to be available at 8am my side, if that works for everyone
>> 
>>> else.
>> 
>> It sounds like earlier would be better, but I'm doing the morning
>> 
>>> school
>> 
>> run from 7am and can't guarantee I'll be back significantly before
>> 
>>> 8am.
>> 
>> 
>> 
>> How to do this? I have zoom and slack on my work machine, can
>> install
>> 
>> Skype if that's more convenient, can do google meet, I assume,
>> though
>> 
>> haven't ever tried, so may need a bit of a crash intro.
>> 
>> 
>> 
>> If posting meeting details to the mailing list is not on, feel free
>> to
>> 
>> email me directly (:
>> 

Re: [VOTE] [log4net] Release 2.0.11

[Davyd McColl]

Ralph, I think this thread has been a little confused along the way -- I see 
that the title of this mail includes the version 2.0.11, but the current 
release is 2.0.12, which includes the versioning fix mentioned in this thread, 
as well as fixes for LOG4NET-(652|653) wherein the username associated with the 
current thread was not being properly handled on non-win32 targets (and was, in 
fact, throwing an exception). I'm not entirely sure when the confusion settled 
in, but the initial vote was set off on Friday 23 October, and was voted +1 by 
both Remko and Matt, however your response has been to this thread, so I'd like 
to double-check whether your vote is for the 2.0.12 release? I know the cat's 
kinda out the proverbial bag... however, before I go declaring that I have 3 
votes on 2.0.12, I'd like to make sure!

I swear, one of these days I'm going to do a release without a hiccup :|

-d

On 2020/10/26 16:35:46, Davyd McColl  wrote:
Hi Matt

Thanks, I still forget some of the dots and crosses ):

-d

On 2020/10/26 16:20:58, Matt Sicker  wrote:
Yes, an email confirming the vote passed along with the tally. Then,
after everything has been uploaded and mirrored, we can send an
announcement email about the release.

On Mon, 26 Oct 2020 at 06:58, Davyd McColl wrote:
>
> By results, I understand you mean a tally? There were only three votes, all
> positive. I've pushed the nupkg.
>
> -d
>
>
> On October 26, 2020 13:35:15 Apache wrote:
>
> > You need to close the vote thread with the results first before performing
> > the final release steps.
> >
> > Ralph
> >
> >> On Oct 25, 2020, at 11:24 PM, Davyd McColl wrote:
> >>
> >> Thanks Ralph
> >>
> >> Could you assist with getting artifacts up to downloads.apache.org? I'm
> >> going to push the nupkg because people are waiting on it, and will have to
> >> set the new documentation live because people will expect it, but right
> >> now, the download links are broken.
> >>
> >> Thanks
> >> -d
> >>
> >> On 2020/10/25 01:21:15, Ralph Goers wrote:
> >> My +1
> >>
> >> Ralph
> >>
> >>> On Sep 22, 2020, at 11:21 PM, Davyd McColl wrote:
> >>>
> >>> Thanks all; I've completed the release as far as I can (Ralph, please push
> >>> the relevant artifacts from
> >>> https://github.com/apache/logging-log4net/releases/tag/rel%2F2.0.11 the
> >>> last mile) and pushed the nuget package.
> >>>
> >>> -d
> >>>
> >>> On 2020/09/22 17:34:34, Matt Sicker wrote:
> >>> +1
> >>>
>  On Tue, Sep 22, 2020 at 04:23 Dominik Psenner wrote:
> 
>  +1
> 
> 
> 
>  --
> 
>  Sent from my phone. Typos are a kind gift to anyone who happens to find
> 
>  them.
> 
> 
> 
> > On Tue, Sep 22, 2020, 08:37 Davyd McColl wrote:
> 
> 
> 
> > Hi all
> 
> >
> 
> > I'd appreciate any more +1's (thanks, Remko!). I'd like to get this out
> 
> > the door because it fixes confusing versioning on the released binaries
>  (in
> 
> > particular, nuget consumers)
> 
> >
> 
> > Thanks
> 
> > -d
> 
> >> On 2020/09/20 22:33:49, Matt Sicker wrote:
> 
> > I can use whatever.
> 
> >
> 
> >> On Sun, 20 Sep 2020 at 15:26, Ralph Goers wrote:
> 
> >>
> 
> >> I don’t have google meet and I can’t use Skype since Microsoft hosed my
> 
> > authentication. I have zoom. My company uses Amazon Chime, which is
>  fairly
> 
> > new, as part of our product offering. I’ve sent you both emails for a
> 
> > meeting using that.
> 
> >>
> 
> >> Ralph
> 
> >>
> 
>  On Sep 20, 2020, at 1:01 PM, Matt Sicker wrote:
> 
> >>>
> 
> >>> I sent a Google Meet invite to you.
> 
> >>>
> 
>  On Sun, 20 Sep 2020 at 14:26, Davyd McColl wrote:
> 
> 
> 
>  I'm happy to be available at 8am my side, if that works for everyone
> 
> > else.
> 
>  It sounds like earlier would be better, but I'm doing the morning
> 
> > school
> 
>  run from 7am and can't guarantee I'll be back significantly before
> 
> > 8am.
> 
> 
> 
>  How to do this? I have zoom and slack on my work machine, can
>  install
> 
>  Skype if that's more convenient, can do google meet, I assume,
>  though
> 
>  haven't ever tried, so may need a bit of a crash intro.
> 
> 
> 
>  If posting meeting details to the mailing list is not on, feel free
>  to
> 
>  email me directly (:
> 
> 
> 
>  -d
> 
> 
> 
> 
> 
> > On September 20, 2020 20:58:29 Ralph Goers wrote:
> 
> 
> 
> > 8am in Durban South Africa is 11pm the night before in Phoenix AZ.
> 
> > However, I frequently am up until midnight so that could work.
> 
> > 5-5:30 pm is
> 
> > 7:30-8 

Re: [VOTE] [log4net] Release 2.0.11

[Davyd McColl]

Hi Matt

Thanks, I still forget some of the dots and crosses ):

-d

On 2020/10/26 16:20:58, Matt Sicker  wrote:
Yes, an email confirming the vote passed along with the tally. Then,
after everything has been uploaded and mirrored, we can send an
announcement email about the release.

On Mon, 26 Oct 2020 at 06:58, Davyd McColl wrote:
>
> By results, I understand you mean a tally? There were only three votes, all
> positive. I've pushed the nupkg.
>
> -d
>
>
> On October 26, 2020 13:35:15 Apache wrote:
>
> > You need to close the vote thread with the results first before performing
> > the final release steps.
> >
> > Ralph
> >
> >> On Oct 25, 2020, at 11:24 PM, Davyd McColl wrote:
> >>
> >> Thanks Ralph
> >>
> >> Could you assist with getting artifacts up to downloads.apache.org? I'm
> >> going to push the nupkg because people are waiting on it, and will have to
> >> set the new documentation live because people will expect it, but right
> >> now, the download links are broken.
> >>
> >> Thanks
> >> -d
> >>
> >> On 2020/10/25 01:21:15, Ralph Goers wrote:
> >> My +1
> >>
> >> Ralph
> >>
> >>> On Sep 22, 2020, at 11:21 PM, Davyd McColl wrote:
> >>>
> >>> Thanks all; I've completed the release as far as I can (Ralph, please push
> >>> the relevant artifacts from
> >>> https://github.com/apache/logging-log4net/releases/tag/rel%2F2.0.11 the
> >>> last mile) and pushed the nuget package.
> >>>
> >>> -d
> >>>
> >>> On 2020/09/22 17:34:34, Matt Sicker wrote:
> >>> +1
> >>>
>  On Tue, Sep 22, 2020 at 04:23 Dominik Psenner wrote:
> 
>  +1
> 
> 
> 
>  --
> 
>  Sent from my phone. Typos are a kind gift to anyone who happens to find
> 
>  them.
> 
> 
> 
> > On Tue, Sep 22, 2020, 08:37 Davyd McColl wrote:
> 
> 
> 
> > Hi all
> 
> >
> 
> > I'd appreciate any more +1's (thanks, Remko!). I'd like to get this out
> 
> > the door because it fixes confusing versioning on the released binaries
>  (in
> 
> > particular, nuget consumers)
> 
> >
> 
> > Thanks
> 
> > -d
> 
> >> On 2020/09/20 22:33:49, Matt Sicker wrote:
> 
> > I can use whatever.
> 
> >
> 
> >> On Sun, 20 Sep 2020 at 15:26, Ralph Goers wrote:
> 
> >>
> 
> >> I don’t have google meet and I can’t use Skype since Microsoft hosed my
> 
> > authentication. I have zoom. My company uses Amazon Chime, which is
>  fairly
> 
> > new, as part of our product offering. I’ve sent you both emails for a
> 
> > meeting using that.
> 
> >>
> 
> >> Ralph
> 
> >>
> 
>  On Sep 20, 2020, at 1:01 PM, Matt Sicker wrote:
> 
> >>>
> 
> >>> I sent a Google Meet invite to you.
> 
> >>>
> 
>  On Sun, 20 Sep 2020 at 14:26, Davyd McColl wrote:
> 
> 
> 
>  I'm happy to be available at 8am my side, if that works for everyone
> 
> > else.
> 
>  It sounds like earlier would be better, but I'm doing the morning
> 
> > school
> 
>  run from 7am and can't guarantee I'll be back significantly before
> 
> > 8am.
> 
> 
> 
>  How to do this? I have zoom and slack on my work machine, can
>  install
> 
>  Skype if that's more convenient, can do google meet, I assume,
>  though
> 
>  haven't ever tried, so may need a bit of a crash intro.
> 
> 
> 
>  If posting meeting details to the mailing list is not on, feel free
>  to
> 
>  email me directly (:
> 
> 
> 
>  -d
> 
> 
> 
> 
> 
> > On September 20, 2020 20:58:29 Ralph Goers wrote:
> 
> 
> 
> > 8am in Durban South Africa is 11pm the night before in Phoenix AZ.
> 
> > However, I frequently am up until midnight so that could work.
> 
> > 5-5:30 pm is
> 
> > 7:30-8 am in Phoenix. I usually am not in front of my computer on a
> 
> > weekday
> 
> > until 8 am but on occasion I can do earlier.
> 
> >
> 
> > Ralph
> 
> >
> 
> >>> On Sep 20, 2020, at 9:46 AM, Davyd McColl wrote:
> 
> >>
> 
> >> Any time 08h00 - 17h30 utc+2, except 13h00-14h00 (that's when I
> 
> > fetch my
> 
> >> son from school)
> 
> >>
> 
> >> -d
> 
> >>
> 
> >>
> 
> >>> On September 20, 2020 18:44:19 Matt Sicker wrote:
> 
> >>
> 
> >>> We’re not quite as strict as Debian for keys (though if you can
> 
> > find a
> 
> >>> Debian group locally, they’re great for key signing). The video
> 
> > call idea
> 
> >>> could work for exchanging keys. What times would you be available
> 
> > to do
> 
> 

Re: [VOTE] [log4net] Release 2.0.11

[Matt Sicker]

Yes, an email confirming the vote passed along with the tally. Then,
after everything has been uploaded and mirrored, we can send an
announcement email about the release.

On Mon, 26 Oct 2020 at 06:58, Davyd McColl  wrote:
>
> By results, I understand you mean a tally? There were only three votes, all
> positive. I've pushed the nupkg.
>
> -d
>
>
> On October 26, 2020 13:35:15 Apache  wrote:
>
> > You need to close the vote thread with the results first before performing
> > the final release steps.
> >
> > Ralph
> >
> >> On Oct 25, 2020, at 11:24 PM, Davyd McColl  wrote:
> >>
> >> Thanks Ralph
> >>
> >> Could you assist with getting artifacts up to downloads.apache.org? I'm
> >> going to push the nupkg because people are waiting on it, and will have to
> >> set the new documentation live because people will expect it, but right
> >> now, the download links are broken.
> >>
> >> Thanks
> >> -d
> >>
> >> On 2020/10/25 01:21:15, Ralph Goers  wrote:
> >> My +1
> >>
> >> Ralph
> >>
> >>> On Sep 22, 2020, at 11:21 PM, Davyd McColl wrote:
> >>>
> >>> Thanks all; I've completed the release as far as I can (Ralph, please push
> >>> the relevant artifacts from
> >>> https://github.com/apache/logging-log4net/releases/tag/rel%2F2.0.11 the
> >>> last mile) and pushed the nuget package.
> >>>
> >>> -d
> >>>
> >>> On 2020/09/22 17:34:34, Matt Sicker wrote:
> >>> +1
> >>>
>  On Tue, Sep 22, 2020 at 04:23 Dominik Psenner wrote:
> 
>  +1
> 
> 
> 
>  --
> 
>  Sent from my phone. Typos are a kind gift to anyone who happens to find
> 
>  them.
> 
> 
> 
> > On Tue, Sep 22, 2020, 08:37 Davyd McColl wrote:
> 
> 
> 
> > Hi all
> 
> >
> 
> > I'd appreciate any more +1's (thanks, Remko!). I'd like to get this out
> 
> > the door because it fixes confusing versioning on the released binaries
>  (in
> 
> > particular, nuget consumers)
> 
> >
> 
> > Thanks
> 
> > -d
> 
> >> On 2020/09/20 22:33:49, Matt Sicker wrote:
> 
> > I can use whatever.
> 
> >
> 
> >> On Sun, 20 Sep 2020 at 15:26, Ralph Goers wrote:
> 
> >>
> 
> >> I don’t have google meet and I can’t use Skype since Microsoft hosed my
> 
> > authentication. I have zoom. My company uses Amazon Chime, which is
>  fairly
> 
> > new, as part of our product offering. I’ve sent you both emails for a
> 
> > meeting using that.
> 
> >>
> 
> >> Ralph
> 
> >>
> 
>  On Sep 20, 2020, at 1:01 PM, Matt Sicker wrote:
> 
> >>>
> 
> >>> I sent a Google Meet invite to you.
> 
> >>>
> 
>  On Sun, 20 Sep 2020 at 14:26, Davyd McColl wrote:
> 
> 
> 
>  I'm happy to be available at 8am my side, if that works for everyone
> 
> > else.
> 
>  It sounds like earlier would be better, but I'm doing the morning
> 
> > school
> 
>  run from 7am and can't guarantee I'll be back significantly before
> 
> > 8am.
> 
> 
> 
>  How to do this? I have zoom and slack on my work machine, can
>  install
> 
>  Skype if that's more convenient, can do google meet, I assume,
>  though
> 
>  haven't ever tried, so may need a bit of a crash intro.
> 
> 
> 
>  If posting meeting details to the mailing list is not on, feel free
>  to
> 
>  email me directly (:
> 
> 
> 
>  -d
> 
> 
> 
> 
> 
> > On September 20, 2020 20:58:29 Ralph Goers wrote:
> 
> 
> 
> > 8am in Durban South Africa is 11pm the night before in Phoenix AZ.
> 
> > However, I frequently am up until midnight so that could work.
> 
> > 5-5:30 pm is
> 
> > 7:30-8 am in Phoenix. I usually am not in front of my computer on a
> 
> > weekday
> 
> > until 8 am but on occasion I can do earlier.
> 
> >
> 
> > Ralph
> 
> >
> 
> >>> On Sep 20, 2020, at 9:46 AM, Davyd McColl wrote:
> 
> >>
> 
> >> Any time 08h00 - 17h30 utc+2, except 13h00-14h00 (that's when I
> 
> > fetch my
> 
> >> son from school)
> 
> >>
> 
> >> -d
> 
> >>
> 
> >>
> 
> >>> On September 20, 2020 18:44:19 Matt Sicker wrote:
> 
> >>
> 
> >>> We’re not quite as strict as Debian for keys (though if you can
> 
> > find a
> 
> >>> Debian group locally, they’re great for key signing). The video
> 
> > call idea
> 
> >>> could work for exchanging keys. What times would you be available
> 
> > to do
> 
> >>> that?
> 
> >>>
> 
>  On Sun, Sep 20, 2020 at 03:09 Davyd McColl wrote:

Re: [VOTE] [log4net] Release 2.0.11

[Davyd McColl]

By results, I understand you mean a tally? There were only three votes, all 
positive. I've pushed the nupkg.


-d


On October 26, 2020 13:35:15 Apache  wrote:

You need to close the vote thread with the results first before performing 
the final release steps.


Ralph


On Oct 25, 2020, at 11:24 PM, Davyd McColl  wrote:

Thanks Ralph

Could you assist with getting artifacts up to downloads.apache.org? I'm 
going to push the nupkg because people are waiting on it, and will have to 
set the new documentation live because people will expect it, but right 
now, the download links are broken.


Thanks
-d

On 2020/10/25 01:21:15, Ralph Goers  wrote:
My +1

Ralph


On Sep 22, 2020, at 11:21 PM, Davyd McColl wrote:

Thanks all; I've completed the release as far as I can (Ralph, please push 
the relevant artifacts from 
https://github.com/apache/logging-log4net/releases/tag/rel%2F2.0.11 the 
last mile) and pushed the nuget package.


-d

On 2020/09/22 17:34:34, Matt Sicker wrote:
+1


On Tue, Sep 22, 2020 at 04:23 Dominik Psenner wrote:

+1



--

Sent from my phone. Typos are a kind gift to anyone who happens to find

them.




On Tue, Sep 22, 2020, 08:37 Davyd McColl wrote:





Hi all







I'd appreciate any more +1's (thanks, Remko!). I'd like to get this out



the door because it fixes confusing versioning on the released binaries

(in


particular, nuget consumers)







Thanks



-d



On 2020/09/20 22:33:49, Matt Sicker wrote:



I can use whatever.







On Sun, 20 Sep 2020 at 15:26, Ralph Goers wrote:







I don’t have google meet and I can’t use Skype since Microsoft hosed my



authentication. I have zoom. My company uses Amazon Chime, which is

fairly


new, as part of our product offering. I’ve sent you both emails for a



meeting using that.







Ralph







On Sep 20, 2020, at 1:01 PM, Matt Sicker wrote:







I sent a Google Meet invite to you.







On Sun, 20 Sep 2020 at 14:26, Davyd McColl wrote:







I'm happy to be available at 8am my side, if that works for everyone



else.



It sounds like earlier would be better, but I'm doing the morning



school



run from 7am and can't guarantee I'll be back significantly before



8am.







How to do this? I have zoom and slack on my work machine, can

install


Skype if that's more convenient, can do google meet, I assume,

though


haven't ever tried, so may need a bit of a crash intro.







If posting meeting details to the mailing list is not on, feel free

to


email me directly (:







-d











On September 20, 2020 20:58:29 Ralph Goers wrote:







8am in Durban South Africa is 11pm the night before in Phoenix AZ.



However, I frequently am up until midnight so that could work.



5-5:30 pm is



7:30-8 am in Phoenix. I usually am not in front of my computer on a



weekday



until 8 am but on occasion I can do earlier.







Ralph







On Sep 20, 2020, at 9:46 AM, Davyd McColl wrote:







Any time 08h00 - 17h30 utc+2, except 13h00-14h00 (that's when I



fetch my



son from school)







-d











On September 20, 2020 18:44:19 Matt Sicker wrote:







We’re not quite as strict as Debian for keys (though if you can



find a



Debian group locally, they’re great for key signing). The video



call idea



could work for exchanging keys. What times would you be available



to do



that?







On Sun, Sep 20, 2020 at 03:09 Davyd McColl wrote:







Hi Ralph















I think I miscommunicated: I'm not regenerating my signing key -



just the







nuget API key for package upload. This forces me to log in in



nuget.org







which has 2fa and then I only use that key on the cli for the



immediate



upload.















My gpg key as at https://GitHub.com/fluffynuts.gpg is the same



that I



used







last time.















-d























On September 20, 2020 09:01:36 Ralph Goers



wrote:















In the long run you don’t want to be regenerating your signing



key for







every release. The point is that you would upload the key to a



central







keystore and other people would sign it there. At ApacheCon we



would



have a







key signing “party” where we recorded each others keys and then



would



take







our list and update the central keystore. When people verify

the


key



they







can look at the keystore and see that it is signed by a number

of


people,







who then have their keys by a number of people and so on so you



are







building a web of trust. Sooner or later there will be someone



in that



web







that you personally know and trust.















Ralph















On Sep 19, 2020, at 11:26 PM, Davyd McColl wrote:















Thanks Matt, I've updated the artifacts on GitHub to have



detached







signatures. I had previously also uploaded my key to



sks-keyservers.net,











but I've also uploaded to MIT, though search there always

times


out.















The document 

Re: [VOTE] [log4net] Release 2.0.11

[Apache]

You need to close the vote thread with the results first before performing the 
final release steps.

Ralph

> On Oct 25, 2020, at 11:24 PM, Davyd McColl  wrote:
> 
> Thanks Ralph
> 
> Could you assist with getting artifacts up to downloads.apache.org? I'm going 
> to push the nupkg because people are waiting on it, and will have to set the 
> new documentation live because people will expect it, but right now, the 
> download links are broken.
> 
> Thanks
> -d
> 
> On 2020/10/25 01:21:15, Ralph Goers  wrote:
> My +1
> 
> Ralph
> 
>> On Sep 22, 2020, at 11:21 PM, Davyd McColl wrote:
>> 
>> Thanks all; I've completed the release as far as I can (Ralph, please push 
>> the relevant artifacts from 
>> https://github.com/apache/logging-log4net/releases/tag/rel%2F2.0.11 the last 
>> mile) and pushed the nuget package.
>> 
>> -d
>> 
>> On 2020/09/22 17:34:34, Matt Sicker wrote:
>> +1
>> 
>>> On Tue, Sep 22, 2020 at 04:23 Dominik Psenner wrote:
>>> 
>>> +1
>>> 
>>> 
>>> 
>>> --
>>> 
>>> Sent from my phone. Typos are a kind gift to anyone who happens to find
>>> 
>>> them.
>>> 
>>> 
>>> 
 On Tue, Sep 22, 2020, 08:37 Davyd McColl wrote:
>>> 
>>> 
>>> 
 Hi all
>>> 
 
>>> 
 I'd appreciate any more +1's (thanks, Remko!). I'd like to get this out
>>> 
 the door because it fixes confusing versioning on the released binaries
>>> (in
>>> 
 particular, nuget consumers)
>>> 
 
>>> 
 Thanks
>>> 
 -d
>>> 
> On 2020/09/20 22:33:49, Matt Sicker wrote:
>>> 
 I can use whatever.
>>> 
 
>>> 
> On Sun, 20 Sep 2020 at 15:26, Ralph Goers wrote:
>>> 
> 
>>> 
> I don’t have google meet and I can’t use Skype since Microsoft hosed my
>>> 
 authentication. I have zoom. My company uses Amazon Chime, which is
>>> fairly
>>> 
 new, as part of our product offering. I’ve sent you both emails for a
>>> 
 meeting using that.
>>> 
> 
>>> 
> Ralph
>>> 
> 
>>> 
>>> On Sep 20, 2020, at 1:01 PM, Matt Sicker wrote:
>>> 
>> 
>>> 
>> I sent a Google Meet invite to you.
>>> 
>> 
>>> 
>>> On Sun, 20 Sep 2020 at 14:26, Davyd McColl wrote:
>>> 
>>> 
>>> 
>>> I'm happy to be available at 8am my side, if that works for everyone
>>> 
 else.
>>> 
>>> It sounds like earlier would be better, but I'm doing the morning
>>> 
 school
>>> 
>>> run from 7am and can't guarantee I'll be back significantly before
>>> 
 8am.
>>> 
>>> 
>>> 
>>> How to do this? I have zoom and slack on my work machine, can
>>> install
>>> 
>>> Skype if that's more convenient, can do google meet, I assume,
>>> though
>>> 
>>> haven't ever tried, so may need a bit of a crash intro.
>>> 
>>> 
>>> 
>>> If posting meeting details to the mailing list is not on, feel free
>>> to
>>> 
>>> email me directly (:
>>> 
>>> 
>>> 
>>> -d
>>> 
>>> 
>>> 
>>> 
>>> 
 On September 20, 2020 20:58:29 Ralph Goers wrote:
>>> 
>>> 
>>> 
 8am in Durban South Africa is 11pm the night before in Phoenix AZ.
>>> 
 However, I frequently am up until midnight so that could work.
>>> 
 5-5:30 pm is
>>> 
 7:30-8 am in Phoenix. I usually am not in front of my computer on a
>>> 
 weekday
>>> 
 until 8 am but on occasion I can do earlier.
>>> 
 
>>> 
 Ralph
>>> 
 
>>> 
>> On Sep 20, 2020, at 9:46 AM, Davyd McColl wrote:
>>> 
> 
>>> 
> Any time 08h00 - 17h30 utc+2, except 13h00-14h00 (that's when I
>>> 
 fetch my
>>> 
> son from school)
>>> 
> 
>>> 
> -d
>>> 
> 
>>> 
> 
>>> 
>> On September 20, 2020 18:44:19 Matt Sicker wrote:
>>> 
> 
>>> 
>> We’re not quite as strict as Debian for keys (though if you can
>>> 
 find a
>>> 
>> Debian group locally, they’re great for key signing). The video
>>> 
 call idea
>>> 
>> could work for exchanging keys. What times would you be available
>>> 
 to do
>>> 
>> that?
>>> 
>> 
>>> 
>>> On Sun, Sep 20, 2020 at 03:09 Davyd McColl wrote:
>>> 
>> 
>>> 
>>> Hi Ralph
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> I think I miscommunicated: I'm not regenerating my signing key -
>>> 
 just the
>>> 
>>> 
>>> 
>>> nuget API key for package upload. This forces me to log in in
>>> 
 nuget.org
>>> 
>>> 
>>> 
>>> which has 2fa and then I only use that key on the cli for the
>>> 
 immediate
>>> 
>>> upload.
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> My gpg key as at https://GitHub.com/fluffynuts.gpg is the same
>>> 
 that I
>>> 
>>> used
>>> 
>>> 
>>> 
>>> last time.
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> -d
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> On September 20, 2020 09:01:36 

Re: [VOTE] [log4net] Release 2.0.11

[Davyd McColl]

Thanks Ralph

Could you assist with getting artifacts up to downloads.apache.org? I'm going 
to push the nupkg because people are waiting on it, and will have to set the 
new documentation live because people will expect it, but right now, the 
download links are broken.

Thanks
-d

On 2020/10/25 01:21:15, Ralph Goers  wrote:
My +1

Ralph

> On Sep 22, 2020, at 11:21 PM, Davyd McColl wrote:
>
> Thanks all; I've completed the release as far as I can (Ralph, please push 
> the relevant artifacts from 
> https://github.com/apache/logging-log4net/releases/tag/rel%2F2.0.11 the last 
> mile) and pushed the nuget package.
>
> -d
>
> On 2020/09/22 17:34:34, Matt Sicker wrote:
> +1
>
> On Tue, Sep 22, 2020 at 04:23 Dominik Psenner wrote:
>
>> +1
>>
>>
>>
>> --
>>
>> Sent from my phone. Typos are a kind gift to anyone who happens to find
>>
>> them.
>>
>>
>>
>> On Tue, Sep 22, 2020, 08:37 Davyd McColl wrote:
>>
>>
>>
>>> Hi all
>>
>>>
>>
>>> I'd appreciate any more +1's (thanks, Remko!). I'd like to get this out
>>
>>> the door because it fixes confusing versioning on the released binaries
>> (in
>>
>>> particular, nuget consumers)
>>
>>>
>>
>>> Thanks
>>
>>> -d
>>
>>> On 2020/09/20 22:33:49, Matt Sicker wrote:
>>
>>> I can use whatever.
>>
>>>
>>
>>> On Sun, 20 Sep 2020 at 15:26, Ralph Goers wrote:
>>

>>
 I don’t have google meet and I can’t use Skype since Microsoft hosed my
>>
>>> authentication. I have zoom. My company uses Amazon Chime, which is
>> fairly
>>
>>> new, as part of our product offering. I’ve sent you both emails for a
>>
>>> meeting using that.
>>

>>
 Ralph
>>

>>
> On Sep 20, 2020, at 1:01 PM, Matt Sicker wrote:
>>
>
>>
> I sent a Google Meet invite to you.
>>
>
>>
> On Sun, 20 Sep 2020 at 14:26, Davyd McColl wrote:
>>
>>
>>
>> I'm happy to be available at 8am my side, if that works for everyone
>>
>>> else.
>>
>> It sounds like earlier would be better, but I'm doing the morning
>>
>>> school
>>
>> run from 7am and can't guarantee I'll be back significantly before
>>
>>> 8am.
>>
>>
>>
>> How to do this? I have zoom and slack on my work machine, can
>> install
>>
>> Skype if that's more convenient, can do google meet, I assume,
>> though
>>
>> haven't ever tried, so may need a bit of a crash intro.
>>
>>
>>
>> If posting meeting details to the mailing list is not on, feel free
>> to
>>
>> email me directly (:
>>
>>
>>
>> -d
>>
>>
>>
>>
>>
>> On September 20, 2020 20:58:29 Ralph Goers wrote:
>>
>>
>>
>>> 8am in Durban South Africa is 11pm the night before in Phoenix AZ.
>>
>>> However, I frequently am up until midnight so that could work.
>>
>>> 5-5:30 pm is
>>
>>> 7:30-8 am in Phoenix. I usually am not in front of my computer on a
>>
>>> weekday
>>
>>> until 8 am but on occasion I can do earlier.
>>
>>>
>>
>>> Ralph
>>
>>>
>>
 On Sep 20, 2020, at 9:46 AM, Davyd McColl wrote:
>>

>>
 Any time 08h00 - 17h30 utc+2, except 13h00-14h00 (that's when I
>>
>>> fetch my
>>
 son from school)
>>

>>
 -d
>>

>>

>>
 On September 20, 2020 18:44:19 Matt Sicker wrote:
>>

>>
> We’re not quite as strict as Debian for keys (though if you can
>>
>>> find a
>>
> Debian group locally, they’re great for key signing). The video
>>
>>> call idea
>>
> could work for exchanging keys. What times would you be available
>>
>>> to do
>>
> that?
>>
>
>>
> On Sun, Sep 20, 2020 at 03:09 Davyd McColl wrote:
>>
>
>>
>> Hi Ralph
>>
>>
>>
>>
>>
>>
>>
>> I think I miscommunicated: I'm not regenerating my signing key -
>>
>>> just the
>>
>>
>>
>> nuget API key for package upload. This forces me to log in in
>>
>>> nuget.org
>>
>>
>>
>> which has 2fa and then I only use that key on the cli for the
>>
>>> immediate
>>
>> upload.
>>
>>
>>
>>
>>
>>
>>
>> My gpg key as at https://GitHub.com/fluffynuts.gpg is the same
>>
>>> that I
>>
>> used
>>
>>
>>
>> last time.
>>
>>
>>
>>
>>
>>
>>
>> -d
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> On September 20, 2020 09:01:36 Ralph Goers
>>
>> wrote:
>>
>>
>>
>>
>>
>>
>>
>>> In the long run you don’t want to be regenerating your signing
>>
>>> key for
>>
>>
>>
>>> every release. The point is that you would upload the key to a
>>
>>> central
>>
>>
>>
>>> keystore and other people would sign it there. At ApacheCon we
>>
>>> would
>>
>> have a
>>
>>
>>
>>> key signing “party” where we recorded each others keys and then
>>
>>> would
>>
>> take
>>
>>
>>
>>> our list and update the central keystore. When people 

Re: [VOTE] [log4net] Release 2.0.11

[Ralph Goers]

My +1

Ralph

> On Sep 22, 2020, at 11:21 PM, Davyd McColl  wrote:
> 
> Thanks all; I've completed the release as far as I can (Ralph, please push 
> the relevant artifacts from 
> https://github.com/apache/logging-log4net/releases/tag/rel%2F2.0.11 the last 
> mile) and pushed the nuget package.
> 
> -d
> 
> On 2020/09/22 17:34:34, Matt Sicker  wrote:
> +1
> 
> On Tue, Sep 22, 2020 at 04:23 Dominik Psenner wrote:
> 
>> +1
>> 
>> 
>> 
>> --
>> 
>> Sent from my phone. Typos are a kind gift to anyone who happens to find
>> 
>> them.
>> 
>> 
>> 
>> On Tue, Sep 22, 2020, 08:37 Davyd McColl wrote:
>> 
>> 
>> 
>>> Hi all
>> 
>>> 
>> 
>>> I'd appreciate any more +1's (thanks, Remko!). I'd like to get this out
>> 
>>> the door because it fixes confusing versioning on the released binaries
>> (in
>> 
>>> particular, nuget consumers)
>> 
>>> 
>> 
>>> Thanks
>> 
>>> -d
>> 
>>> On 2020/09/20 22:33:49, Matt Sicker wrote:
>> 
>>> I can use whatever.
>> 
>>> 
>> 
>>> On Sun, 20 Sep 2020 at 15:26, Ralph Goers wrote:
>> 
 
>> 
 I don’t have google meet and I can’t use Skype since Microsoft hosed my
>> 
>>> authentication. I have zoom. My company uses Amazon Chime, which is
>> fairly
>> 
>>> new, as part of our product offering. I’ve sent you both emails for a
>> 
>>> meeting using that.
>> 
 
>> 
 Ralph
>> 
 
>> 
> On Sep 20, 2020, at 1:01 PM, Matt Sicker wrote:
>> 
> 
>> 
> I sent a Google Meet invite to you.
>> 
> 
>> 
> On Sun, 20 Sep 2020 at 14:26, Davyd McColl wrote:
>> 
>> 
>> 
>> I'm happy to be available at 8am my side, if that works for everyone
>> 
>>> else.
>> 
>> It sounds like earlier would be better, but I'm doing the morning
>> 
>>> school
>> 
>> run from 7am and can't guarantee I'll be back significantly before
>> 
>>> 8am.
>> 
>> 
>> 
>> How to do this? I have zoom and slack on my work machine, can
>> install
>> 
>> Skype if that's more convenient, can do google meet, I assume,
>> though
>> 
>> haven't ever tried, so may need a bit of a crash intro.
>> 
>> 
>> 
>> If posting meeting details to the mailing list is not on, feel free
>> to
>> 
>> email me directly (:
>> 
>> 
>> 
>> -d
>> 
>> 
>> 
>> 
>> 
>> On September 20, 2020 20:58:29 Ralph Goers wrote:
>> 
>> 
>> 
>>> 8am in Durban South Africa is 11pm the night before in Phoenix AZ.
>> 
>>> However, I frequently am up until midnight so that could work.
>> 
>>> 5-5:30 pm is
>> 
>>> 7:30-8 am in Phoenix. I usually am not in front of my computer on a
>> 
>>> weekday
>> 
>>> until 8 am but on occasion I can do earlier.
>> 
>>> 
>> 
>>> Ralph
>> 
>>> 
>> 
 On Sep 20, 2020, at 9:46 AM, Davyd McColl wrote:
>> 
 
>> 
 Any time 08h00 - 17h30 utc+2, except 13h00-14h00 (that's when I
>> 
>>> fetch my
>> 
 son from school)
>> 
 
>> 
 -d
>> 
 
>> 
 
>> 
 On September 20, 2020 18:44:19 Matt Sicker wrote:
>> 
 
>> 
> We’re not quite as strict as Debian for keys (though if you can
>> 
>>> find a
>> 
> Debian group locally, they’re great for key signing). The video
>> 
>>> call idea
>> 
> could work for exchanging keys. What times would you be available
>> 
>>> to do
>> 
> that?
>> 
> 
>> 
> On Sun, Sep 20, 2020 at 03:09 Davyd McColl wrote:
>> 
> 
>> 
>> Hi Ralph
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> I think I miscommunicated: I'm not regenerating my signing key -
>> 
>>> just the
>> 
>> 
>> 
>> nuget API key for package upload. This forces me to log in in
>> 
>>> nuget.org
>> 
>> 
>> 
>> which has 2fa and then I only use that key on the cli for the
>> 
>>> immediate
>> 
>> upload.
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> My gpg key as at https://GitHub.com/fluffynuts.gpg is the same
>> 
>>> that I
>> 
>> used
>> 
>> 
>> 
>> last time.
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> -d
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> On September 20, 2020 09:01:36 Ralph Goers
>> 
>> wrote:
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>>> In the long run you don’t want to be regenerating your signing
>> 
>>> key for
>> 
>> 
>> 
>>> every release. The point is that you would upload the key to a
>> 
>>> central
>> 
>> 
>> 
>>> keystore and other people would sign it there. At ApacheCon we
>> 
>>> would
>> 
>> have a
>> 
>> 
>> 
>>> key signing “party” where we recorded each others keys and then
>> 
>>> would
>> 
>> take
>> 
>> 
>> 
>>> our list and update the central keystore. When people verify
>> the
>> 
>>> key
>> 
>> they
>> 
>> 
>> 
>>> can look at the keystore and see that it is signed by a number
>> 

Re: [VOTE] [log4net] Release 2.0.11

[Davyd McColl]

Thanks all; I've completed the release as far as I can (Ralph, please push the 
relevant artifacts from 
https://github.com/apache/logging-log4net/releases/tag/rel%2F2.0.11 the last 
mile) and pushed the nuget package.

-d

On 2020/09/22 17:34:34, Matt Sicker  wrote:
+1

On Tue, Sep 22, 2020 at 04:23 Dominik Psenner wrote:

> +1
>
>
>
> --
>
> Sent from my phone. Typos are a kind gift to anyone who happens to find
>
> them.
>
>
>
> On Tue, Sep 22, 2020, 08:37 Davyd McColl wrote:
>
>
>
> > Hi all
>
> >
>
> > I'd appreciate any more +1's (thanks, Remko!). I'd like to get this out
>
> > the door because it fixes confusing versioning on the released binaries
> (in
>
> > particular, nuget consumers)
>
> >
>
> > Thanks
>
> > -d
>
> > On 2020/09/20 22:33:49, Matt Sicker wrote:
>
> > I can use whatever.
>
> >
>
> > On Sun, 20 Sep 2020 at 15:26, Ralph Goers wrote:
>
> > >
>
> > > I don’t have google meet and I can’t use Skype since Microsoft hosed my
>
> > authentication. I have zoom. My company uses Amazon Chime, which is
> fairly
>
> > new, as part of our product offering. I’ve sent you both emails for a
>
> > meeting using that.
>
> > >
>
> > > Ralph
>
> > >
>
> > > > On Sep 20, 2020, at 1:01 PM, Matt Sicker wrote:
>
> > > >
>
> > > > I sent a Google Meet invite to you.
>
> > > >
>
> > > > On Sun, 20 Sep 2020 at 14:26, Davyd McColl wrote:
>
> > > >>
>
> > > >> I'm happy to be available at 8am my side, if that works for everyone
>
> > else.
>
> > > >> It sounds like earlier would be better, but I'm doing the morning
>
> > school
>
> > > >> run from 7am and can't guarantee I'll be back significantly before
>
> > 8am.
>
> > > >>
>
> > > >> How to do this? I have zoom and slack on my work machine, can
> install
>
> > > >> Skype if that's more convenient, can do google meet, I assume,
> though
>
> > > >> haven't ever tried, so may need a bit of a crash intro.
>
> > > >>
>
> > > >> If posting meeting details to the mailing list is not on, feel free
> to
>
> > > >> email me directly (:
>
> > > >>
>
> > > >> -d
>
> > > >>
>
> > > >>
>
> > > >> On September 20, 2020 20:58:29 Ralph Goers wrote:
>
> > > >>
>
> > > >>> 8am in Durban South Africa is 11pm the night before in Phoenix AZ.
>
> > > >>> However, I frequently am up until midnight so that could work.
>
> > 5-5:30 pm is
>
> > > >>> 7:30-8 am in Phoenix. I usually am not in front of my computer on a
>
> > weekday
>
> > > >>> until 8 am but on occasion I can do earlier.
>
> > > >>>
>
> > > >>> Ralph
>
> > > >>>
>
> > >  On Sep 20, 2020, at 9:46 AM, Davyd McColl wrote:
>
> > > 
>
> > >  Any time 08h00 - 17h30 utc+2, except 13h00-14h00 (that's when I
>
> > fetch my
>
> > >  son from school)
>
> > > 
>
> > >  -d
>
> > > 
>
> > > 
>
> > >  On September 20, 2020 18:44:19 Matt Sicker wrote:
>
> > > 
>
> > > > We’re not quite as strict as Debian for keys (though if you can
>
> > find a
>
> > > > Debian group locally, they’re great for key signing). The video
>
> > call idea
>
> > > > could work for exchanging keys. What times would you be available
>
> > to do
>
> > > > that?
>
> > > >
>
> > > > On Sun, Sep 20, 2020 at 03:09 Davyd McColl wrote:
>
> > > >
>
> > > >> Hi Ralph
>
> > > >>
>
> > > >>
>
> > > >>
>
> > > >> I think I miscommunicated: I'm not regenerating my signing key -
>
> > just the
>
> > > >>
>
> > > >> nuget API key for package upload. This forces me to log in in
>
> > nuget.org
>
> > > >>
>
> > > >> which has 2fa and then I only use that key on the cli for the
>
> > immediate
>
> > > >> upload.
>
> > > >>
>
> > > >>
>
> > > >>
>
> > > >> My gpg key as at https://GitHub.com/fluffynuts.gpg is the same
>
> > that I
>
> > > >> used
>
> > > >>
>
> > > >> last time.
>
> > > >>
>
> > > >>
>
> > > >>
>
> > > >> -d
>
> > > >>
>
> > > >>
>
> > > >>
>
> > > >>
>
> > > >>
>
> > > >> On September 20, 2020 09:01:36 Ralph Goers
>
> > > >> wrote:
>
> > > >>
>
> > > >>
>
> > > >>
>
> > > >>> In the long run you don’t want to be regenerating your signing
>
> > key for
>
> > > >>
>
> > > >>> every release. The point is that you would upload the key to a
>
> > central
>
> > > >>
>
> > > >>> keystore and other people would sign it there. At ApacheCon we
>
> > would
>
> > > >> have a
>
> > > >>
>
> > > >>> key signing “party” where we recorded each others keys and then
>
> > would
>
> > > >> take
>
> > > >>
>
> > > >>> our list and update the central keystore. When people verify
> the
>
> > key
>
> > > >> they
>
> > > >>
>
> > > >>> can look at the keystore and see that it is signed by a number
> of
>
> > > >> people,
>
> > > >>
>
> > > >>> who then have their keys by a number of people and so on so you
>
> > are
>
> > > >>
>
> > > >>> building a web of trust. Sooner or later there will be someone
>
> > in that
>
> > 

Re: [VOTE] [log4net] Release 2.0.11

[Matt Sicker]

+1

On Tue, Sep 22, 2020 at 04:23 Dominik Psenner  wrote:

> +1
>
>
>
> --
>
> Sent from my phone. Typos are a kind gift to anyone who happens to find
>
> them.
>
>
>
> On Tue, Sep 22, 2020, 08:37 Davyd McColl  wrote:
>
>
>
> > Hi all
>
> >
>
> > I'd appreciate any more +1's (thanks, Remko!). I'd like to get this out
>
> > the door because it fixes confusing versioning on the released binaries
> (in
>
> > particular, nuget consumers)
>
> >
>
> > Thanks
>
> > -d
>
> > On 2020/09/20 22:33:49, Matt Sicker  wrote:
>
> > I can use whatever.
>
> >
>
> > On Sun, 20 Sep 2020 at 15:26, Ralph Goers wrote:
>
> > >
>
> > > I don’t have google meet and I can’t use Skype since Microsoft hosed my
>
> > authentication. I have zoom. My company uses Amazon Chime, which is
> fairly
>
> > new, as part of our product offering. I’ve sent you both emails for a
>
> > meeting using that.
>
> > >
>
> > > Ralph
>
> > >
>
> > > > On Sep 20, 2020, at 1:01 PM, Matt Sicker wrote:
>
> > > >
>
> > > > I sent a Google Meet invite to you.
>
> > > >
>
> > > > On Sun, 20 Sep 2020 at 14:26, Davyd McColl wrote:
>
> > > >>
>
> > > >> I'm happy to be available at 8am my side, if that works for everyone
>
> > else.
>
> > > >> It sounds like earlier would be better, but I'm doing the morning
>
> > school
>
> > > >> run from 7am and can't guarantee I'll be back significantly before
>
> > 8am.
>
> > > >>
>
> > > >> How to do this? I have zoom and slack on my work machine, can
> install
>
> > > >> Skype if that's more convenient, can do google meet, I assume,
> though
>
> > > >> haven't ever tried, so may need a bit of a crash intro.
>
> > > >>
>
> > > >> If posting meeting details to the mailing list is not on, feel free
> to
>
> > > >> email me directly (:
>
> > > >>
>
> > > >> -d
>
> > > >>
>
> > > >>
>
> > > >> On September 20, 2020 20:58:29 Ralph Goers wrote:
>
> > > >>
>
> > > >>> 8am in Durban South Africa is 11pm the night before in Phoenix AZ.
>
> > > >>> However, I frequently am up until midnight so that could work.
>
> > 5-5:30 pm is
>
> > > >>> 7:30-8 am in Phoenix. I usually am not in front of my computer on a
>
> > weekday
>
> > > >>> until 8 am but on occasion I can do earlier.
>
> > > >>>
>
> > > >>> Ralph
>
> > > >>>
>
> > >  On Sep 20, 2020, at 9:46 AM, Davyd McColl wrote:
>
> > > 
>
> > >  Any time 08h00 - 17h30 utc+2, except 13h00-14h00 (that's when I
>
> > fetch my
>
> > >  son from school)
>
> > > 
>
> > >  -d
>
> > > 
>
> > > 
>
> > >  On September 20, 2020 18:44:19 Matt Sicker wrote:
>
> > > 
>
> > > > We’re not quite as strict as Debian for keys (though if you can
>
> > find a
>
> > > > Debian group locally, they’re great for key signing). The video
>
> > call idea
>
> > > > could work for exchanging keys. What times would you be available
>
> > to do
>
> > > > that?
>
> > > >
>
> > > > On Sun, Sep 20, 2020 at 03:09 Davyd McColl wrote:
>
> > > >
>
> > > >> Hi Ralph
>
> > > >>
>
> > > >>
>
> > > >>
>
> > > >> I think I miscommunicated: I'm not regenerating my signing key -
>
> > just the
>
> > > >>
>
> > > >> nuget API key for package upload. This forces me to log in in
>
> > nuget.org
>
> > > >>
>
> > > >> which has 2fa and then I only use that key on the cli for the
>
> > immediate
>
> > > >> upload.
>
> > > >>
>
> > > >>
>
> > > >>
>
> > > >> My gpg key as at https://GitHub.com/fluffynuts.gpg is the same
>
> > that I
>
> > > >> used
>
> > > >>
>
> > > >> last time.
>
> > > >>
>
> > > >>
>
> > > >>
>
> > > >> -d
>
> > > >>
>
> > > >>
>
> > > >>
>
> > > >>
>
> > > >>
>
> > > >> On September 20, 2020 09:01:36 Ralph Goers
>
> > > >> wrote:
>
> > > >>
>
> > > >>
>
> > > >>
>
> > > >>> In the long run you don’t want to be regenerating your signing
>
> > key for
>
> > > >>
>
> > > >>> every release. The point is that you would upload the key to a
>
> > central
>
> > > >>
>
> > > >>> keystore and other people would sign it there. At ApacheCon we
>
> > would
>
> > > >> have a
>
> > > >>
>
> > > >>> key signing “party” where we recorded each others keys and then
>
> > would
>
> > > >> take
>
> > > >>
>
> > > >>> our list and update the central keystore. When people verify
> the
>
> > key
>
> > > >> they
>
> > > >>
>
> > > >>> can look at the keystore and see that it is signed by a number
> of
>
> > > >> people,
>
> > > >>
>
> > > >>> who then have their keys by a number of people and so on so you
>
> > are
>
> > > >>
>
> > > >>> building a web of trust. Sooner or later there will be someone
>
> > in that
>
> > > >> web
>
> > > >>
>
> > > >>> that you personally know and trust.
>
> > > >>
>
> > > >>>
>
> > > >>
>
> > > >>> Ralph
>
> > > >>
>
> > > >>>
>
> > > >>
>
> > >  On Sep 19, 2020, at 11:26 PM, Davyd McColl wrote:
>
> 

Re: [VOTE] [log4net] Release 2.0.11

[Dominik Psenner]

+1

--
Sent from my phone. Typos are a kind gift to anyone who happens to find
them.

On Tue, Sep 22, 2020, 08:37 Davyd McColl  wrote:

> Hi all
>
> I'd appreciate any more +1's (thanks, Remko!). I'd like to get this out
> the door because it fixes confusing versioning on the released binaries (in
> particular, nuget consumers)
>
> Thanks
> -d
> On 2020/09/20 22:33:49, Matt Sicker  wrote:
> I can use whatever.
>
> On Sun, 20 Sep 2020 at 15:26, Ralph Goers wrote:
> >
> > I don’t have google meet and I can’t use Skype since Microsoft hosed my
> authentication. I have zoom. My company uses Amazon Chime, which is fairly
> new, as part of our product offering. I’ve sent you both emails for a
> meeting using that.
> >
> > Ralph
> >
> > > On Sep 20, 2020, at 1:01 PM, Matt Sicker wrote:
> > >
> > > I sent a Google Meet invite to you.
> > >
> > > On Sun, 20 Sep 2020 at 14:26, Davyd McColl wrote:
> > >>
> > >> I'm happy to be available at 8am my side, if that works for everyone
> else.
> > >> It sounds like earlier would be better, but I'm doing the morning
> school
> > >> run from 7am and can't guarantee I'll be back significantly before
> 8am.
> > >>
> > >> How to do this? I have zoom and slack on my work machine, can install
> > >> Skype if that's more convenient, can do google meet, I assume, though
> > >> haven't ever tried, so may need a bit of a crash intro.
> > >>
> > >> If posting meeting details to the mailing list is not on, feel free to
> > >> email me directly (:
> > >>
> > >> -d
> > >>
> > >>
> > >> On September 20, 2020 20:58:29 Ralph Goers wrote:
> > >>
> > >>> 8am in Durban South Africa is 11pm the night before in Phoenix AZ.
> > >>> However, I frequently am up until midnight so that could work.
> 5-5:30 pm is
> > >>> 7:30-8 am in Phoenix. I usually am not in front of my computer on a
> weekday
> > >>> until 8 am but on occasion I can do earlier.
> > >>>
> > >>> Ralph
> > >>>
> >  On Sep 20, 2020, at 9:46 AM, Davyd McColl wrote:
> > 
> >  Any time 08h00 - 17h30 utc+2, except 13h00-14h00 (that's when I
> fetch my
> >  son from school)
> > 
> >  -d
> > 
> > 
> >  On September 20, 2020 18:44:19 Matt Sicker wrote:
> > 
> > > We’re not quite as strict as Debian for keys (though if you can
> find a
> > > Debian group locally, they’re great for key signing). The video
> call idea
> > > could work for exchanging keys. What times would you be available
> to do
> > > that?
> > >
> > > On Sun, Sep 20, 2020 at 03:09 Davyd McColl wrote:
> > >
> > >> Hi Ralph
> > >>
> > >>
> > >>
> > >> I think I miscommunicated: I'm not regenerating my signing key -
> just the
> > >>
> > >> nuget API key for package upload. This forces me to log in in
> nuget.org
> > >>
> > >> which has 2fa and then I only use that key on the cli for the
> immediate
> > >> upload.
> > >>
> > >>
> > >>
> > >> My gpg key as at https://GitHub.com/fluffynuts.gpg is the same
> that I
> > >> used
> > >>
> > >> last time.
> > >>
> > >>
> > >>
> > >> -d
> > >>
> > >>
> > >>
> > >>
> > >>
> > >> On September 20, 2020 09:01:36 Ralph Goers
> > >> wrote:
> > >>
> > >>
> > >>
> > >>> In the long run you don’t want to be regenerating your signing
> key for
> > >>
> > >>> every release. The point is that you would upload the key to a
> central
> > >>
> > >>> keystore and other people would sign it there. At ApacheCon we
> would
> > >> have a
> > >>
> > >>> key signing “party” where we recorded each others keys and then
> would
> > >> take
> > >>
> > >>> our list and update the central keystore. When people verify the
> key
> > >> they
> > >>
> > >>> can look at the keystore and see that it is signed by a number of
> > >> people,
> > >>
> > >>> who then have their keys by a number of people and so on so you
> are
> > >>
> > >>> building a web of trust. Sooner or later there will be someone
> in that
> > >> web
> > >>
> > >>> that you personally know and trust.
> > >>
> > >>>
> > >>
> > >>> Ralph
> > >>
> > >>>
> > >>
> >  On Sep 19, 2020, at 11:26 PM, Davyd McColl wrote:
> > >>
> > 
> > >>
> >  Thanks Matt, I've updated the artifacts on GitHub to have
> detached
> > >>
> >  signatures. I had previously also uploaded my key to
> sks-keyservers.net,
> > >>
> > >>
> >  but I've also uploaded to MIT, though search there always times
> out.
> > >>
> > 
> > >>
> >  The document you've linked mentions face-to-face interactions
> to get my
> > >> key
> > >>
> >  into the official KEYS file. Not sure how many apache people
> are at my
> > >> end
> > >>
> >  of the world (Durban, South Africa), but I can do an online
> meeting if
> > >> that
> > 

Re: [VOTE] [log4net] Release 2.0.11

[Davyd McColl]

Hi all

I'd appreciate any more +1's (thanks, Remko!). I'd like to get this out the 
door because it fixes confusing versioning on the released binaries (in 
particular, nuget consumers)

Thanks
-d
On 2020/09/20 22:33:49, Matt Sicker  wrote:
I can use whatever.

On Sun, 20 Sep 2020 at 15:26, Ralph Goers wrote:
>
> I don’t have google meet and I can’t use Skype since Microsoft hosed my 
> authentication. I have zoom. My company uses Amazon Chime, which is fairly 
> new, as part of our product offering. I’ve sent you both emails for a meeting 
> using that.
>
> Ralph
>
> > On Sep 20, 2020, at 1:01 PM, Matt Sicker wrote:
> >
> > I sent a Google Meet invite to you.
> >
> > On Sun, 20 Sep 2020 at 14:26, Davyd McColl wrote:
> >>
> >> I'm happy to be available at 8am my side, if that works for everyone else.
> >> It sounds like earlier would be better, but I'm doing the morning school
> >> run from 7am and can't guarantee I'll be back significantly before 8am.
> >>
> >> How to do this? I have zoom and slack on my work machine, can install
> >> Skype if that's more convenient, can do google meet, I assume, though
> >> haven't ever tried, so may need a bit of a crash intro.
> >>
> >> If posting meeting details to the mailing list is not on, feel free to
> >> email me directly (:
> >>
> >> -d
> >>
> >>
> >> On September 20, 2020 20:58:29 Ralph Goers wrote:
> >>
> >>> 8am in Durban South Africa is 11pm the night before in Phoenix AZ.
> >>> However, I frequently am up until midnight so that could work. 5-5:30 pm 
> >>> is
> >>> 7:30-8 am in Phoenix. I usually am not in front of my computer on a 
> >>> weekday
> >>> until 8 am but on occasion I can do earlier.
> >>>
> >>> Ralph
> >>>
>  On Sep 20, 2020, at 9:46 AM, Davyd McColl wrote:
> 
>  Any time 08h00 - 17h30 utc+2, except 13h00-14h00 (that's when I fetch my
>  son from school)
> 
>  -d
> 
> 
>  On September 20, 2020 18:44:19 Matt Sicker wrote:
> 
> > We’re not quite as strict as Debian for keys (though if you can find a
> > Debian group locally, they’re great for key signing). The video call 
> > idea
> > could work for exchanging keys. What times would you be available to do
> > that?
> >
> > On Sun, Sep 20, 2020 at 03:09 Davyd McColl wrote:
> >
> >> Hi Ralph
> >>
> >>
> >>
> >> I think I miscommunicated: I'm not regenerating my signing key - just 
> >> the
> >>
> >> nuget API key for package upload. This forces me to log in in nuget.org
> >>
> >> which has 2fa and then I only use that key on the cli for the immediate
> >> upload.
> >>
> >>
> >>
> >> My gpg key as at https://GitHub.com/fluffynuts.gpg is the same that I
> >> used
> >>
> >> last time.
> >>
> >>
> >>
> >> -d
> >>
> >>
> >>
> >>
> >>
> >> On September 20, 2020 09:01:36 Ralph Goers
> >> wrote:
> >>
> >>
> >>
> >>> In the long run you don’t want to be regenerating your signing key for
> >>
> >>> every release. The point is that you would upload the key to a central
> >>
> >>> keystore and other people would sign it there. At ApacheCon we would
> >> have a
> >>
> >>> key signing “party” where we recorded each others keys and then would
> >> take
> >>
> >>> our list and update the central keystore. When people verify the key
> >> they
> >>
> >>> can look at the keystore and see that it is signed by a number of
> >> people,
> >>
> >>> who then have their keys by a number of people and so on so you are
> >>
> >>> building a web of trust. Sooner or later there will be someone in that
> >> web
> >>
> >>> that you personally know and trust.
> >>
> >>>
> >>
> >>> Ralph
> >>
> >>>
> >>
>  On Sep 19, 2020, at 11:26 PM, Davyd McColl wrote:
> >>
> 
> >>
>  Thanks Matt, I've updated the artifacts on GitHub to have detached
> >>
>  signatures. I had previously also uploaded my key to 
>  sks-keyservers.net,
> >>
> >>
>  but I've also uploaded to MIT, though search there always times out.
> >>
> 
> >>
>  The document you've linked mentions face-to-face interactions to get 
>  my
> >> key
> >>
>  into the official KEYS file. Not sure how many apache people are at 
>  my
> >> end
> >>
>  of the world (Durban, South Africa), but I can do an online meeting 
>  if
> >> that
> >>
>  helps. Last release, Ralph said I should sign, so I did. I'm new to
> >> signing
> >>
>  release artifacts - I've generally relied on authentication during
> >> upload
> >>
>  as verification of authenticity, with 2FA wherever possible (GitHub 
>  and
> >>
>  NPM; nuget survives with an apikey - but for the last 2 

Re: [VOTE] [log4net] Release 2.0.11

[Matt Sicker]

I can use whatever.

On Sun, 20 Sep 2020 at 15:26, Ralph Goers  wrote:
>
> I don’t have google meet and I can’t use Skype since Microsoft hosed my 
> authentication. I have zoom. My company uses Amazon Chime, which is fairly 
> new, as part of our product offering.  I’ve sent you both emails for a 
> meeting using that.
>
> Ralph
>
> > On Sep 20, 2020, at 1:01 PM, Matt Sicker  wrote:
> >
> > I sent a Google Meet invite to you.
> >
> > On Sun, 20 Sep 2020 at 14:26, Davyd McColl  wrote:
> >>
> >> I'm happy to be available at 8am my side, if that works for everyone else.
> >> It sounds like earlier would be better, but I'm doing the morning school
> >> run from 7am and can't guarantee I'll be back significantly before 8am.
> >>
> >> How to do this? I have zoom and slack on my work machine, can install
> >> Skype if that's more convenient, can do google meet, I assume, though
> >> haven't ever tried, so may need a bit of a crash intro.
> >>
> >> If posting meeting details to the mailing list is not on, feel free to
> >> email me directly (:
> >>
> >> -d
> >>
> >>
> >> On September 20, 2020 20:58:29 Ralph Goers  
> >> wrote:
> >>
> >>> 8am in Durban South Africa is 11pm the night before in Phoenix AZ.
> >>> However, I frequently am up until midnight so that could work. 5-5:30 pm 
> >>> is
> >>> 7:30-8 am in Phoenix. I usually am not in front of my computer on a 
> >>> weekday
> >>> until 8 am but on occasion I can do earlier.
> >>>
> >>> Ralph
> >>>
>  On Sep 20, 2020, at 9:46 AM, Davyd McColl  wrote:
> 
>  Any time 08h00 - 17h30 utc+2, except 13h00-14h00 (that's when I fetch my
>  son from school)
> 
>  -d
> 
> 
>  On September 20, 2020 18:44:19 Matt Sicker  wrote:
> 
> > We’re not quite as strict as Debian for keys (though if you can find a
> > Debian group locally, they’re great for key signing). The video call 
> > idea
> > could work for exchanging keys. What times would you be available to do
> > that?
> >
> > On Sun, Sep 20, 2020 at 03:09 Davyd McColl  wrote:
> >
> >> Hi Ralph
> >>
> >>
> >>
> >> I think I miscommunicated: I'm not regenerating my signing key - just 
> >> the
> >>
> >> nuget API key for package upload. This forces me to log in in nuget.org
> >>
> >> which has 2fa and then I only use that key on the cli for the immediate
> >> upload.
> >>
> >>
> >>
> >> My gpg key as at https://GitHub.com/fluffynuts.gpg is the same that I
> >> used
> >>
> >> last time.
> >>
> >>
> >>
> >> -d
> >>
> >>
> >>
> >>
> >>
> >> On September 20, 2020 09:01:36 Ralph Goers 
> >> wrote:
> >>
> >>
> >>
> >>> In the long run you don’t want to be regenerating your signing key for
> >>
> >>> every release. The point is that you would upload the key to a central
> >>
> >>> keystore and other people would sign it there. At ApacheCon we would
> >> have a
> >>
> >>> key signing “party” where we recorded each others keys and then would
> >> take
> >>
> >>> our list and update the central keystore. When people verify the key
> >> they
> >>
> >>> can look at the keystore and see that it is signed by a number of
> >> people,
> >>
> >>> who then have their keys by a number of people and so on so you are
> >>
> >>> building a web of trust.  Sooner or later there will be someone in 
> >>> that
> >> web
> >>
> >>> that you personally know and trust.
> >>
> >>>
> >>
> >>> Ralph
> >>
> >>>
> >>
>  On Sep 19, 2020, at 11:26 PM, Davyd McColl  wrote:
> >>
> 
> >>
>  Thanks Matt, I've updated the artifacts on GitHub to have detached
> >>
>  signatures. I had previously also uploaded my key to 
>  sks-keyservers.net,
> >>
> >>
>  but I've also uploaded to MIT, though search there always times out.
> >>
> 
> >>
>  The document you've linked mentions face-to-face interactions to get 
>  my
> >> key
> >>
>  into the official KEYS file. Not sure how many apache people are at 
>  my
> >> end
> >>
>  of the world (Durban, South Africa), but I can do an online meeting 
>  if
> >> that
> >>
>  helps. Last release, Ralph said I should sign, so I did. I'm new to
> >> signing
> >>
>  release artifacts - I've generally relied on authentication during
> >> upload
> >>
>  as verification of authenticity, with 2FA wherever possible (GitHub 
>  and
> >>
>  NPM; nuget survives with an apikey - but for the last 2 releases, 
>  I've
> >>
>  regenerated the key on each use and only supplied it on the cli at
> >> upload,
> >>
>  so as not to store it locally)
> >>
> 
> >>
>  

Re: [VOTE] [log4net] Release 2.0.11

[Ralph Goers]

I don’t have google meet and I can’t use Skype since Microsoft hosed my 
authentication. I have zoom. My company uses Amazon Chime, which is fairly new, 
as part of our product offering.  I’ve sent you both emails for a meeting using 
that.

Ralph

> On Sep 20, 2020, at 1:01 PM, Matt Sicker  wrote:
> 
> I sent a Google Meet invite to you.
> 
> On Sun, 20 Sep 2020 at 14:26, Davyd McColl  wrote:
>> 
>> I'm happy to be available at 8am my side, if that works for everyone else.
>> It sounds like earlier would be better, but I'm doing the morning school
>> run from 7am and can't guarantee I'll be back significantly before 8am.
>> 
>> How to do this? I have zoom and slack on my work machine, can install
>> Skype if that's more convenient, can do google meet, I assume, though
>> haven't ever tried, so may need a bit of a crash intro.
>> 
>> If posting meeting details to the mailing list is not on, feel free to
>> email me directly (:
>> 
>> -d
>> 
>> 
>> On September 20, 2020 20:58:29 Ralph Goers  
>> wrote:
>> 
>>> 8am in Durban South Africa is 11pm the night before in Phoenix AZ.
>>> However, I frequently am up until midnight so that could work. 5-5:30 pm is
>>> 7:30-8 am in Phoenix. I usually am not in front of my computer on a weekday
>>> until 8 am but on occasion I can do earlier.
>>> 
>>> Ralph
>>> 
 On Sep 20, 2020, at 9:46 AM, Davyd McColl  wrote:
 
 Any time 08h00 - 17h30 utc+2, except 13h00-14h00 (that's when I fetch my
 son from school)
 
 -d
 
 
 On September 20, 2020 18:44:19 Matt Sicker  wrote:
 
> We’re not quite as strict as Debian for keys (though if you can find a
> Debian group locally, they’re great for key signing). The video call idea
> could work for exchanging keys. What times would you be available to do
> that?
> 
> On Sun, Sep 20, 2020 at 03:09 Davyd McColl  wrote:
> 
>> Hi Ralph
>> 
>> 
>> 
>> I think I miscommunicated: I'm not regenerating my signing key - just the
>> 
>> nuget API key for package upload. This forces me to log in in nuget.org
>> 
>> which has 2fa and then I only use that key on the cli for the immediate
>> upload.
>> 
>> 
>> 
>> My gpg key as at https://GitHub.com/fluffynuts.gpg is the same that I
>> used
>> 
>> last time.
>> 
>> 
>> 
>> -d
>> 
>> 
>> 
>> 
>> 
>> On September 20, 2020 09:01:36 Ralph Goers 
>> wrote:
>> 
>> 
>> 
>>> In the long run you don’t want to be regenerating your signing key for
>> 
>>> every release. The point is that you would upload the key to a central
>> 
>>> keystore and other people would sign it there. At ApacheCon we would
>> have a
>> 
>>> key signing “party” where we recorded each others keys and then would
>> take
>> 
>>> our list and update the central keystore. When people verify the key
>> they
>> 
>>> can look at the keystore and see that it is signed by a number of
>> people,
>> 
>>> who then have their keys by a number of people and so on so you are
>> 
>>> building a web of trust.  Sooner or later there will be someone in that
>> web
>> 
>>> that you personally know and trust.
>> 
>>> 
>> 
>>> Ralph
>> 
>>> 
>> 
 On Sep 19, 2020, at 11:26 PM, Davyd McColl  wrote:
>> 
 
>> 
 Thanks Matt, I've updated the artifacts on GitHub to have detached
>> 
 signatures. I had previously also uploaded my key to 
 sks-keyservers.net,
>> 
>> 
 but I've also uploaded to MIT, though search there always times out.
>> 
 
>> 
 The document you've linked mentions face-to-face interactions to get my
>> key
>> 
 into the official KEYS file. Not sure how many apache people are at my
>> end
>> 
 of the world (Durban, South Africa), but I can do an online meeting if
>> that
>> 
 helps. Last release, Ralph said I should sign, so I did. I'm new to
>> signing
>> 
 release artifacts - I've generally relied on authentication during
>> upload
>> 
 as verification of authenticity, with 2FA wherever possible (GitHub and
>> 
 NPM; nuget survives with an apikey - but for the last 2 releases, I've
>> 
 regenerated the key on each use and only supplied it on the cli at
>> upload,
>> 
 so as not to store it locally)
>> 
 
>> 
 -d
>> 
 
>> 
 
>> 
 On September 19, 2020 22:23:41 Matt Sicker  wrote:
>> 
 
>> 
> Oh and there's a bit of an issue with the signed files: it looks like
>> 
> you included _signed files_ rather than detached signatures. Thus, the
>> 
> .asc files are only verifying themselves rather than the accompanying
>> 
> 

Re: [VOTE] [log4net] Release 2.0.11

[Matt Sicker]

I sent a Google Meet invite to you.

On Sun, 20 Sep 2020 at 14:26, Davyd McColl  wrote:
>
> I'm happy to be available at 8am my side, if that works for everyone else.
> It sounds like earlier would be better, but I'm doing the morning school
> run from 7am and can't guarantee I'll be back significantly before 8am.
>
>  How to do this? I have zoom and slack on my work machine, can install
> Skype if that's more convenient, can do google meet, I assume, though
> haven't ever tried, so may need a bit of a crash intro.
>
> If posting meeting details to the mailing list is not on, feel free to
> email me directly (:
>
> -d
>
>
> On September 20, 2020 20:58:29 Ralph Goers  wrote:
>
> > 8am in Durban South Africa is 11pm the night before in Phoenix AZ.
> > However, I frequently am up until midnight so that could work. 5-5:30 pm is
> > 7:30-8 am in Phoenix. I usually am not in front of my computer on a weekday
> > until 8 am but on occasion I can do earlier.
> >
> > Ralph
> >
> >> On Sep 20, 2020, at 9:46 AM, Davyd McColl  wrote:
> >>
> >> Any time 08h00 - 17h30 utc+2, except 13h00-14h00 (that's when I fetch my
> >> son from school)
> >>
> >> -d
> >>
> >>
> >> On September 20, 2020 18:44:19 Matt Sicker  wrote:
> >>
> >>> We’re not quite as strict as Debian for keys (though if you can find a
> >>> Debian group locally, they’re great for key signing). The video call idea
> >>> could work for exchanging keys. What times would you be available to do
> >>> that?
> >>>
> >>> On Sun, Sep 20, 2020 at 03:09 Davyd McColl  wrote:
> >>>
>  Hi Ralph
> 
> 
> 
>  I think I miscommunicated: I'm not regenerating my signing key - just the
> 
>  nuget API key for package upload. This forces me to log in in nuget.org
> 
>  which has 2fa and then I only use that key on the cli for the immediate
>  upload.
> 
> 
> 
>  My gpg key as at https://GitHub.com/fluffynuts.gpg is the same that I
>  used
> 
>  last time.
> 
> 
> 
>  -d
> 
> 
> 
> 
> 
>  On September 20, 2020 09:01:36 Ralph Goers 
>  wrote:
> 
> 
> 
>  > In the long run you don’t want to be regenerating your signing key for
> 
>  > every release. The point is that you would upload the key to a central
> 
>  > keystore and other people would sign it there. At ApacheCon we would
>  have a
> 
>  > key signing “party” where we recorded each others keys and then would
>  take
> 
>  > our list and update the central keystore. When people verify the key
>  they
> 
>  > can look at the keystore and see that it is signed by a number of
>  people,
> 
>  > who then have their keys by a number of people and so on so you are
> 
>  > building a web of trust.  Sooner or later there will be someone in that
>  web
> 
>  > that you personally know and trust.
> 
>  >
> 
>  > Ralph
> 
>  >
> 
>  >> On Sep 19, 2020, at 11:26 PM, Davyd McColl  wrote:
> 
>  >>
> 
>  >> Thanks Matt, I've updated the artifacts on GitHub to have detached
> 
>  >> signatures. I had previously also uploaded my key to 
>  >> sks-keyservers.net,
> 
> 
>  >> but I've also uploaded to MIT, though search there always times out.
> 
>  >>
> 
>  >> The document you've linked mentions face-to-face interactions to get 
>  >> my
>  key
> 
>  >> into the official KEYS file. Not sure how many apache people are at my
>  end
> 
>  >> of the world (Durban, South Africa), but I can do an online meeting if
>  that
> 
>  >> helps. Last release, Ralph said I should sign, so I did. I'm new to
>  signing
> 
>  >> release artifacts - I've generally relied on authentication during
>  upload
> 
>  >> as verification of authenticity, with 2FA wherever possible (GitHub 
>  >> and
> 
>  >> NPM; nuget survives with an apikey - but for the last 2 releases, I've
> 
>  >> regenerated the key on each use and only supplied it on the cli at
>  upload,
> 
>  >> so as not to store it locally)
> 
>  >>
> 
>  >> -d
> 
>  >>
> 
>  >>
> 
>  >> On September 19, 2020 22:23:41 Matt Sicker  wrote:
> 
>  >>
> 
>  >>> Oh and there's a bit of an issue with the signed files: it looks like
> 
>  >>> you included _signed files_ rather than detached signatures. Thus, 
>  >>> the
> 
>  >>> .asc files are only verifying themselves rather than the accompanying
> 
>  >>> file.
> 
>  >>>
> 
>  >>> There's a --detached option in gpg for this (yeah, it's always had a
>  bad UI).
> 
>  >>>
> 
>  >>> On Sat, 19 Sep 2020 at 15:19, Matt Sicker  wrote:
> 
>  
> 
>   The KEYS file [1] that's linked on the download page does not have
> 
>   your 

Re: [VOTE] [log4net] Release 2.0.11

[Davyd McColl]

I'm happy to be available at 8am my side, if that works for everyone else. 
It sounds like earlier would be better, but I'm doing the morning school 
run from 7am and can't guarantee I'll be back significantly before 8am.


How to do this? I have zoom and slack on my work machine, can install 
Skype if that's more convenient, can do google meet, I assume, though 
haven't ever tried, so may need a bit of a crash intro.


If posting meeting details to the mailing list is not on, feel free to 
email me directly (:


-d


On September 20, 2020 20:58:29 Ralph Goers  wrote:

8am in Durban South Africa is 11pm the night before in Phoenix AZ.  
However, I frequently am up until midnight so that could work. 5-5:30 pm is 
7:30-8 am in Phoenix. I usually am not in front of my computer on a weekday 
until 8 am but on occasion I can do earlier.


Ralph


On Sep 20, 2020, at 9:46 AM, Davyd McColl  wrote:

Any time 08h00 - 17h30 utc+2, except 13h00-14h00 (that's when I fetch my 
son from school)


-d


On September 20, 2020 18:44:19 Matt Sicker  wrote:


We’re not quite as strict as Debian for keys (though if you can find a
Debian group locally, they’re great for key signing). The video call idea
could work for exchanging keys. What times would you be available to do
that?

On Sun, Sep 20, 2020 at 03:09 Davyd McColl  wrote:


Hi Ralph



I think I miscommunicated: I'm not regenerating my signing key - just the

nuget API key for package upload. This forces me to log in in nuget.org

which has 2fa and then I only use that key on the cli for the immediate
upload.



My gpg key as at https://GitHub.com/fluffynuts.gpg is the same that I
used

last time.



-d





On September 20, 2020 09:01:36 Ralph Goers 
wrote:



> In the long run you don’t want to be regenerating your signing key for

> every release. The point is that you would upload the key to a central

> keystore and other people would sign it there. At ApacheCon we would
have a

> key signing “party” where we recorded each others keys and then would
take

> our list and update the central keystore. When people verify the key
they

> can look at the keystore and see that it is signed by a number of
people,

> who then have their keys by a number of people and so on so you are

> building a web of trust.  Sooner or later there will be someone in that
web

> that you personally know and trust.

>

> Ralph

>

>> On Sep 19, 2020, at 11:26 PM, Davyd McColl  wrote:

>>

>> Thanks Matt, I've updated the artifacts on GitHub to have detached

>> signatures. I had previously also uploaded my key to sks-keyservers.net,


>> but I've also uploaded to MIT, though search there always times out.

>>

>> The document you've linked mentions face-to-face interactions to get my
key

>> into the official KEYS file. Not sure how many apache people are at my
end

>> of the world (Durban, South Africa), but I can do an online meeting if
that

>> helps. Last release, Ralph said I should sign, so I did. I'm new to
signing

>> release artifacts - I've generally relied on authentication during
upload

>> as verification of authenticity, with 2FA wherever possible (GitHub and

>> NPM; nuget survives with an apikey - but for the last 2 releases, I've

>> regenerated the key on each use and only supplied it on the cli at
upload,

>> so as not to store it locally)

>>

>> -d

>>

>>

>> On September 19, 2020 22:23:41 Matt Sicker  wrote:

>>

>>> Oh and there's a bit of an issue with the signed files: it looks like

>>> you included _signed files_ rather than detached signatures. Thus, the

>>> .asc files are only verifying themselves rather than the accompanying

>>> file.

>>>

>>> There's a --detached option in gpg for this (yeah, it's always had a
bad UI).

>>>

>>> On Sat, 19 Sep 2020 at 15:19, Matt Sicker  wrote:



 The KEYS file [1] that's linked on the download page does not have

 your key in it. Neither does other KEYS file [2]. Check out [3] for

 more info.



 [1]: https://downloads.apache.org/logging/log4net/KEYS

 [2]: https://downloads.apache.org/logging/KEYS

 [3]: https://infra.apache.org/release-signing.html#keys-policy







 On Sat, 19 Sep 2020 at 12:48, Davyd McColl  wrote:

 >

 > Thanks Matt, I've done so. Hopefully that makes it easier to verify

 > artifacts that I have signed.

 >

 > -d

 >

 >

 > On September 18, 2020 23:11:48 Matt Sicker 
wrote:

 >

 > > If you upload your key to your GitHub profile, that also makes it

 > > simple to find. For example, just add ".gpg" to your profile URL:

 > > https://github.com/fluffynuts.gpg

 > >

 > > On Fri, 18 Sep 2020 at 16:08, Remko Popma 
wrote:

 > >>

 > >> +1 remko

 > >>

 > >> On Sat, Sep 19, 2020 at 5:56 AM Matt Sicker 
wrote:

 > >>

 > >> > How about your gpg key? I don't think we've imported that to
the KEYS

 > >> > file as far as I can tell?

 > >> >

 > >> > On Fri, 

Re: [VOTE] [log4net] Release 2.0.11

[Ralph Goers]

8am in Durban South Africa is 11pm the night before in Phoenix AZ.  However, I 
frequently am up until midnight so that could work. 5-5:30 pm is 7:30-8 am in 
Phoenix. I usually am not in front of my computer on a weekday until 8 am but 
on occasion I can do earlier.

Ralph

> On Sep 20, 2020, at 9:46 AM, Davyd McColl  wrote:
> 
> Any time 08h00 - 17h30 utc+2, except 13h00-14h00 (that's when I fetch my son 
> from school)
> 
> -d
> 
> 
> On September 20, 2020 18:44:19 Matt Sicker  wrote:
> 
>> We’re not quite as strict as Debian for keys (though if you can find a
>> Debian group locally, they’re great for key signing). The video call idea
>> could work for exchanging keys. What times would you be available to do
>> that?
>> 
>> On Sun, Sep 20, 2020 at 03:09 Davyd McColl  wrote:
>> 
>>> Hi Ralph
>>> 
>>> 
>>> 
>>> I think I miscommunicated: I'm not regenerating my signing key - just the
>>> 
>>> nuget API key for package upload. This forces me to log in in nuget.org
>>> 
>>> which has 2fa and then I only use that key on the cli for the immediate
>>> upload.
>>> 
>>> 
>>> 
>>> My gpg key as at https://GitHub.com/fluffynuts.gpg is the same that I
>>> used
>>> 
>>> last time.
>>> 
>>> 
>>> 
>>> -d
>>> 
>>> 
>>> 
>>> 
>>> 
>>> On September 20, 2020 09:01:36 Ralph Goers 
>>> wrote:
>>> 
>>> 
>>> 
>>> > In the long run you don’t want to be regenerating your signing key for
>>> 
>>> > every release. The point is that you would upload the key to a central
>>> 
>>> > keystore and other people would sign it there. At ApacheCon we would
>>> have a
>>> 
>>> > key signing “party” where we recorded each others keys and then would
>>> take
>>> 
>>> > our list and update the central keystore. When people verify the key
>>> they
>>> 
>>> > can look at the keystore and see that it is signed by a number of
>>> people,
>>> 
>>> > who then have their keys by a number of people and so on so you are
>>> 
>>> > building a web of trust.  Sooner or later there will be someone in that
>>> web
>>> 
>>> > that you personally know and trust.
>>> 
>>> >
>>> 
>>> > Ralph
>>> 
>>> >
>>> 
>>> >> On Sep 19, 2020, at 11:26 PM, Davyd McColl  wrote:
>>> 
>>> >>
>>> 
>>> >> Thanks Matt, I've updated the artifacts on GitHub to have detached
>>> 
>>> >> signatures. I had previously also uploaded my key to sks-keyservers.net,
>>> 
>>> 
>>> >> but I've also uploaded to MIT, though search there always times out.
>>> 
>>> >>
>>> 
>>> >> The document you've linked mentions face-to-face interactions to get my
>>> key
>>> 
>>> >> into the official KEYS file. Not sure how many apache people are at my
>>> end
>>> 
>>> >> of the world (Durban, South Africa), but I can do an online meeting if
>>> that
>>> 
>>> >> helps. Last release, Ralph said I should sign, so I did. I'm new to
>>> signing
>>> 
>>> >> release artifacts - I've generally relied on authentication during
>>> upload
>>> 
>>> >> as verification of authenticity, with 2FA wherever possible (GitHub and
>>> 
>>> >> NPM; nuget survives with an apikey - but for the last 2 releases, I've
>>> 
>>> >> regenerated the key on each use and only supplied it on the cli at
>>> upload,
>>> 
>>> >> so as not to store it locally)
>>> 
>>> >>
>>> 
>>> >> -d
>>> 
>>> >>
>>> 
>>> >>
>>> 
>>> >> On September 19, 2020 22:23:41 Matt Sicker  wrote:
>>> 
>>> >>
>>> 
>>> >>> Oh and there's a bit of an issue with the signed files: it looks like
>>> 
>>> >>> you included _signed files_ rather than detached signatures. Thus, the
>>> 
>>> >>> .asc files are only verifying themselves rather than the accompanying
>>> 
>>> >>> file.
>>> 
>>> >>>
>>> 
>>> >>> There's a --detached option in gpg for this (yeah, it's always had a
>>> bad UI).
>>> 
>>> >>>
>>> 
>>> >>> On Sat, 19 Sep 2020 at 15:19, Matt Sicker  wrote:
>>> 
>>> 
>>> 
>>>  The KEYS file [1] that's linked on the download page does not have
>>> 
>>>  your key in it. Neither does other KEYS file [2]. Check out [3] for
>>> 
>>>  more info.
>>> 
>>> 
>>> 
>>>  [1]: https://downloads.apache.org/logging/log4net/KEYS
>>> 
>>>  [2]: https://downloads.apache.org/logging/KEYS
>>> 
>>>  [3]: https://infra.apache.org/release-signing.html#keys-policy
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>>  On Sat, 19 Sep 2020 at 12:48, Davyd McColl  wrote:
>>> 
>>>  >
>>> 
>>>  > Thanks Matt, I've done so. Hopefully that makes it easier to verify
>>> 
>>>  > artifacts that I have signed.
>>> 
>>>  >
>>> 
>>>  > -d
>>> 
>>>  >
>>> 
>>>  >
>>> 
>>>  > On September 18, 2020 23:11:48 Matt Sicker 
>>> wrote:
>>> 
>>>  >
>>> 
>>>  > > If you upload your key to your GitHub profile, that also makes it
>>> 
>>>  > > simple to find. For example, just add ".gpg" to your profile URL:
>>> 
>>>  > > https://github.com/fluffynuts.gpg
>>> 
>>>  > >
>>> 
>>>  > > On Fri, 18 Sep 2020 at 16:08, Remko Popma 
>>> wrote:
>>> 
>>>  > >>
>>> 
>>>  > >> +1 remko
>>> 
>>>  > >>
>>> 
>>>  > >> On Sat, Sep 

Re: [VOTE] [log4net] Release 2.0.11

[Matt Sicker]

I should be able to do 08:00 tomorrow morning (still night in my time zone
but technically still tomorrow either way). If I weren’t on vacation at the
moment, we’d have to do the other end of your schedule which would be
during my typical “meetings with the other hemisphere” hours (some of my
work teammates are in the same time zone as you out in EU).

On Sun, Sep 20, 2020 at 11:47 Davyd McColl  wrote:

> Any time 08h00 - 17h30 utc+2, except 13h00-14h00 (that's when I fetch my
>
> son from school)
>
>
>
> -d
>
>
>
>
>
> On September 20, 2020 18:44:19 Matt Sicker  wrote:
>
>
>
> > We’re not quite as strict as Debian for keys (though if you can find a
>
> > Debian group locally, they’re great for key signing). The video call idea
>
> > could work for exchanging keys. What times would you be available to do
>
> > that?
>
> >
>
> > On Sun, Sep 20, 2020 at 03:09 Davyd McColl  wrote:
>
> >
>
> >> Hi Ralph
>
> >>
>
> >>
>
> >>
>
> >> I think I miscommunicated: I'm not regenerating my signing key - just
> the
>
> >>
>
> >> nuget API key for package upload. This forces me to log in in nuget.org
>
> >>
>
> >> which has 2fa and then I only use that key on the cli for the immediate
>
> >> upload.
>
> >>
>
> >>
>
> >>
>
> >> My gpg key as at https://GitHub.com/fluffynuts.gpg is the same that I
>
> >> used
>
> >>
>
> >> last time.
>
> >>
>
> >>
>
> >>
>
> >> -d
>
> >>
>
> >>
>
> >>
>
> >>
>
> >>
>
> >> On September 20, 2020 09:01:36 Ralph Goers 
>
> >> wrote:
>
> >>
>
> >>
>
> >>
>
> >> > In the long run you don’t want to be regenerating your signing key for
>
> >>
>
> >> > every release. The point is that you would upload the key to a central
>
> >>
>
> >> > keystore and other people would sign it there. At ApacheCon we would
>
> >> have a
>
> >>
>
> >> > key signing “party” where we recorded each others keys and then would
>
> >> take
>
> >>
>
> >> > our list and update the central keystore. When people verify the key
>
> >> they
>
> >>
>
> >> > can look at the keystore and see that it is signed by a number of
>
> >> people,
>
> >>
>
> >> > who then have their keys by a number of people and so on so you are
>
> >>
>
> >> > building a web of trust.  Sooner or later there will be someone in
> that
>
> >> web
>
> >>
>
> >> > that you personally know and trust.
>
> >>
>
> >> >
>
> >>
>
> >> > Ralph
>
> >>
>
> >> >
>
> >>
>
> >> >> On Sep 19, 2020, at 11:26 PM, Davyd McColl  wrote:
>
> >>
>
> >> >>
>
> >>
>
> >> >> Thanks Matt, I've updated the artifacts on GitHub to have detached
>
> >>
>
> >> >> signatures. I had previously also uploaded my key to
> sks-keyservers.net,
>
> >>
>
> >>
>
> >> >> but I've also uploaded to MIT, though search there always times out.
>
> >>
>
> >> >>
>
> >>
>
> >> >> The document you've linked mentions face-to-face interactions to get
> my
>
> >> key
>
> >>
>
> >> >> into the official KEYS file. Not sure how many apache people are at
> my
>
> >> end
>
> >>
>
> >> >> of the world (Durban, South Africa), but I can do an online meeting
> if
>
> >> that
>
> >>
>
> >> >> helps. Last release, Ralph said I should sign, so I did. I'm new to
>
> >> signing
>
> >>
>
> >> >> release artifacts - I've generally relied on authentication during
>
> >> upload
>
> >>
>
> >> >> as verification of authenticity, with 2FA wherever possible (GitHub
> and
>
> >>
>
> >> >> NPM; nuget survives with an apikey - but for the last 2 releases,
> I've
>
> >>
>
> >> >> regenerated the key on each use and only supplied it on the cli at
>
> >> upload,
>
> >>
>
> >> >> so as not to store it locally)
>
> >>
>
> >> >>
>
> >>
>
> >> >> -d
>
> >>
>
> >> >>
>
> >>
>
> >> >>
>
> >>
>
> >> >> On September 19, 2020 22:23:41 Matt Sicker  wrote:
>
> >>
>
> >> >>
>
> >>
>
> >> >>> Oh and there's a bit of an issue with the signed files: it looks
> like
>
> >>
>
> >> >>> you included _signed files_ rather than detached signatures. Thus,
> the
>
> >>
>
> >> >>> .asc files are only verifying themselves rather than the
> accompanying
>
> >>
>
> >> >>> file.
>
> >>
>
> >> >>>
>
> >>
>
> >> >>> There's a --detached option in gpg for this (yeah, it's always had a
>
> >> bad UI).
>
> >>
>
> >> >>>
>
> >>
>
> >> >>> On Sat, 19 Sep 2020 at 15:19, Matt Sicker  wrote:
>
> >>
>
> >> 
>
> >>
>
> >>  The KEYS file [1] that's linked on the download page does not have
>
> >>
>
> >>  your key in it. Neither does other KEYS file [2]. Check out [3] for
>
> >>
>
> >>  more info.
>
> >>
>
> >> 
>
> >>
>
> >>  [1]: https://downloads.apache.org/logging/log4net/KEYS
>
> >>
>
> >>  [2]: https://downloads.apache.org/logging/KEYS
>
> >>
>
> >>  [3]: https://infra.apache.org/release-signing.html#keys-policy
>
> >>
>
> >> 
>
> >>
>
> >> 
>
> >>
>
> >> 
>
> >>
>
> >>  On Sat, 19 Sep 2020 at 12:48, Davyd McColl 
> wrote:
>
> >>
>
> >>  >
>
> >>
>
> >>  > Thanks Matt, I've done so. Hopefully that makes it easier to
> verify
>
> >>
>
> >>  > artifacts that I have signed.
>
> >>
>
> >>  >
>
> >>
>
> >>  > 

Re: [VOTE] [log4net] Release 2.0.11

[Davyd McColl]

Any time 08h00 - 17h30 utc+2, except 13h00-14h00 (that's when I fetch my 
son from school)


-d


On September 20, 2020 18:44:19 Matt Sicker  wrote:


We’re not quite as strict as Debian for keys (though if you can find a
Debian group locally, they’re great for key signing). The video call idea
could work for exchanging keys. What times would you be available to do
that?

On Sun, Sep 20, 2020 at 03:09 Davyd McColl  wrote:


Hi Ralph



I think I miscommunicated: I'm not regenerating my signing key - just the

nuget API key for package upload. This forces me to log in in nuget.org

which has 2fa and then I only use that key on the cli for the immediate
upload.



My gpg key as at https://GitHub.com/fluffynuts.gpg is the same that I
used

last time.



-d





On September 20, 2020 09:01:36 Ralph Goers 
wrote:



> In the long run you don’t want to be regenerating your signing key for

> every release. The point is that you would upload the key to a central

> keystore and other people would sign it there. At ApacheCon we would
have a

> key signing “party” where we recorded each others keys and then would
take

> our list and update the central keystore. When people verify the key
they

> can look at the keystore and see that it is signed by a number of
people,

> who then have their keys by a number of people and so on so you are

> building a web of trust.  Sooner or later there will be someone in that
web

> that you personally know and trust.

>

> Ralph

>

>> On Sep 19, 2020, at 11:26 PM, Davyd McColl  wrote:

>>

>> Thanks Matt, I've updated the artifacts on GitHub to have detached

>> signatures. I had previously also uploaded my key to sks-keyservers.net,


>> but I've also uploaded to MIT, though search there always times out.

>>

>> The document you've linked mentions face-to-face interactions to get my
key

>> into the official KEYS file. Not sure how many apache people are at my
end

>> of the world (Durban, South Africa), but I can do an online meeting if
that

>> helps. Last release, Ralph said I should sign, so I did. I'm new to
signing

>> release artifacts - I've generally relied on authentication during
upload

>> as verification of authenticity, with 2FA wherever possible (GitHub and

>> NPM; nuget survives with an apikey - but for the last 2 releases, I've

>> regenerated the key on each use and only supplied it on the cli at
upload,

>> so as not to store it locally)

>>

>> -d

>>

>>

>> On September 19, 2020 22:23:41 Matt Sicker  wrote:

>>

>>> Oh and there's a bit of an issue with the signed files: it looks like

>>> you included _signed files_ rather than detached signatures. Thus, the

>>> .asc files are only verifying themselves rather than the accompanying

>>> file.

>>>

>>> There's a --detached option in gpg for this (yeah, it's always had a
bad UI).

>>>

>>> On Sat, 19 Sep 2020 at 15:19, Matt Sicker  wrote:



 The KEYS file [1] that's linked on the download page does not have

 your key in it. Neither does other KEYS file [2]. Check out [3] for

 more info.



 [1]: https://downloads.apache.org/logging/log4net/KEYS

 [2]: https://downloads.apache.org/logging/KEYS

 [3]: https://infra.apache.org/release-signing.html#keys-policy







 On Sat, 19 Sep 2020 at 12:48, Davyd McColl  wrote:

 >

 > Thanks Matt, I've done so. Hopefully that makes it easier to verify

 > artifacts that I have signed.

 >

 > -d

 >

 >

 > On September 18, 2020 23:11:48 Matt Sicker 
wrote:

 >

 > > If you upload your key to your GitHub profile, that also makes it

 > > simple to find. For example, just add ".gpg" to your profile URL:

 > > https://github.com/fluffynuts.gpg

 > >

 > > On Fri, 18 Sep 2020 at 16:08, Remko Popma 
wrote:

 > >>

 > >> +1 remko

 > >>

 > >> On Sat, Sep 19, 2020 at 5:56 AM Matt Sicker 
wrote:

 > >>

 > >> > How about your gpg key? I don't think we've imported that to
the KEYS

 > >> > file as far as I can tell?

 > >> >

 > >> > On Fri, 18 Sep 2020 at 15:53, Matt Sicker 
wrote:

 > >> > >

 > >> > > Oh sorry, I didn't notice that you uploaded them there
(wasn't even

 > >> > > aware that it was possible to be honest).

 > >> > >

 > >> > > On Fri, 18 Sep 2020 at 14:43, Davyd McColl 
wrote:

 > >> > > >

 > >> > > > Hi Matt

 > >> > > >

 > >> > > > Release artifacts are available on the GitHub release page

 > >> > > > (https://GitHub.com/Apache/logging-log4net/releases) -
expand the

 > >> > assets

 > >> > > > list if it's collapsed.

 > >> > > >

 > >> > > > I'll need someone to upload them to the downloads source
as I

 think I

 > >> > don't

 > >> > > > have access to do so (if I'm wrong, I'd love to be
corrected,

 because

 > >> > I'd

 > >> > > > be less of an annoyance then!). Ralph has stepped in to
help here in

 > >> > the past.

Re: [VOTE] [log4net] Release 2.0.11

[Matt Sicker]

We’re not quite as strict as Debian for keys (though if you can find a
Debian group locally, they’re great for key signing). The video call idea
could work for exchanging keys. What times would you be available to do
that?

On Sun, Sep 20, 2020 at 03:09 Davyd McColl  wrote:

> Hi Ralph
>
>
>
> I think I miscommunicated: I'm not regenerating my signing key - just the
>
> nuget API key for package upload. This forces me to log in in nuget.org
>
> which has 2fa and then I only use that key on the cli for the immediate
> upload.
>
>
>
> My gpg key as at https://GitHub.com/fluffynuts.gpg is the same that I
> used
>
> last time.
>
>
>
> -d
>
>
>
>
>
> On September 20, 2020 09:01:36 Ralph Goers 
> wrote:
>
>
>
> > In the long run you don’t want to be regenerating your signing key for
>
> > every release. The point is that you would upload the key to a central
>
> > keystore and other people would sign it there. At ApacheCon we would
> have a
>
> > key signing “party” where we recorded each others keys and then would
> take
>
> > our list and update the central keystore. When people verify the key
> they
>
> > can look at the keystore and see that it is signed by a number of
> people,
>
> > who then have their keys by a number of people and so on so you are
>
> > building a web of trust.  Sooner or later there will be someone in that
> web
>
> > that you personally know and trust.
>
> >
>
> > Ralph
>
> >
>
> >> On Sep 19, 2020, at 11:26 PM, Davyd McColl  wrote:
>
> >>
>
> >> Thanks Matt, I've updated the artifacts on GitHub to have detached
>
> >> signatures. I had previously also uploaded my key to sks-keyservers.net,
>
>
> >> but I've also uploaded to MIT, though search there always times out.
>
> >>
>
> >> The document you've linked mentions face-to-face interactions to get my
> key
>
> >> into the official KEYS file. Not sure how many apache people are at my
> end
>
> >> of the world (Durban, South Africa), but I can do an online meeting if
> that
>
> >> helps. Last release, Ralph said I should sign, so I did. I'm new to
> signing
>
> >> release artifacts - I've generally relied on authentication during
> upload
>
> >> as verification of authenticity, with 2FA wherever possible (GitHub and
>
> >> NPM; nuget survives with an apikey - but for the last 2 releases, I've
>
> >> regenerated the key on each use and only supplied it on the cli at
> upload,
>
> >> so as not to store it locally)
>
> >>
>
> >> -d
>
> >>
>
> >>
>
> >> On September 19, 2020 22:23:41 Matt Sicker  wrote:
>
> >>
>
> >>> Oh and there's a bit of an issue with the signed files: it looks like
>
> >>> you included _signed files_ rather than detached signatures. Thus, the
>
> >>> .asc files are only verifying themselves rather than the accompanying
>
> >>> file.
>
> >>>
>
> >>> There's a --detached option in gpg for this (yeah, it's always had a
> bad UI).
>
> >>>
>
> >>> On Sat, 19 Sep 2020 at 15:19, Matt Sicker  wrote:
>
> 
>
>  The KEYS file [1] that's linked on the download page does not have
>
>  your key in it. Neither does other KEYS file [2]. Check out [3] for
>
>  more info.
>
> 
>
>  [1]: https://downloads.apache.org/logging/log4net/KEYS
>
>  [2]: https://downloads.apache.org/logging/KEYS
>
>  [3]: https://infra.apache.org/release-signing.html#keys-policy
>
> 
>
> 
>
> 
>
>  On Sat, 19 Sep 2020 at 12:48, Davyd McColl  wrote:
>
>  >
>
>  > Thanks Matt, I've done so. Hopefully that makes it easier to verify
>
>  > artifacts that I have signed.
>
>  >
>
>  > -d
>
>  >
>
>  >
>
>  > On September 18, 2020 23:11:48 Matt Sicker 
> wrote:
>
>  >
>
>  > > If you upload your key to your GitHub profile, that also makes it
>
>  > > simple to find. For example, just add ".gpg" to your profile URL:
>
>  > > https://github.com/fluffynuts.gpg
>
>  > >
>
>  > > On Fri, 18 Sep 2020 at 16:08, Remko Popma 
> wrote:
>
>  > >>
>
>  > >> +1 remko
>
>  > >>
>
>  > >> On Sat, Sep 19, 2020 at 5:56 AM Matt Sicker 
> wrote:
>
>  > >>
>
>  > >> > How about your gpg key? I don't think we've imported that to
> the KEYS
>
>  > >> > file as far as I can tell?
>
>  > >> >
>
>  > >> > On Fri, 18 Sep 2020 at 15:53, Matt Sicker 
> wrote:
>
>  > >> > >
>
>  > >> > > Oh sorry, I didn't notice that you uploaded them there
> (wasn't even
>
>  > >> > > aware that it was possible to be honest).
>
>  > >> > >
>
>  > >> > > On Fri, 18 Sep 2020 at 14:43, Davyd McColl 
> wrote:
>
>  > >> > > >
>
>  > >> > > > Hi Matt
>
>  > >> > > >
>
>  > >> > > > Release artifacts are available on the GitHub release page
>
>  > >> > > > (https://GitHub.com/Apache/logging-log4net/releases) -
> expand the
>
>  > >> > assets
>
>  > >> > > > list if it's collapsed.
>
>  > >> > > >
>
>  > >> > > > I'll need someone to upload them to the downloads source
> as I
>
>  think I
>
>  > >> > don't
>
>  > 

Re: [VOTE] [log4net] Release 2.0.11

[Davyd McColl]

Hi Ralph

I think I miscommunicated: I'm not regenerating my signing key - just the 
nuget API key for package upload. This forces me to log in in nuget.org 
which has 2fa and then I only use that key on the cli for the immediate upload.


My gpg key as at https://GitHub.com/fluffynuts.gpg is the same that I used 
last time.


-d


On September 20, 2020 09:01:36 Ralph Goers  wrote:

In the long run you don’t want to be regenerating your signing key for 
every release. The point is that you would upload the key to a central 
keystore and other people would sign it there. At ApacheCon we would have a 
key signing “party” where we recorded each others keys and then would take 
our list and update the central keystore. When people verify the key they 
can look at the keystore and see that it is signed by a number of people, 
who then have their keys by a number of people and so on so you are 
building a web of trust.  Sooner or later there will be someone in that web 
that you personally know and trust.


Ralph


On Sep 19, 2020, at 11:26 PM, Davyd McColl  wrote:

Thanks Matt, I've updated the artifacts on GitHub to have detached 
signatures. I had previously also uploaded my key to sks-keyservers.net, 
but I've also uploaded to MIT, though search there always times out.


The document you've linked mentions face-to-face interactions to get my key 
into the official KEYS file. Not sure how many apache people are at my end 
of the world (Durban, South Africa), but I can do an online meeting if that 
helps. Last release, Ralph said I should sign, so I did. I'm new to signing 
release artifacts - I've generally relied on authentication during upload 
as verification of authenticity, with 2FA wherever possible (GitHub and 
NPM; nuget survives with an apikey - but for the last 2 releases, I've 
regenerated the key on each use and only supplied it on the cli at upload, 
so as not to store it locally)


-d


On September 19, 2020 22:23:41 Matt Sicker  wrote:


Oh and there's a bit of an issue with the signed files: it looks like
you included _signed files_ rather than detached signatures. Thus, the
.asc files are only verifying themselves rather than the accompanying
file.

There's a --detached option in gpg for this (yeah, it's always had a bad UI).

On Sat, 19 Sep 2020 at 15:19, Matt Sicker  wrote:


The KEYS file [1] that's linked on the download page does not have
your key in it. Neither does other KEYS file [2]. Check out [3] for
more info.

[1]: https://downloads.apache.org/logging/log4net/KEYS
[2]: https://downloads.apache.org/logging/KEYS
[3]: https://infra.apache.org/release-signing.html#keys-policy



On Sat, 19 Sep 2020 at 12:48, Davyd McColl  wrote:
>
> Thanks Matt, I've done so. Hopefully that makes it easier to verify
> artifacts that I have signed.
>
> -d
>
>
> On September 18, 2020 23:11:48 Matt Sicker  wrote:
>
> > If you upload your key to your GitHub profile, that also makes it
> > simple to find. For example, just add ".gpg" to your profile URL:
> > https://github.com/fluffynuts.gpg
> >
> > On Fri, 18 Sep 2020 at 16:08, Remko Popma  wrote:
> >>
> >> +1 remko
> >>
> >> On Sat, Sep 19, 2020 at 5:56 AM Matt Sicker  wrote:
> >>
> >> > How about your gpg key? I don't think we've imported that to the KEYS
> >> > file as far as I can tell?
> >> >
> >> > On Fri, 18 Sep 2020 at 15:53, Matt Sicker  wrote:
> >> > >
> >> > > Oh sorry, I didn't notice that you uploaded them there (wasn't even
> >> > > aware that it was possible to be honest).
> >> > >
> >> > > On Fri, 18 Sep 2020 at 14:43, Davyd McColl  wrote:
> >> > > >
> >> > > > Hi Matt
> >> > > >
> >> > > > Release artifacts are available on the GitHub release page
> >> > > > (https://GitHub.com/Apache/logging-log4net/releases) - expand the
> >> > assets
> >> > > > list if it's collapsed.
> >> > > >
> >> > > > I'll need someone to upload them to the downloads source as I 
think I

> >> > don't
> >> > > > have access to do so (if I'm wrong, I'd love to be corrected, 
because

> >> > I'd
> >> > > > be less of an annoyance then!). Ralph has stepped in to help here in
> >> > the past.
> >> > > >
> >> > > > -d
> >> > > >
> >> > > >
> >> > > > On September 18, 2020 20:09:07 Matt Sicker  wrote:
> >> > > >
> >> > > > > Do you have links to the release artifacts? The download page 
links

> >> > to
> >> > > > > the live site which doesn't have the artifacts yet since 
they're not

> >> > > > > released yet. :)
> >> > > > >
> >> > > > > On Fri, 18 Sep 2020 at 09:05, Davyd McColl 


> >> > wrote:
> >> > > > >>
> >> > > > >> Hi all
> >> > > > >>
> >> > > > >> I have another potential release available: 2.0.11, tagged as
> >> > rc/2.0.11
> >> > > > >>
> >> > > > >> Changes are really minor:
> >> > > > >> - fixed assembly versioning (all assemblies should report 
2.0.11.0

> >> > as their
> >> > > > >> version now)
> >> > > > >> - properly dispose of StreamWriters within logging appenders
> >> > (thanks to
> >> > > > >> @NicholasNoise)
> >> > > > >>
> >> > > > >> 

Re: [VOTE] [log4net] Release 2.0.11

[Ralph Goers]

In the long run you don’t want to be regenerating your signing key for every 
release. The point is that you would upload the key to a central keystore and 
other people would sign it there. At ApacheCon we would have a key signing 
“party” where we recorded each others keys and then would take our list and 
update the central keystore. When people verify the key they can look at the 
keystore and see that it is signed by a number of people, who then have their 
keys by a number of people and so on so you are building a web of trust.  
Sooner or later there will be someone in that web that you personally know and 
trust.

Ralph

> On Sep 19, 2020, at 11:26 PM, Davyd McColl  wrote:
> 
> Thanks Matt, I've updated the artifacts on GitHub to have detached 
> signatures. I had previously also uploaded my key to sks-keyservers.net, but 
> I've also uploaded to MIT, though search there always times out.
> 
> The document you've linked mentions face-to-face interactions to get my key 
> into the official KEYS file. Not sure how many apache people are at my end of 
> the world (Durban, South Africa), but I can do an online meeting if that 
> helps. Last release, Ralph said I should sign, so I did. I'm new to signing 
> release artifacts - I've generally relied on authentication during upload as 
> verification of authenticity, with 2FA wherever possible (GitHub and NPM; 
> nuget survives with an apikey - but for the last 2 releases, I've regenerated 
> the key on each use and only supplied it on the cli at upload, so as not to 
> store it locally)
> 
> -d
> 
> 
> On September 19, 2020 22:23:41 Matt Sicker  wrote:
> 
>> Oh and there's a bit of an issue with the signed files: it looks like
>> you included _signed files_ rather than detached signatures. Thus, the
>> .asc files are only verifying themselves rather than the accompanying
>> file.
>> 
>> There's a --detached option in gpg for this (yeah, it's always had a bad UI).
>> 
>> On Sat, 19 Sep 2020 at 15:19, Matt Sicker  wrote:
>>> 
>>> The KEYS file [1] that's linked on the download page does not have
>>> your key in it. Neither does other KEYS file [2]. Check out [3] for
>>> more info.
>>> 
>>> [1]: https://downloads.apache.org/logging/log4net/KEYS
>>> [2]: https://downloads.apache.org/logging/KEYS
>>> [3]: https://infra.apache.org/release-signing.html#keys-policy
>>> 
>>> 
>>> 
>>> On Sat, 19 Sep 2020 at 12:48, Davyd McColl  wrote:
>>> >
>>> > Thanks Matt, I've done so. Hopefully that makes it easier to verify
>>> > artifacts that I have signed.
>>> >
>>> > -d
>>> >
>>> >
>>> > On September 18, 2020 23:11:48 Matt Sicker  wrote:
>>> >
>>> > > If you upload your key to your GitHub profile, that also makes it
>>> > > simple to find. For example, just add ".gpg" to your profile URL:
>>> > > https://github.com/fluffynuts.gpg
>>> > >
>>> > > On Fri, 18 Sep 2020 at 16:08, Remko Popma  wrote:
>>> > >>
>>> > >> +1 remko
>>> > >>
>>> > >> On Sat, Sep 19, 2020 at 5:56 AM Matt Sicker  wrote:
>>> > >>
>>> > >> > How about your gpg key? I don't think we've imported that to the KEYS
>>> > >> > file as far as I can tell?
>>> > >> >
>>> > >> > On Fri, 18 Sep 2020 at 15:53, Matt Sicker  wrote:
>>> > >> > >
>>> > >> > > Oh sorry, I didn't notice that you uploaded them there (wasn't even
>>> > >> > > aware that it was possible to be honest).
>>> > >> > >
>>> > >> > > On Fri, 18 Sep 2020 at 14:43, Davyd McColl  
>>> > >> > > wrote:
>>> > >> > > >
>>> > >> > > > Hi Matt
>>> > >> > > >
>>> > >> > > > Release artifacts are available on the GitHub release page
>>> > >> > > > (https://GitHub.com/Apache/logging-log4net/releases) - expand the
>>> > >> > assets
>>> > >> > > > list if it's collapsed.
>>> > >> > > >
>>> > >> > > > I'll need someone to upload them to the downloads source as I 
>>> > >> > > > think I
>>> > >> > don't
>>> > >> > > > have access to do so (if I'm wrong, I'd love to be corrected, 
>>> > >> > > > because
>>> > >> > I'd
>>> > >> > > > be less of an annoyance then!). Ralph has stepped in to help 
>>> > >> > > > here in
>>> > >> > the past.
>>> > >> > > >
>>> > >> > > > -d
>>> > >> > > >
>>> > >> > > >
>>> > >> > > > On September 18, 2020 20:09:07 Matt Sicker  
>>> > >> > > > wrote:
>>> > >> > > >
>>> > >> > > > > Do you have links to the release artifacts? The download page 
>>> > >> > > > > links
>>> > >> > to
>>> > >> > > > > the live site which doesn't have the artifacts yet since 
>>> > >> > > > > they're not
>>> > >> > > > > released yet. :)
>>> > >> > > > >
>>> > >> > > > > On Fri, 18 Sep 2020 at 09:05, Davyd McColl 
>>> > >> > > > > 
>>> > >> > wrote:
>>> > >> > > > >>
>>> > >> > > > >> Hi all
>>> > >> > > > >>
>>> > >> > > > >> I have another potential release available: 2.0.11, tagged as
>>> > >> > rc/2.0.11
>>> > >> > > > >>
>>> > >> > > > >> Changes are really minor:
>>> > >> > > > >> - fixed assembly versioning (all assemblies should report 
>>> > >> > > > >> 2.0.11.0
>>> > >> > as their
>>> > >> > > > >> version now)
>>> > >> > > > >> - properly 

Re: [VOTE] [log4net] Release 2.0.11

[Davyd McColl]

Thanks Matt, I've updated the artifacts on GitHub to have detached 
signatures. I had previously also uploaded my key to sks-keyservers.net, 
but I've also uploaded to MIT, though search there always times out.


The document you've linked mentions face-to-face interactions to get my key 
into the official KEYS file. Not sure how many apache people are at my end 
of the world (Durban, South Africa), but I can do an online meeting if that 
helps. Last release, Ralph said I should sign, so I did. I'm new to signing 
release artifacts - I've generally relied on authentication during upload 
as verification of authenticity, with 2FA wherever possible (GitHub and 
NPM; nuget survives with an apikey - but for the last 2 releases, I've 
regenerated the key on each use and only supplied it on the cli at upload, 
so as not to store it locally)


-d


On September 19, 2020 22:23:41 Matt Sicker  wrote:


Oh and there's a bit of an issue with the signed files: it looks like
you included _signed files_ rather than detached signatures. Thus, the
.asc files are only verifying themselves rather than the accompanying
file.

There's a --detached option in gpg for this (yeah, it's always had a bad UI).

On Sat, 19 Sep 2020 at 15:19, Matt Sicker  wrote:


The KEYS file [1] that's linked on the download page does not have
your key in it. Neither does other KEYS file [2]. Check out [3] for
more info.

[1]: https://downloads.apache.org/logging/log4net/KEYS
[2]: https://downloads.apache.org/logging/KEYS
[3]: https://infra.apache.org/release-signing.html#keys-policy



On Sat, 19 Sep 2020 at 12:48, Davyd McColl  wrote:
>
> Thanks Matt, I've done so. Hopefully that makes it easier to verify
> artifacts that I have signed.
>
> -d
>
>
> On September 18, 2020 23:11:48 Matt Sicker  wrote:
>
> > If you upload your key to your GitHub profile, that also makes it
> > simple to find. For example, just add ".gpg" to your profile URL:
> > https://github.com/fluffynuts.gpg
> >
> > On Fri, 18 Sep 2020 at 16:08, Remko Popma  wrote:
> >>
> >> +1 remko
> >>
> >> On Sat, Sep 19, 2020 at 5:56 AM Matt Sicker  wrote:
> >>
> >> > How about your gpg key? I don't think we've imported that to the KEYS
> >> > file as far as I can tell?
> >> >
> >> > On Fri, 18 Sep 2020 at 15:53, Matt Sicker  wrote:
> >> > >
> >> > > Oh sorry, I didn't notice that you uploaded them there (wasn't even
> >> > > aware that it was possible to be honest).
> >> > >
> >> > > On Fri, 18 Sep 2020 at 14:43, Davyd McColl  wrote:
> >> > > >
> >> > > > Hi Matt
> >> > > >
> >> > > > Release artifacts are available on the GitHub release page
> >> > > > (https://GitHub.com/Apache/logging-log4net/releases) - expand the
> >> > assets
> >> > > > list if it's collapsed.
> >> > > >
> >> > > > I'll need someone to upload them to the downloads source as I 
think I

> >> > don't
> >> > > > have access to do so (if I'm wrong, I'd love to be corrected, 
because

> >> > I'd
> >> > > > be less of an annoyance then!). Ralph has stepped in to help here in
> >> > the past.
> >> > > >
> >> > > > -d
> >> > > >
> >> > > >
> >> > > > On September 18, 2020 20:09:07 Matt Sicker  wrote:
> >> > > >
> >> > > > > Do you have links to the release artifacts? The download page 
links

> >> > to
> >> > > > > the live site which doesn't have the artifacts yet since 
they're not

> >> > > > > released yet. :)
> >> > > > >
> >> > > > > On Fri, 18 Sep 2020 at 09:05, Davyd McColl 


> >> > wrote:
> >> > > > >>
> >> > > > >> Hi all
> >> > > > >>
> >> > > > >> I have another potential release available: 2.0.11, tagged as
> >> > rc/2.0.11
> >> > > > >>
> >> > > > >> Changes are really minor:
> >> > > > >> - fixed assembly versioning (all assemblies should report 
2.0.11.0

> >> > as their
> >> > > > >> version now)
> >> > > > >> - properly dispose of StreamWriters within logging appenders
> >> > (thanks to
> >> > > > >> @NicholasNoise)
> >> > > > >>
> >> > > > >> Binaries are up at
> >> > > > >> 
https://github.com/apache/logging-log4net/releases/tag/rc%2F2.0.11

> >> > and I've
> >> > > > >> pushed to asf-staging for logging, now up at
> >> > > > >> https://logging.staged.apache.org/log4net/download_log4net.html
> >> > > > >>
> >> > > > >> Thanks
> >> > > > >> -d
> >> > > > >
> >> > > > >
> >> > > > >
> >> > > > > --
> >> > > > > Matt Sicker 
> >> > >
> >> > >
> >> > >
> >> > > --
> >> > > Matt Sicker 
> >> >
> >> >
> >> >
> >> > --
> >> > Matt Sicker 
> >> >
> >
> >
> >
> > --
> > Matt Sicker 



--
Matt Sicker 




--
Matt Sicker 

Re: [VOTE] [log4net] Release 2.0.11

[Matt Sicker]

Oh and there's a bit of an issue with the signed files: it looks like
you included _signed files_ rather than detached signatures. Thus, the
.asc files are only verifying themselves rather than the accompanying
file.

There's a --detached option in gpg for this (yeah, it's always had a bad UI).

On Sat, 19 Sep 2020 at 15:19, Matt Sicker  wrote:
>
> The KEYS file [1] that's linked on the download page does not have
> your key in it. Neither does other KEYS file [2]. Check out [3] for
> more info.
>
> [1]: https://downloads.apache.org/logging/log4net/KEYS
> [2]: https://downloads.apache.org/logging/KEYS
> [3]: https://infra.apache.org/release-signing.html#keys-policy
>
>
>
> On Sat, 19 Sep 2020 at 12:48, Davyd McColl  wrote:
> >
> > Thanks Matt, I've done so. Hopefully that makes it easier to verify
> > artifacts that I have signed.
> >
> > -d
> >
> >
> > On September 18, 2020 23:11:48 Matt Sicker  wrote:
> >
> > > If you upload your key to your GitHub profile, that also makes it
> > > simple to find. For example, just add ".gpg" to your profile URL:
> > > https://github.com/fluffynuts.gpg
> > >
> > > On Fri, 18 Sep 2020 at 16:08, Remko Popma  wrote:
> > >>
> > >> +1 remko
> > >>
> > >> On Sat, Sep 19, 2020 at 5:56 AM Matt Sicker  wrote:
> > >>
> > >> > How about your gpg key? I don't think we've imported that to the KEYS
> > >> > file as far as I can tell?
> > >> >
> > >> > On Fri, 18 Sep 2020 at 15:53, Matt Sicker  wrote:
> > >> > >
> > >> > > Oh sorry, I didn't notice that you uploaded them there (wasn't even
> > >> > > aware that it was possible to be honest).
> > >> > >
> > >> > > On Fri, 18 Sep 2020 at 14:43, Davyd McColl  wrote:
> > >> > > >
> > >> > > > Hi Matt
> > >> > > >
> > >> > > > Release artifacts are available on the GitHub release page
> > >> > > > (https://GitHub.com/Apache/logging-log4net/releases) - expand the
> > >> > assets
> > >> > > > list if it's collapsed.
> > >> > > >
> > >> > > > I'll need someone to upload them to the downloads source as I 
> > >> > > > think I
> > >> > don't
> > >> > > > have access to do so (if I'm wrong, I'd love to be corrected, 
> > >> > > > because
> > >> > I'd
> > >> > > > be less of an annoyance then!). Ralph has stepped in to help here 
> > >> > > > in
> > >> > the past.
> > >> > > >
> > >> > > > -d
> > >> > > >
> > >> > > >
> > >> > > > On September 18, 2020 20:09:07 Matt Sicker  
> > >> > > > wrote:
> > >> > > >
> > >> > > > > Do you have links to the release artifacts? The download page 
> > >> > > > > links
> > >> > to
> > >> > > > > the live site which doesn't have the artifacts yet since they're 
> > >> > > > > not
> > >> > > > > released yet. :)
> > >> > > > >
> > >> > > > > On Fri, 18 Sep 2020 at 09:05, Davyd McColl 
> > >> > > > > 
> > >> > wrote:
> > >> > > > >>
> > >> > > > >> Hi all
> > >> > > > >>
> > >> > > > >> I have another potential release available: 2.0.11, tagged as
> > >> > rc/2.0.11
> > >> > > > >>
> > >> > > > >> Changes are really minor:
> > >> > > > >> - fixed assembly versioning (all assemblies should report 
> > >> > > > >> 2.0.11.0
> > >> > as their
> > >> > > > >> version now)
> > >> > > > >> - properly dispose of StreamWriters within logging appenders
> > >> > (thanks to
> > >> > > > >> @NicholasNoise)
> > >> > > > >>
> > >> > > > >> Binaries are up at
> > >> > > > >> https://github.com/apache/logging-log4net/releases/tag/rc%2F2.0.11
> > >> > and I've
> > >> > > > >> pushed to asf-staging for logging, now up at
> > >> > > > >> https://logging.staged.apache.org/log4net/download_log4net.html
> > >> > > > >>
> > >> > > > >> Thanks
> > >> > > > >> -d
> > >> > > > >
> > >> > > > >
> > >> > > > >
> > >> > > > > --
> > >> > > > > Matt Sicker 
> > >> > >
> > >> > >
> > >> > >
> > >> > > --
> > >> > > Matt Sicker 
> > >> >
> > >> >
> > >> >
> > >> > --
> > >> > Matt Sicker 
> > >> >
> > >
> > >
> > >
> > > --
> > > Matt Sicker 
>
>
>
> --
> Matt Sicker 



-- 
Matt Sicker 

Re: [VOTE] [log4net] Release 2.0.11

[Matt Sicker]

The KEYS file [1] that's linked on the download page does not have
your key in it. Neither does other KEYS file [2]. Check out [3] for
more info.

[1]: https://downloads.apache.org/logging/log4net/KEYS
[2]: https://downloads.apache.org/logging/KEYS
[3]: https://infra.apache.org/release-signing.html#keys-policy



On Sat, 19 Sep 2020 at 12:48, Davyd McColl  wrote:
>
> Thanks Matt, I've done so. Hopefully that makes it easier to verify
> artifacts that I have signed.
>
> -d
>
>
> On September 18, 2020 23:11:48 Matt Sicker  wrote:
>
> > If you upload your key to your GitHub profile, that also makes it
> > simple to find. For example, just add ".gpg" to your profile URL:
> > https://github.com/fluffynuts.gpg
> >
> > On Fri, 18 Sep 2020 at 16:08, Remko Popma  wrote:
> >>
> >> +1 remko
> >>
> >> On Sat, Sep 19, 2020 at 5:56 AM Matt Sicker  wrote:
> >>
> >> > How about your gpg key? I don't think we've imported that to the KEYS
> >> > file as far as I can tell?
> >> >
> >> > On Fri, 18 Sep 2020 at 15:53, Matt Sicker  wrote:
> >> > >
> >> > > Oh sorry, I didn't notice that you uploaded them there (wasn't even
> >> > > aware that it was possible to be honest).
> >> > >
> >> > > On Fri, 18 Sep 2020 at 14:43, Davyd McColl  wrote:
> >> > > >
> >> > > > Hi Matt
> >> > > >
> >> > > > Release artifacts are available on the GitHub release page
> >> > > > (https://GitHub.com/Apache/logging-log4net/releases) - expand the
> >> > assets
> >> > > > list if it's collapsed.
> >> > > >
> >> > > > I'll need someone to upload them to the downloads source as I think I
> >> > don't
> >> > > > have access to do so (if I'm wrong, I'd love to be corrected, because
> >> > I'd
> >> > > > be less of an annoyance then!). Ralph has stepped in to help here in
> >> > the past.
> >> > > >
> >> > > > -d
> >> > > >
> >> > > >
> >> > > > On September 18, 2020 20:09:07 Matt Sicker  wrote:
> >> > > >
> >> > > > > Do you have links to the release artifacts? The download page links
> >> > to
> >> > > > > the live site which doesn't have the artifacts yet since they're 
> >> > > > > not
> >> > > > > released yet. :)
> >> > > > >
> >> > > > > On Fri, 18 Sep 2020 at 09:05, Davyd McColl 
> >> > > > > 
> >> > wrote:
> >> > > > >>
> >> > > > >> Hi all
> >> > > > >>
> >> > > > >> I have another potential release available: 2.0.11, tagged as
> >> > rc/2.0.11
> >> > > > >>
> >> > > > >> Changes are really minor:
> >> > > > >> - fixed assembly versioning (all assemblies should report 2.0.11.0
> >> > as their
> >> > > > >> version now)
> >> > > > >> - properly dispose of StreamWriters within logging appenders
> >> > (thanks to
> >> > > > >> @NicholasNoise)
> >> > > > >>
> >> > > > >> Binaries are up at
> >> > > > >> https://github.com/apache/logging-log4net/releases/tag/rc%2F2.0.11
> >> > and I've
> >> > > > >> pushed to asf-staging for logging, now up at
> >> > > > >> https://logging.staged.apache.org/log4net/download_log4net.html
> >> > > > >>
> >> > > > >> Thanks
> >> > > > >> -d
> >> > > > >
> >> > > > >
> >> > > > >
> >> > > > > --
> >> > > > > Matt Sicker 
> >> > >
> >> > >
> >> > >
> >> > > --
> >> > > Matt Sicker 
> >> >
> >> >
> >> >
> >> > --
> >> > Matt Sicker 
> >> >
> >
> >
> >
> > --
> > Matt Sicker 



--
Matt Sicker 

Re: [VOTE] [log4net] Release 2.0.11

[Davyd McColl]

Thanks Matt, I've done so. Hopefully that makes it easier to verify 
artifacts that I have signed.


-d


On September 18, 2020 23:11:48 Matt Sicker  wrote:


If you upload your key to your GitHub profile, that also makes it
simple to find. For example, just add ".gpg" to your profile URL:
https://github.com/fluffynuts.gpg

On Fri, 18 Sep 2020 at 16:08, Remko Popma  wrote:


+1 remko

On Sat, Sep 19, 2020 at 5:56 AM Matt Sicker  wrote:

> How about your gpg key? I don't think we've imported that to the KEYS
> file as far as I can tell?
>
> On Fri, 18 Sep 2020 at 15:53, Matt Sicker  wrote:
> >
> > Oh sorry, I didn't notice that you uploaded them there (wasn't even
> > aware that it was possible to be honest).
> >
> > On Fri, 18 Sep 2020 at 14:43, Davyd McColl  wrote:
> > >
> > > Hi Matt
> > >
> > > Release artifacts are available on the GitHub release page
> > > (https://GitHub.com/Apache/logging-log4net/releases) - expand the
> assets
> > > list if it's collapsed.
> > >
> > > I'll need someone to upload them to the downloads source as I think I
> don't
> > > have access to do so (if I'm wrong, I'd love to be corrected, because
> I'd
> > > be less of an annoyance then!). Ralph has stepped in to help here in
> the past.
> > >
> > > -d
> > >
> > >
> > > On September 18, 2020 20:09:07 Matt Sicker  wrote:
> > >
> > > > Do you have links to the release artifacts? The download page links
> to
> > > > the live site which doesn't have the artifacts yet since they're not
> > > > released yet. :)
> > > >
> > > > On Fri, 18 Sep 2020 at 09:05, Davyd McColl 
> wrote:
> > > >>
> > > >> Hi all
> > > >>
> > > >> I have another potential release available: 2.0.11, tagged as
> rc/2.0.11
> > > >>
> > > >> Changes are really minor:
> > > >> - fixed assembly versioning (all assemblies should report 2.0.11.0
> as their
> > > >> version now)
> > > >> - properly dispose of StreamWriters within logging appenders
> (thanks to
> > > >> @NicholasNoise)
> > > >>
> > > >> Binaries are up at
> > > >> https://github.com/apache/logging-log4net/releases/tag/rc%2F2.0.11
> and I've
> > > >> pushed to asf-staging for logging, now up at
> > > >> https://logging.staged.apache.org/log4net/download_log4net.html
> > > >>
> > > >> Thanks
> > > >> -d
> > > >
> > > >
> > > >
> > > > --
> > > > Matt Sicker 
> >
> >
> >
> > --
> > Matt Sicker 
>
>
>
> --
> Matt Sicker 
>




--
Matt Sicker 

Re: [VOTE] [log4net] Release 2.0.11

[Davyd McColl]

Hi Matt

Ralph mentioned last time that my key had been incorporated and that I 
should sign myself (which I did), but I like the idea of making it easily 
available at GitHub too. I'll do that when I get a moment.


-d


On September 18, 2020 23:11:48 Matt Sicker  wrote:


If you upload your key to your GitHub profile, that also makes it
simple to find. For example, just add ".gpg" to your profile URL:
https://github.com/fluffynuts.gpg

On Fri, 18 Sep 2020 at 16:08, Remko Popma  wrote:


+1 remko

On Sat, Sep 19, 2020 at 5:56 AM Matt Sicker  wrote:

> How about your gpg key? I don't think we've imported that to the KEYS
> file as far as I can tell?
>
> On Fri, 18 Sep 2020 at 15:53, Matt Sicker  wrote:
> >
> > Oh sorry, I didn't notice that you uploaded them there (wasn't even
> > aware that it was possible to be honest).
> >
> > On Fri, 18 Sep 2020 at 14:43, Davyd McColl  wrote:
> > >
> > > Hi Matt
> > >
> > > Release artifacts are available on the GitHub release page
> > > (https://GitHub.com/Apache/logging-log4net/releases) - expand the
> assets
> > > list if it's collapsed.
> > >
> > > I'll need someone to upload them to the downloads source as I think I
> don't
> > > have access to do so (if I'm wrong, I'd love to be corrected, because
> I'd
> > > be less of an annoyance then!). Ralph has stepped in to help here in
> the past.
> > >
> > > -d
> > >
> > >
> > > On September 18, 2020 20:09:07 Matt Sicker  wrote:
> > >
> > > > Do you have links to the release artifacts? The download page links
> to
> > > > the live site which doesn't have the artifacts yet since they're not
> > > > released yet. :)
> > > >
> > > > On Fri, 18 Sep 2020 at 09:05, Davyd McColl 
> wrote:
> > > >>
> > > >> Hi all
> > > >>
> > > >> I have another potential release available: 2.0.11, tagged as
> rc/2.0.11
> > > >>
> > > >> Changes are really minor:
> > > >> - fixed assembly versioning (all assemblies should report 2.0.11.0
> as their
> > > >> version now)
> > > >> - properly dispose of StreamWriters within logging appenders
> (thanks to
> > > >> @NicholasNoise)
> > > >>
> > > >> Binaries are up at
> > > >> https://github.com/apache/logging-log4net/releases/tag/rc%2F2.0.11
> and I've
> > > >> pushed to asf-staging for logging, now up at
> > > >> https://logging.staged.apache.org/log4net/download_log4net.html
> > > >>
> > > >> Thanks
> > > >> -d
> > > >
> > > >
> > > >
> > > > --
> > > > Matt Sicker 
> >
> >
> >
> > --
> > Matt Sicker 
>
>
>
> --
> Matt Sicker 
>




--
Matt Sicker 

Re: [VOTE] [log4net] Release 2.0.11

[Matt Sicker]

If you upload your key to your GitHub profile, that also makes it
simple to find. For example, just add ".gpg" to your profile URL:
https://github.com/fluffynuts.gpg

On Fri, 18 Sep 2020 at 16:08, Remko Popma  wrote:
>
> +1 remko
>
> On Sat, Sep 19, 2020 at 5:56 AM Matt Sicker  wrote:
>
> > How about your gpg key? I don't think we've imported that to the KEYS
> > file as far as I can tell?
> >
> > On Fri, 18 Sep 2020 at 15:53, Matt Sicker  wrote:
> > >
> > > Oh sorry, I didn't notice that you uploaded them there (wasn't even
> > > aware that it was possible to be honest).
> > >
> > > On Fri, 18 Sep 2020 at 14:43, Davyd McColl  wrote:
> > > >
> > > > Hi Matt
> > > >
> > > > Release artifacts are available on the GitHub release page
> > > > (https://GitHub.com/Apache/logging-log4net/releases) - expand the
> > assets
> > > > list if it's collapsed.
> > > >
> > > > I'll need someone to upload them to the downloads source as I think I
> > don't
> > > > have access to do so (if I'm wrong, I'd love to be corrected, because
> > I'd
> > > > be less of an annoyance then!). Ralph has stepped in to help here in
> > the past.
> > > >
> > > > -d
> > > >
> > > >
> > > > On September 18, 2020 20:09:07 Matt Sicker  wrote:
> > > >
> > > > > Do you have links to the release artifacts? The download page links
> > to
> > > > > the live site which doesn't have the artifacts yet since they're not
> > > > > released yet. :)
> > > > >
> > > > > On Fri, 18 Sep 2020 at 09:05, Davyd McColl 
> > wrote:
> > > > >>
> > > > >> Hi all
> > > > >>
> > > > >> I have another potential release available: 2.0.11, tagged as
> > rc/2.0.11
> > > > >>
> > > > >> Changes are really minor:
> > > > >> - fixed assembly versioning (all assemblies should report 2.0.11.0
> > as their
> > > > >> version now)
> > > > >> - properly dispose of StreamWriters within logging appenders
> > (thanks to
> > > > >> @NicholasNoise)
> > > > >>
> > > > >> Binaries are up at
> > > > >> https://github.com/apache/logging-log4net/releases/tag/rc%2F2.0.11
> > and I've
> > > > >> pushed to asf-staging for logging, now up at
> > > > >> https://logging.staged.apache.org/log4net/download_log4net.html
> > > > >>
> > > > >> Thanks
> > > > >> -d
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > > Matt Sicker 
> > >
> > >
> > >
> > > --
> > > Matt Sicker 
> >
> >
> >
> > --
> > Matt Sicker 
> >



-- 
Matt Sicker 

Re: [VOTE] [log4net] Release 2.0.11

[Remko Popma]

+1 remko

On Sat, Sep 19, 2020 at 5:56 AM Matt Sicker  wrote:

> How about your gpg key? I don't think we've imported that to the KEYS
> file as far as I can tell?
>
> On Fri, 18 Sep 2020 at 15:53, Matt Sicker  wrote:
> >
> > Oh sorry, I didn't notice that you uploaded them there (wasn't even
> > aware that it was possible to be honest).
> >
> > On Fri, 18 Sep 2020 at 14:43, Davyd McColl  wrote:
> > >
> > > Hi Matt
> > >
> > > Release artifacts are available on the GitHub release page
> > > (https://GitHub.com/Apache/logging-log4net/releases) - expand the
> assets
> > > list if it's collapsed.
> > >
> > > I'll need someone to upload them to the downloads source as I think I
> don't
> > > have access to do so (if I'm wrong, I'd love to be corrected, because
> I'd
> > > be less of an annoyance then!). Ralph has stepped in to help here in
> the past.
> > >
> > > -d
> > >
> > >
> > > On September 18, 2020 20:09:07 Matt Sicker  wrote:
> > >
> > > > Do you have links to the release artifacts? The download page links
> to
> > > > the live site which doesn't have the artifacts yet since they're not
> > > > released yet. :)
> > > >
> > > > On Fri, 18 Sep 2020 at 09:05, Davyd McColl 
> wrote:
> > > >>
> > > >> Hi all
> > > >>
> > > >> I have another potential release available: 2.0.11, tagged as
> rc/2.0.11
> > > >>
> > > >> Changes are really minor:
> > > >> - fixed assembly versioning (all assemblies should report 2.0.11.0
> as their
> > > >> version now)
> > > >> - properly dispose of StreamWriters within logging appenders
> (thanks to
> > > >> @NicholasNoise)
> > > >>
> > > >> Binaries are up at
> > > >> https://github.com/apache/logging-log4net/releases/tag/rc%2F2.0.11
> and I've
> > > >> pushed to asf-staging for logging, now up at
> > > >> https://logging.staged.apache.org/log4net/download_log4net.html
> > > >>
> > > >> Thanks
> > > >> -d
> > > >
> > > >
> > > >
> > > > --
> > > > Matt Sicker 
> >
> >
> >
> > --
> > Matt Sicker 
>
>
>
> --
> Matt Sicker 
>

Re: [VOTE] [log4net] Release 2.0.11

[Matt Sicker]

How about your gpg key? I don't think we've imported that to the KEYS
file as far as I can tell?

On Fri, 18 Sep 2020 at 15:53, Matt Sicker  wrote:
>
> Oh sorry, I didn't notice that you uploaded them there (wasn't even
> aware that it was possible to be honest).
>
> On Fri, 18 Sep 2020 at 14:43, Davyd McColl  wrote:
> >
> > Hi Matt
> >
> > Release artifacts are available on the GitHub release page
> > (https://GitHub.com/Apache/logging-log4net/releases) - expand the assets
> > list if it's collapsed.
> >
> > I'll need someone to upload them to the downloads source as I think I don't
> > have access to do so (if I'm wrong, I'd love to be corrected, because I'd
> > be less of an annoyance then!). Ralph has stepped in to help here in the 
> > past.
> >
> > -d
> >
> >
> > On September 18, 2020 20:09:07 Matt Sicker  wrote:
> >
> > > Do you have links to the release artifacts? The download page links to
> > > the live site which doesn't have the artifacts yet since they're not
> > > released yet. :)
> > >
> > > On Fri, 18 Sep 2020 at 09:05, Davyd McColl  
> > > wrote:
> > >>
> > >> Hi all
> > >>
> > >> I have another potential release available: 2.0.11, tagged as rc/2.0.11
> > >>
> > >> Changes are really minor:
> > >> - fixed assembly versioning (all assemblies should report 2.0.11.0 as 
> > >> their
> > >> version now)
> > >> - properly dispose of StreamWriters within logging appenders (thanks to
> > >> @NicholasNoise)
> > >>
> > >> Binaries are up at
> > >> https://github.com/apache/logging-log4net/releases/tag/rc%2F2.0.11 and 
> > >> I've
> > >> pushed to asf-staging for logging, now up at
> > >> https://logging.staged.apache.org/log4net/download_log4net.html
> > >>
> > >> Thanks
> > >> -d
> > >
> > >
> > >
> > > --
> > > Matt Sicker 
>
>
>
> --
> Matt Sicker 



-- 
Matt Sicker 

Re: [VOTE] [log4net] Release 2.0.11

[Matt Sicker]

Oh sorry, I didn't notice that you uploaded them there (wasn't even
aware that it was possible to be honest).

On Fri, 18 Sep 2020 at 14:43, Davyd McColl  wrote:
>
> Hi Matt
>
> Release artifacts are available on the GitHub release page
> (https://GitHub.com/Apache/logging-log4net/releases) - expand the assets
> list if it's collapsed.
>
> I'll need someone to upload them to the downloads source as I think I don't
> have access to do so (if I'm wrong, I'd love to be corrected, because I'd
> be less of an annoyance then!). Ralph has stepped in to help here in the past.
>
> -d
>
>
> On September 18, 2020 20:09:07 Matt Sicker  wrote:
>
> > Do you have links to the release artifacts? The download page links to
> > the live site which doesn't have the artifacts yet since they're not
> > released yet. :)
> >
> > On Fri, 18 Sep 2020 at 09:05, Davyd McColl  wrote:
> >>
> >> Hi all
> >>
> >> I have another potential release available: 2.0.11, tagged as rc/2.0.11
> >>
> >> Changes are really minor:
> >> - fixed assembly versioning (all assemblies should report 2.0.11.0 as their
> >> version now)
> >> - properly dispose of StreamWriters within logging appenders (thanks to
> >> @NicholasNoise)
> >>
> >> Binaries are up at
> >> https://github.com/apache/logging-log4net/releases/tag/rc%2F2.0.11 and I've
> >> pushed to asf-staging for logging, now up at
> >> https://logging.staged.apache.org/log4net/download_log4net.html
> >>
> >> Thanks
> >> -d
> >
> >
> >
> > --
> > Matt Sicker 



-- 
Matt Sicker 

Re: [VOTE] [log4net] Release 2.0.11

[Davyd McColl]

Hi Matt

Release artifacts are available on the GitHub release page 
(https://GitHub.com/Apache/logging-log4net/releases) - expand the assets 
list if it's collapsed.


I'll need someone to upload them to the downloads source as I think I don't 
have access to do so (if I'm wrong, I'd love to be corrected, because I'd 
be less of an annoyance then!). Ralph has stepped in to help here in the past.


-d


On September 18, 2020 20:09:07 Matt Sicker  wrote:


Do you have links to the release artifacts? The download page links to
the live site which doesn't have the artifacts yet since they're not
released yet. :)

On Fri, 18 Sep 2020 at 09:05, Davyd McColl  wrote:


Hi all

I have another potential release available: 2.0.11, tagged as rc/2.0.11

Changes are really minor:
- fixed assembly versioning (all assemblies should report 2.0.11.0 as their 
version now)
- properly dispose of StreamWriters within logging appenders (thanks to 
@NicholasNoise)


Binaries are up at 
https://github.com/apache/logging-log4net/releases/tag/rc%2F2.0.11 and I've 
pushed to asf-staging for logging, now up at 
https://logging.staged.apache.org/log4net/download_log4net.html


Thanks
-d




--
Matt Sicker 

Re: [VOTE] [log4net] Release 2.0.11

[Matt Sicker]

Do you have links to the release artifacts? The download page links to
the live site which doesn't have the artifacts yet since they're not
released yet. :)

On Fri, 18 Sep 2020 at 09:05, Davyd McColl  wrote:
>
> Hi all
>
> I have another potential release available: 2.0.11, tagged as rc/2.0.11
>
> Changes are really minor:
> - fixed assembly versioning (all assemblies should report 2.0.11.0 as their 
> version now)
> - properly dispose of StreamWriters within logging appenders (thanks to 
> @NicholasNoise)
>
> Binaries are up at 
> https://github.com/apache/logging-log4net/releases/tag/rc%2F2.0.11 and I've 
> pushed to asf-staging for logging, now up at 
> https://logging.staged.apache.org/log4net/download_log4net.html
>
> Thanks
> -d



-- 
Matt Sicker