ppkarwasz commented on PR #192:
URL: https://github.com/apache/ant/pull/192#issuecomment-1207894653
> We are maintaining things we accepted more than twentytwo years ago
(`` anyone :-) ) just to give a perspective on what maintenance
involves.
@bodewig, I perfectly understand the
ppkarwasz commented on PR #192:
URL: https://github.com/apache/ant/pull/192#issuecomment-1207497790
This would be just a marketing problem: Log4j2 Core's vulnerabilities never
affected the Log4j2 API as well as Logback's vulnerabilities never affected
SLF4J. In the case of a new CVE
ppkarwasz commented on PR #192:
URL: https://github.com/apache/ant/pull/192#issuecomment-1207491526
@bodewig, I understand the reluctance of adding yet another component with
external dependencies to maintain, but I believe this should be a low
maintenance listener. If you consider adding