Re: Looking for a champion: resurrect log4j 1.x

>Just wondering, is it even fulfilling the criteria of incubation? I believe, the world does not need "active development in log4j 1.x" nowadays. What everybody needs from log4j 1.x is to fix security issues, fix outstanding issues (if any), keep the project buildable (e.g. avoid using outdated

Re: [VOTE] Release Apache YuniKorn (Incubating) 0.12.1 (RC1)

Hi, +1 (binding) from me, I have checked the following items: - Incubating in name - LICENSE and NOTICE are fine - DISCLAIMER exists - All links are valid - No unexpected binary files - All ASF files have ASF headers - Checksums and PGP signatures are valid. - Build from source in macOS -

[VOTE] Release Apache YuniKorn (Incubating) 0.12.1 (RC1)

Hello IPMC, The Apache YuniKorn community has voted and approved the release of Apache YuniKorn (incubating) 0.12.1 (RC1). We now kindly request IPMC members review and vote for this release. YuniKorn is a standalone, universal resource scheduler that can support both long-running and batch

Re: Looking for a champion: resurrect log4j 1.x

What are the concerning security vulnerabilities in log4j 1 and the severity level? I saw one mentioned in the thread which apparently redhat had fixed (with socket stream deserialization) On Mon, Dec 20, 2021 at 3:56 PM Martin Gainty wrote: > i would ping the original author ceki gulcu >

Re: Looking for a champion: resurrect log4j 1.x

i would ping the original author ceki gulcu Random thoughts by Ceki Gülcü: The forces and vulnerabilities of the Apache model Random thoughts by Ceki Gülcü: The forces and vulnerabilities of the Apache

Re: [VOTE] Release Apache YuniKorn (Incubating) 0.12.1 (RC1)

On Mon, 20 Dec 2021 at 17:43, Chaoran Yu wrote: > > Hi Sebb, > > Thanks for the pointer. We have removed the keys from the dev location. Now > my key is only present at > https://downloads.apache.org/incubator/yunikorn/KEYS. Please re-issue the VOTE thread with the correct URL. > > On

Re: [DISCUSS] Graduate Apache AGE Incubating as a Top Level Project

Hello Justin, Thank you for your feedback. Please find more information following: - Indications that the committer/PPMC bar may be too high and not all forms of contribution recognized → Comment noted. We will no longer insist that committers are code contributors. - A new PPMC member is not

Re: Looking for a champion: resurrect log4j 1.x

Just wondering, is it even fulfilling the criteria of incubation? Have there been any similar cases before? It was stated that there will be no effort on active development but focus only on CVE fixes. This sounds to me as the project will start as only fixing a few known CVEs and stop till other

Re: [VOTE] Release Apache YuniKorn (Incubating) 0.12.1 (RC1)

Hi Sebb, Thanks for the pointer. We have removed the keys from the dev location. Now my key is only present at https://downloads.apache.org/incubator/yunikorn/KEYS. On 2021/12/20 11:29:36 sebb wrote: > On Mon, 20 Dec 2021 at 04:29, Chaoran Yu wrote: > > > > Hello IPMC, > > > > The Apache

Re: Looking for a champion: resurrect log4j 1.x

On Mon, Dec 20, 2021 at 8:42 AM Romain Manni-Bucau wrote: > Guess there are 4 options: > > 1. resurrect log4j1 and let it die again > 2. do a log4j1 release for the CVE under logging umbrella (as a subproject) > - after all log4j1 belongs to logging as a subproject already ( >

Re: Looking for a champion: resurrect log4j 1.x

Guess there are 4 options: 1. resurrect log4j1 and let it die again 2. do a log4j1 release for the CVE under logging umbrella (as a subproject) - after all log4j1 belongs to logging as a subproject already ( https://logging.apache.org/dormant.html) 3. the log4j1-log4j2 bridge (but agree this is

Re: Looking for a champion: resurrect log4j 1.x

Hi Vladimir, I think based on what you're describing and the Logging PMC's response, re-incubating the project makes sense. I would be curious if the Logging PMC would be interested in restarting the sub-project after a successful incubation period. This seems to match what Ralph is suggesting

Re: Looking for a champion: resurrect log4j 1.x

>Do you have "facts" (like message on mailing list) ? I am not sure what you mean. For example: 1) Ralph Goers says the existing committers did not touch 1.x code a lot: https://lists.apache.org/thread/j6zrdp1d148qpkg0g7x3cc41o070oq6n Ralph>Virtually all of the contributors to the Log4j 1.x

Re: [VOTE] Release Apache YuniKorn (Incubating) 0.12.1 (RC1)

On Mon, 20 Dec 2021 at 04:29, Chaoran Yu wrote: > > Hello IPMC, > > The Apache YuniKorn community has voted and approved the release of Apache > YuniKorn (incubating) 0.12.1 (RC1). We now kindly request IPMC members review > and vote for this release. > > YuniKorn is a standalone, universal

Re: Looking for a champion: resurrect log4j 1.x

Hi Vladimir, Thanks for the update. Do you have "facts" (like message on mailing list) ? I think we can discuss with the log4j PMC members. Depending of their feedback, we will find a way. My preference is to have log4j1 on Apache Logging umbrella. Let's see what others think. Regards JB On