This gets better and better. I was able to decrypt the file but the credentials don’t work. The Nuget.org <http://nuget.org/> site says “NuGet.org <http://nuget.org/> password login in no longer supported. Please use a Microsoft account to sign into NuGet gallery.”
Ralph > On Aug 21, 2020, at 4:37 PM, Ralph Goers <ralph.go...@dslextreme.com> wrote: > > Going back through my old emails I see Dominik had the same problem in 2016. > I forgot to update my files and now I see the instructions have changed. > > Ralph > >> On Aug 21, 2020, at 4:27 PM, Ralph Goers <ralph.go...@dslextreme.com> wrote: >> >> I figured out that the document is now at home.apache.org >> <http://home.apache.org/>. Unfortunately, that didn’t do me any good. gpg -d >> is failing with “No secret key”. That doesn’t seem too surprising since my >> key wasn’t used to sign the document. >> >> Ralph >> >>> On Aug 21, 2020, at 3:53 PM, Ralph Goers <ralph.go...@dslextreme.com> wrote: >>> >>> Dominik, >>> >>> The README file says that the keys can be found at >>> https://people.apache.org/keys/group/logging-pmc.asc >>> <https://people.apache.org/keys/group/logging-pmc.asc>. That url returns a >>> 404. Any idea where it moved to? >>> >>> Ralph >>> >>>> On Aug 17, 2020, at 9:39 AM, Dominik Psenner <dpsen...@gmail.com> wrote: >>>> >>>> I guess that would be a nuget publish. >>>> >>>> https://docs.microsoft.com/en-us/nuget/nuget-org/publish-a-package >>>> >>>> The credentials to that account are stored in the private repos of logging >>>> pmc. Most members of the pmc should be in the set of recipients with their >>>> gpg key. >>>> -- >>>> Sent from my phone. Typos are a kind gift to anyone who happens to find >>>> them. >>>> >>>> On Mon, Aug 17, 2020, 08:56 Davyd McColl <dav...@gmail.com> wrote: >>>> >>>>> Great! >>>>> >>>>> How do we get the nupkg to nuget.org? This is the final step that most >>>>> users are going to be interested in. >>>>> >>>>> Having a look at what's at the url you posted, I have ideas on how to >>>>> streamline future releases, so the next time I'm in that area, I'm >>>>> definitely implementing those ideas. I don't see changes to the Release >>>>> Notes area -- if I were to try to streamline that into a release, would a >>>>> CHANGELOG file be useful? Or is there a better way? >>>>> >>>>> -d >>>>> On 2020/08/16 23:26:07, Matt Sicker <boa...@gmail.com> wrote: >>>>> I committed them to dist already. I don't know how long we should wait >>>>> for any mirroring to catch up, though on my end, I see updated >>>>> artifacts on https://downloads.apache.org/logging/log4net/ other than >>>>> the release notes. >>>>> >>>>> On Sun, 16 Aug 2020 at 15:09, Ralph Goers wrote: >>>>>> >>>>>> +1 to that! >>>>>> >>>>>> Let me know when these are published. I can update the web site to >>>>> reflect that it is no longer dormant. >>>>>> >>>>>> Ralph >>>>>> >>>>>>> On Aug 16, 2020, at 11:54 AM, Matt Sicker wrote: >>>>>>> >>>>>>> Thanks so much for your help in releasing this! >>>>>>> >>>>>>> On Sun, 16 Aug 2020 at 13:53, Davyd McColl wrote: >>>>>>>> >>>>>>>> I'll make changes to the automated build to affect all changes you >>>>> have >>>>>>>> made (and perhaps will make) automatically to future releases for the >>>>> next >>>>>>>> release. Apologies for making this more difficult than it needs to be >>>>> (: >>>>>>>> >>>>>>>> -d >>>>>>>> >>>>>>>> >>>>>>>> On August 16, 2020 20:37:01 Matt Sicker wrote: >>>>>>>> >>>>>>>>> Just a simple copy of the LICENSE and NOTICE file into the binaries >>>>>>>>> zip, and a rename of the files to include "apache" in the name. I've >>>>>>>>> uploaded them to dist along with updating the KEYS file for log4net, >>>>>>>>> though that should probably be merged together with the project-wide >>>>>>>>> KEYS file in the parent directory. There's an outdated README.html in >>>>>>>>> the directory still containing the old release notes, but we can >>>>>>>>> address that next. >>>>>>>>> >>>>>>>>> On Sun, 16 Aug 2020 at 13:12, Matt Sicker wrote: >>>>>>>>>> >>>>>>>>>> One issue I found in one of the artifacts that I can address before >>>>>>>>>> uploading since it wasn't signed is the binaries zip is missing the >>>>>>>>>> LICENSE file. I'm not sure if there's a standard way to include that >>>>>>>>>> in the nupkg file, but I did see that in its metadata, it explicitly >>>>>>>>>> says the code is Apache2 licensed at least. >>>>>>>>>> >>>>>>>>>> On Sun, 16 Aug 2020 at 13:03, Matt Sicker wrote: >>>>>>>>>>> >>>>>>>>>>> I'll sign and publish the artifacts today. >>>>>>>>>>> >>>>>>>>>>> On Mon, 3 Aug 2020 at 17:43, Ralph Goers wrote: >>>>>>>>>>>> >>>>>>>>>>>> Thanks Remko. That makes 3 +1 votes from PMC members. >>>>>>>>>>>> >>>>>>>>>>>> Ralph >>>>>>>>>>>> >>>>>>>>>>>>> On Aug 3, 2020, at 2:12 PM, Remko Popma wrote: >>>>>>>>>>>>> >>>>>>>>>>>>> +1 Remko. >>>>>>>>>>>>> >>>>>>>>>>>>> On Tue, Aug 4, 2020 at 1:04 AM Matt Sicker wrote: >>>>>>>>>>>>> >>>>>>>>>>>>>> +1 from me. We can handle the release signing afterwards as >>>>> Ralph >>>>>>>>>> suggests. >>>>>>>>>>>>>> >>>>>>>>>>>>>> On Mon, 3 Aug 2020 at 10:30, Ralph Goers >>>>>>>>>>>>>> wrote: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Can other PMC members please review this? It has been more >>>>> than 72 >>>>>>>>>>>>>> hours. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Ralph >>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> On Jul 30, 2020, at 11:17 PM, Davyd McColl >>>>>>>>>>>>>> wrote: >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Hi all, I've never done this before, so bear with me if I >>>>> fluff it: >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> This is a proposed vote to release log4net 2.0.9 from PR >>>>>>>>>>>>>> https://github.com/apache/logging-log4net/pull/61 >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Release artifacts (including source zip) are at: >>>>>>>>>>>>>> >>>>>>>>>> >>>>> https://ci.appveyor.com/project/fluffynuts/logging-log4net/builds/34063235/artifacts >>>>>>>>>>>>>>>> Source can be checked out from >>>>>>>>>>>>>> https://github.com/fluffynuts/logging-log4net/logging-log4net, >>>>> tag rel/ >>>>>>>>>>>>>> 2.0.9. I can't push tags to the upstream, but this tag is >>>>> exactly the >>>>>>>>>>>>>> same commit as the last in the PR mentioned above, which was >>>>>>>>>> accepted into >>>>>>>>>>>>>> master a few days ago. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Please check out the artifacts & if everyone is ok with >>>>> what's there, >>>>>>>>>>>>>> please can someone with the rights to publish to nuget do so. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Once I've seen how this process works, I'd like to tackle the >>>>> CVE that >>>>>>>>>>>>>> has been brought up on this list more than once -- it's a >>>>> simple change >>>>>>>>>>>>>> which was already committed to the develop branch some time >>>>> ago, so >>>>>>>>>> there >>>>>>>>>>>>>> are a couple of options here: >>>>>>>>>>>>>>>> 1. cherry-pick that commit & do a 2.0.10 release pronto, with >>>>> only >>>>>>>>>>>>>> that change >>>>>>>>>>>>>>>> 2. trawl the develop branch to see what else was already >>>>> solved in >>>>>>>>>>>>>> there, and get that out as 2.0.10, and perhaps close out that >>>>> branch to >>>>>>>>>>>>>> avoid future confusion. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Thanks for your time >>>>>>>>>>>>>>>> -d >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> -- >>>>>>>>>>>>>> Matt Sicker >>>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> Matt Sicker >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Matt Sicker >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Matt Sicker >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Matt Sicker >>>>>>> >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Matt Sicker >>>>> >>> >> > > >
