By results, I understand you mean a tally? There were only three votes, all
positive. I've pushed the nupkg.
-d
On October 26, 2020 13:35:15 Apache <ralph.go...@dslextreme.com> wrote:
You need to close the vote thread with the results first before performing
the final release steps.
Ralph
On Oct 25, 2020, at 11:24 PM, Davyd McColl <dav...@gmail.com> wrote:
Thanks Ralph
Could you assist with getting artifacts up to downloads.apache.org? I'm
going to push the nupkg because people are waiting on it, and will have to
set the new documentation live because people will expect it, but right
now, the download links are broken.
Thanks
-d
On 2020/10/25 01:21:15, Ralph Goers <ralph.go...@dslextreme.com> wrote:
My +1
Ralph
On Sep 22, 2020, at 11:21 PM, Davyd McColl wrote:
Thanks all; I've completed the release as far as I can (Ralph, please push
the relevant artifacts from
https://github.com/apache/logging-log4net/releases/tag/rel%2F2.0.11 the
last mile) and pushed the nuget package.
-d
On 2020/09/22 17:34:34, Matt Sicker wrote:
+1
On Tue, Sep 22, 2020 at 04:23 Dominik Psenner wrote:
+1
--
Sent from my phone. Typos are a kind gift to anyone who happens to find
them.
On Tue, Sep 22, 2020, 08:37 Davyd McColl wrote:
Hi all
I'd appreciate any more +1's (thanks, Remko!). I'd like to get this out
the door because it fixes confusing versioning on the released binaries
(in
particular, nuget consumers)
Thanks
-d
On 2020/09/20 22:33:49, Matt Sicker wrote:
I can use whatever.
On Sun, 20 Sep 2020 at 15:26, Ralph Goers wrote:
I don’t have google meet and I can’t use Skype since Microsoft hosed my
authentication. I have zoom. My company uses Amazon Chime, which is
fairly
new, as part of our product offering. I’ve sent you both emails for a
meeting using that.
Ralph
On Sep 20, 2020, at 1:01 PM, Matt Sicker wrote:
I sent a Google Meet invite to you.
On Sun, 20 Sep 2020 at 14:26, Davyd McColl wrote:
I'm happy to be available at 8am my side, if that works for everyone
else.
It sounds like earlier would be better, but I'm doing the morning
school
run from 7am and can't guarantee I'll be back significantly before
8am.
How to do this? I have zoom and slack on my work machine, can
install
Skype if that's more convenient, can do google meet, I assume,
though
haven't ever tried, so may need a bit of a crash intro.
If posting meeting details to the mailing list is not on, feel free
to
email me directly (:
-d
On September 20, 2020 20:58:29 Ralph Goers wrote:
8am in Durban South Africa is 11pm the night before in Phoenix AZ.
However, I frequently am up until midnight so that could work.
5-5:30 pm is
7:30-8 am in Phoenix. I usually am not in front of my computer on a
weekday
until 8 am but on occasion I can do earlier.
Ralph
On Sep 20, 2020, at 9:46 AM, Davyd McColl wrote:
Any time 08h00 - 17h30 utc+2, except 13h00-14h00 (that's when I
fetch my
son from school)
-d
On September 20, 2020 18:44:19 Matt Sicker wrote:
We’re not quite as strict as Debian for keys (though if you can
find a
Debian group locally, they’re great for key signing). The video
call idea
could work for exchanging keys. What times would you be available
to do
that?
On Sun, Sep 20, 2020 at 03:09 Davyd McColl wrote:
Hi Ralph
I think I miscommunicated: I'm not regenerating my signing key -
just the
nuget API key for package upload. This forces me to log in in
nuget.org
which has 2fa and then I only use that key on the cli for the
immediate
upload.
My gpg key as at https://GitHub.com/fluffynuts.gpg is the same
that I
used
last time.
-d
On September 20, 2020 09:01:36 Ralph Goers
wrote:
In the long run you don’t want to be regenerating your signing
key for
every release. The point is that you would upload the key to a
central
keystore and other people would sign it there. At ApacheCon we
would
have a
key signing “party” where we recorded each others keys and then
would
take
our list and update the central keystore. When people verify
the
key
they
can look at the keystore and see that it is signed by a number
of
people,
who then have their keys by a number of people and so on so you
are
building a web of trust. Sooner or later there will be someone
in that
web
that you personally know and trust.
Ralph
On Sep 19, 2020, at 11:26 PM, Davyd McColl wrote:
Thanks Matt, I've updated the artifacts on GitHub to have
detached
signatures. I had previously also uploaded my key to
sks-keyservers.net,
but I've also uploaded to MIT, though search there always
times
out.
The document you've linked mentions face-to-face interactions
to get my
key
into the official KEYS file. Not sure how many apache people
are at my
end
of the world (Durban, South Africa), but I can do an online
meeting if
that
helps. Last release, Ralph said I should sign, so I did. I'm
new to
signing
release artifacts - I've generally relied on authentication
during
upload
as verification of authenticity, with 2FA wherever possible
(GitHub and
NPM; nuget survives with an apikey - but for the last 2
releases, I've
regenerated the key on each use and only supplied it on the
cli
at
upload,
so as not to store it locally)
-d
On September 19, 2020 22:23:41 Matt Sicker wrote:
Oh and there's a bit of an issue with the signed files: it
looks like
you included _signed files_ rather than detached signatures.
Thus, the
.asc files are only verifying themselves rather than the
accompanying
file.
There's a --detached option in gpg for this (yeah, it's
always
had a
bad UI).
On Sat, 19 Sep 2020 at 15:19, Matt Sicker wrote:
The KEYS file [1] that's linked on the download page does
not
have
your key in it. Neither does other KEYS file [2]. Check out
[3] for
more info.
[1]: https://downloads.apache.org/logging/log4net/KEYS
[2]: https://downloads.apache.org/logging/KEYS
[3]:
https://infra.apache.org/release-signing.html#keys-policy
On Sat, 19 Sep 2020 at 12:48, Davyd McColl wrote:
Thanks Matt, I've done so. Hopefully that makes it easier
to
verify
artifacts that I have signed.
-d
On September 18, 2020 23:11:48 Matt Sicker
wrote:
If you upload your key to your GitHub profile, that also
makes it
simple to find. For example, just add ".gpg" to your
profile URL:
https://github.com/fluffynuts.gpg
On Fri, 18 Sep 2020 at 16:08, Remko Popma
wrote:
+1 remko
On Sat, Sep 19, 2020 at 5:56 AM Matt Sicker
wrote:
How about your gpg key? I don't think we've imported
that
to
the KEYS
file as far as I can tell?
On Fri, 18 Sep 2020 at 15:53, Matt Sicker
wrote:
Oh sorry, I didn't notice that you uploaded them there
(wasn't even
aware that it was possible to be honest).
On Fri, 18 Sep 2020 at 14:43, Davyd McColl
wrote:
Hi Matt
Release artifacts are available on the GitHub release
page
(https://GitHub.com/Apache/logging-log4net/releases)
-
expand the
assets
list if it's collapsed.
I'll need someone to upload them to the downloads
source
as I
think I
don't
have access to do so (if I'm wrong, I'd love to be
corrected,
because
I'd
be less of an annoyance then!). Ralph has stepped in
to
help here in
the past.
-d
On September 18, 2020 20:09:07 Matt Sicker <
boa...@gmail.com> wrote:
Do you have links to the release artifacts? The
download
page
links
to
the live site which doesn't have the artifacts yet
since
they're not
released yet. :)
On Fri, 18 Sep 2020 at 09:05, Davyd McColl
wrote:
Hi all
I have another potential release available: 2.0.11,
tagged as
rc/2.0.11
Changes are really minor:
- fixed assembly versioning (all assemblies should
report
2.0.11.0
as their
version now)
- properly dispose of StreamWriters within logging
appenders
(thanks to
@NicholasNoise)
Binaries are up at
https://github.com/apache/logging-log4net/releases/tag/rc%2F2.0.11
and I've
pushed to asf-staging for logging, now up at
https://logging.staged.apache.org/log4net/download_log4net.html
Thanks
-d
--
Matt Sicker
--
Matt Sicker
--
Matt Sicker
--
Matt Sicker
--
Matt Sicker
--
Matt Sicker
--
Matt Sicker
--
Matt Sicker
--
Matt Sicker
--
Matt Sicker
