Ron>wouldn't a more efficient approach be to offer support to Ron>Logging Services
Ron, I did try my best to offer my help with updating log4j 1.x. Unfortunately, I failed and none of Logging Services PMC accepted it. Here are the facts: https://lists.apache.org/thread/6lhkyytvpg4md757tfydb1k0mmp5j1oc Ron>Re-starting the entire EOL'ed Log4j1 Ron>engine with a new crew to fix one issue is confusing It is confusing for me as well, however, the current crew does seem to cooperate regarding the changes to 1.x. Ron>I don't get the sense folks are against fixing things 1) There are multiple known open CVEs in log4j 1.x. The team is not really fixing known security issues. 2) All the responses from the current PMC are behind the lines of "evangelizing 2.x" rather than suggesting a way to fix 1.x and release it. Ron>To answer your Ron>question about sponsorship, I want to explore partnering with Logging Ron>Services before forming a new Log4j1 team. For example, my very basic suggestion was "let's move 1.x to Git for easier contribution", however, none of the PMC members approved the change. When it comes to code-related changes, the reviews are vague, and it is really hard (impossible?) to find consensus. On top of that, the review is complicated by the fact that **multiple** fixes are needed for log4j 1.x 1) There are multiple known CVEs regarding 1.x 2) 1.x uses a really old build system, so, in my opinion, the build scripts should be updated before any other changes Vladimir
