Leo,

It is still the middle of the night for me so I won’t do anything for several 
hours. I will create the branch but I am curious about the rest. When I ran the 
build last night it ran through a bunch of unit tests without any problems. It 
then failed due to javadoc errors. I just told the plugin not to fail and then 
it started executing the site plugin. I tried updating the version but that 
just caused it to have an error in the site.xml. 

My question is, you said that the build has test failures. Did I not see them 
because of the changes after 1.2.17 or is something else going on?

Ralph

> On Dec 23, 2021, at 2:22 AM, Leo Simons <m...@leosimons.com> wrote:
> 
> (On mobile)
> 
> Cool.
> 
> First I suggest to make a new branch from 1.2.17. Trunk has various stuff
> that’s backwards incompatible. Something like
> 
> git checkout -b main v1_0_2_17
> git push -u main
> 
> Then go into GitHub settings and make main the default branch.
> 
> So then people make PRs against that.
> 
> Think someone can take up to  a5405370d844fca078c25f66654f929d07b1a922  from
> 
> https://github.com/apache/log4j/pull/17 to make a PR to get to a modern
> build.
> 
> With some test failures because I got rid of the limited whitelist of unit
> tests. Most of the commits after that set up GitHub actions and fix the
> test suite.
> 
> I expect you can safely take everything on that PR17 that is a commit that
> does not start with “fix:” without much discussion.
> 
> Each of those “fix:” commits from PR17 should then be a distinct PR and a
> discussion, where based on Gary’s feedback most of them have a -1 against
> them due to dropping functionality.
> 
> Instead of or in addition to some of those fixes, a nice alternative
> approach that Vladimir suggested before is to split off the more
> problematic integrations (jdbc,jms,smtp,telnet,plaintext socket) into their
> own mini library jars. Then you can replace log4j-1.2.17.jar with
> log4j-1.2.18.jar and in the rare(r) cases you do need the other stuff you
> add in, say, log4j-jms-1.2.18.jar. Easy to understand, not too much effort.
> 
> The third approach, the one Gary suggested, is to backport (the idea of)
> more secure code from 2.x.
> 
> Cheers,
> 
> Leo
> 
>> On Thu, 23 Dec 2021 at 07:34, Ralph Goers <ralph.go...@dslextreme.com>
>> wrote:
>> 
>> I have cloned the read-only log4j repo to
>> https://github.com/apache/logging-log4j1.
>> 
>> I have followed the build instructions and had to modify the javadoc
>> plugin to not fail on errors. Now it fails in the site plugin.
>> 
>> If someone else wants to take this on I would suggest the first PR should
>> just to the pom.xml file to get the build working as is.
>> 
>> Ralph
>> 
>> 
>> 


Reply via email to