The Log4j1 project is EOL, and assuming that it remains EOL and we are only doing security patches, I vote in favor of this repo change, to facilitate making such security patches. +1
I agree we need to get consensus on the scope of any Log4j1 work. On Fri, Dec 24, 2021 at 8:53 AM Matt Sicker <[email protected]> wrote: > I tend to agree here. Even if we go ahead with the repo rename, we’ll > still need some consensus on the scope of this work. > -- > Matt Sicker > > > On Dec 23, 2021, at 17:11, Christian Grobmeier <[email protected]> > wrote: > > > > hi > > > > at the moment I am -1 too, mostly for the reasons Gary mentioned. > > Most important is that we don't have a clear goal on what we are trying > to achieve here. We should be very explicit of why we are doing what. > > > > Cheers, > > Christian > > > > > > On Thu, Dec 23, 2021, at 22:50, Gary Gregory wrote: > >> -1 > >> We just created logging-log4j1 and converted the SVN repo into it, let's > >> stick to that. I even made a commit ;-) > >> I claim it is a good thing to start with a new repo because it creates a > >> tiny bit of friction, for a project that is still End-of-Life after all. > >> Even if it is a bit of friction to bring in old stuff from the old repo, > >> this would provide a kind of effort/value filter. > >> The concurrent consensus I see on the PMC is to fix the one listed CVE > on > >> our site plus other fixes in the style of the recent 2.x fixes. > >> Bringing in all of the cruft from the old repo will give the wrong > >> impression that we actually might be merging this or that random fix and > >> feature. Which I claim is not the goal here. > >> > >> I feel we might need an addendum or a subsequent VOTE with a stated > goal or > >> charter for this repo to only provide CVE fixes (see above). Projects > >> usually have a charter, not components I do not think, but I think we > >> should have one here and put it in front and center in the README.md so > we > >> can manage expectations for people finding the repo on GitHub. > >> > >> Gary > >> > >> On Thu, Dec 23, 2021 at 4:35 PM Ralph Goers <[email protected] > > > >> wrote: > >> > >>> In https://issues.apache.org/jira/browse/INFRA-22654 Chris Lambertus > has > >>> recommended that we can divorce > >>> the read-only SVN repo from https://github.com/apache/log4j. However, > it > >>> will not be able to keep the same > >>> name as all Git repos owned by the logging project must start with > >>> “logging-“. > >>> > >>> So this vote is to: > >>> 1. Delete the apache/logging-log4j1 repo I created last night. > >>> 2. Divorce the apache/log4j repo from SVN. > >>> 3. Rename apache/log4j to apache/logging-log4j1. > >>> 4. Create a branch named “main” from the v1_2_17 tag. > >>> 5. Make main the default branch in GitHub. > >>> > >>> While all votes are welcome Infra needs consensus from the PMC on this > >>> vote so the result will separate > >>> binding from non-binding votes. > >>> > >>> Ralph > >>> > >>> PS - I’ve separated this from the previous vote thread since it was > mostly > >>> discussion. If you want to discuss > >>> this please prefix the subject with [DISCUSS] > >
