Gentle reminder.
--
Matt Sicker
> On Dec 21, 2021, at 15:21, Gary Gregory <garydgreg...@gmail.com> wrote:
>
> Is it possible that RAT is only configured for reporting and not invocation
> from a build? The log4j RAT passes.
>
> Gary
>
>
>
> On Tue, Dec 21, 2021, 16:12 Matt Sicker <boa...@gmail.com
> <mailto:boa...@gmail.com>> wrote:
>
>> The jquery.js file has a license header; I have no idea why rat complains
>> about it. And these two files are copied verbatim from log4j2, so I don’t
>> see the issue here. I looked at the rat report on the site and it looked
>> fine, too.
>> --
>> Matt Sicker
>>
>>> On Dec 21, 2021, at 14:55, Gary Gregory <garydgreg...@gmail.com> wrote:
>>>
>>> The RAT check (mvn apache-rat:check) fails on:
>>>
>>> src/site/resources/js/jquery.min.js
>>> src/site/resources/js/jquery.js
>>>
>>> If it is indeed ok to ship these files, then the RAT check should exclude
>>> these files and the NOTICE file be updated with an appropriate entry. I
>>> know this is not the runtime, it's the site, but we still include the
>>> files, so might as well be neat and today about it.
>>>
>>> Also, why ship BOTH the plain and "min" versions?
>>>
>>> In one of the files, I see "Dual licensed under the MIT or GPL Version 2
>>> licenses."
>>> I'm pretty sure GPL part is not OK but MIT might be, the comment in the
>> RAT
>>> exclusion should say so if these are OK to ship.
>>>
>>> Thoughts?
>>>
>>> Gary
>>>
>>> On Mon, Dec 20, 2021 at 11:02 PM Matt Sicker <boa...@gmail.com
>>> <mailto:boa...@gmail.com> <mailto:
>> boa...@gmail.com <mailto:boa...@gmail.com>>> wrote:
>>>
>>>> This is a vote to release Log4j Kotlin API version 1.2.0, the next
>> version
>>>> of the Kotlin facade for Log4j2.
>>>>
>>>> Please download, test, and cast your votes on the log4j developers list.
>>>> [] +1, release the artifacts
>>>> [] -1, don't release because...
>>>>
>>>> The vote will remain open for 24 hours (or more if required). All votes
>>>> are welcome and we encourage everyone to test the release, but only
>> Logging
>>>> PMC votes are “officially” counted. As always, at least 3 +1 votes and
>> more
>>>> positive than negative votes are required.
>>>>
>>>> Changes in this release include:
>>>>
>>>> * LOG4J2-3218: Update Log4j dependency to 2.17.0.
>>>>
>>>> This is primarily provided to help upgrade transitive dependencies on
>>>> log4j-core which was recently updated to fix CVE-2021-44228,
>>>> CVE-2021-45046, and CVE-2021-45105.
>>>>
>>>> Tag:
>>>> a) for a new copy do "git clone
>>>> https://github.com/apache/logging-log4j-kotlin.git
>>>> <https://github.com/apache/logging-log4j-kotlin.git> <
>>>> https://github.com/apache/logging-log4j-kotlin.git
>>>> <https://github.com/apache/logging-log4j-kotlin.git> <
>> https://github.com/apache/logging-log4j-kotlin.git
>> <https://github.com/apache/logging-log4j-kotlin.git>>>” and then "git
>>>> checkout tags/log4j-api-kotlin-1.2.0-rc3” or just "git clone -b
>>>> log4j-api-kotlin-1.2.0-rc3
>>>> https://github.com/apache/logging-log4j-kotlin.git
>>>> <https://github.com/apache/logging-log4j-kotlin.git> <
>> https://github.com/apache/logging-log4j-kotlin.git
>> <https://github.com/apache/logging-log4j-kotlin.git>> <
>>>> https://github.com/apache/logging-log4j-kotlin.git
>>>> <https://github.com/apache/logging-log4j-kotlin.git> <
>> https://github.com/apache/logging-log4j-kotlin.git
>> <https://github.com/apache/logging-log4j-kotlin.git>>>"
>>>> b) for an existing working copy to “git pull” and then “git checkout
>>>> tags/log4j-api-kotlin-1.2.0-rc3”
>>>>
>>>> Web Site: https://logging.staged.apache.org/log4j/kotlin/index.html
>>>> <https://logging.staged.apache.org/log4j/kotlin/index.html> <
>> https://logging.staged.apache.org/log4j/kotlin/index.html
>> <https://logging.staged.apache.org/log4j/kotlin/index.html>> <
>>>> https://logging.staged.apache.org/log4j/kotlin/index.html
>>>> <https://logging.staged.apache.org/log4j/kotlin/index.html> <
>> https://logging.staged.apache.org/log4j/kotlin/index.html
>> <https://logging.staged.apache.org/log4j/kotlin/index.html>>>
>>>>
>>>> Maven Artifacts:
>>>>
>> https://repository.apache.org/content/repositories/orgapachelogging-1075/
>> <https://repository.apache.org/content/repositories/orgapachelogging-1075/>
>> <https://repository.apache.org/content/repositories/orgapachelogging-1075/
>> <https://repository.apache.org/content/repositories/orgapachelogging-1075/>
>>>
>>>>
>>>> Distribution archives:
>>>> https://dist.apache.org/repos/dist/dev/logging/log4j/kotlin/
>>>> <https://dist.apache.org/repos/dist/dev/logging/log4j/kotlin/> <
>> https://dist.apache.org/repos/dist/dev/logging/log4j/kotlin/
>> <https://dist.apache.org/repos/dist/dev/logging/log4j/kotlin/>> <
>>>> https://dist.apache.org/repos/dist/dev/logging/log4j/kotlin/
>>>> <https://dist.apache.org/repos/dist/dev/logging/log4j/kotlin/> <
>> https://dist.apache.org/repos/dist/dev/logging/log4j/kotlin/
>> <https://dist.apache.org/repos/dist/dev/logging/log4j/kotlin/>>>
>>>>
>>>> You may download all the Maven artifacts by executing:
>>>> wget -e robots=off --cut-dirs=7 -nH -r -p -np --no-check-certificate
>>>>
>> https://repository.apache.org/content/repositories/orgapachelogging-1075/org/apache/logging/log4j/
>>
>> <https://repository.apache.org/content/repositories/orgapachelogging-1075/org/apache/logging/log4j/>
>> <
>> https://repository.apache.org/content/repositories/orgapachelogging-1075/org/apache/logging/log4j/
>>
>> <https://repository.apache.org/content/repositories/orgapachelogging-1075/org/apache/logging/log4j/>
>>>
>>>> <
>>>>
>> https://repository.apache.org/content/repositories/orgapachelogging-1075/org/apache/logging/log4j/
>>
>> <https://repository.apache.org/content/repositories/orgapachelogging-1075/org/apache/logging/log4j/>
>> <
>> https://repository.apache.org/content/repositories/orgapachelogging-1075/org/apache/logging/log4j/
>>
>> <https://repository.apache.org/content/repositories/orgapachelogging-1075/org/apache/logging/log4j/>
>>>
>>>>>
>>>>
>>>> --
>>>> Matt Sicker
