Hi all,
Looking at our releases, as the appear on `projects.apache.org`[1], I
think that it is about time to clean up `downloads.apache.org`. I would
propose to:
1. Formally vote on the end-of-life of the Apache Extras for Apache
log4j[2] and Apache log4php[3] projects.
2. Formally vote on the end-of-life of the Log4j 2.3.x[4] and 2.12.x[5]
branches.
3. Remove all the release files of the distributions that reached
end-of-life. Users can always find those releases on `archive.apache.org`.
4. Update the websites to clearly mark some projects as EOL or dormant
with a link to a clear definition of the terms. For me these terms mean:
End-of-life: There will be no further releases. Security reports
for those projects/branches will not be accepted and those
projects/branches will not be checked against vulnerabilities.
Dormant: Further releases are unlikely, unless users step in.
Security reports and security releases are handled normally. The project
can be voted EOL at any time with an X-month notice.
5. We should update our DOAP files. My understanding is that each
subproject (Apache Log4j Tools, Apache Log4j Transform) should have its
own DOAP file.
6. Currently we place all sub-projects of Log4j directly in the
`logging` folder, but `archive.apache.org`[6] shows that it wasn't
always this way. For example `log4j-scala` used to be in `log4j/scala`.
Which convention should we use?
Piotr
[1] https://projects.apache.org/releases.html
[2] https://logging.apache.org/log4j/extras/
[3] https://logging.apache.org/log4php/
[4] https://logging.apache.org/log4j/2.3.x/
[5] https://logging.apache.org/log4j/2.12.x/
[6] https://archive.apache.org/dist/logging/
