On Mon, Oct 27, 2025, at 12:25, Gary Gregory wrote: > This is a poll to gauge the waters for CTR. > > There is way too much Byzantine bureaucracy in this project. > > It's constantly throwing spans in the wheels of progress: > > A PR for adding one getter method turns into a request for porting a > code base from IO to NIO, see > https://lists.apache.org/thread/l23k5n6spfgs05ds06t4hpgmmssqpzvd
-1 I understand your pain, Gary. We need to make it easier to keep development going. But I no longer believe in CTR. We had the worst security issue you can imagine. Everything we can do to build up trust is necessary and welcome. We are a critical open-source project in the Java landscape, and we must acknowledge this by ensuring all changes are reviewed. With CTR we have no guarantees anyone ever looks at the change. It is almost certain that a commit is not reviewed at all. We are no longer prototyping. Log4j is used around the globe. We changed the whole world's perspective on security. Now, Log4j plays a very special role: we lead as a role model in security and development practices. People look at us. Strong -1 to going back to CTR. +1 on discussing the rules of a review. Cheers Christian
