GitHub user fluffynuts added a comment to the discussion: Poll: Dropping net462 Support in log4net
One problem I've definitely experienced is that when you depend on some other package, you have to sometimes do maintenance releases just to upgrade the dependency. Yes, the consumer can override the dependency with a local install (assuming that it's still compatible), but most people don't. So then when a vulnerability is found in an upstream package, one finds oneself repackaging and re-releasing out of an obligation to the users (and also to stop silly vulnerability reports like "you depend on vulnerable package X at version Y" - again, the user can override this, but many won't, so the report has some validity). I would much rather see a new nuget package for the appender (and that could depend on the System.Diagnostics.EventLog package - it would have a much smaller scope than all of log4net, and likely wouldn't incur the same overhead on a release - apart from the act of bumping versions and re-packaging, the whole thing has to go through a vote as well). GitHub link: https://github.com/apache/logging-log4net/discussions/267#discussioncomment-17000052 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected]
