logging-log4j-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gary Gregory <garydgreg...@gmail.com>
Subject Re: Questions on submitting changes to the Log4j2 code base
Date Tue, 12 Jan 2016 19:58:47 GMT
Hm yeah, for "larger" contributions, a CLA is good. I'm not sure when
larger is large enough though.

Gary

On Tue, Jan 12, 2016 at 4:31 AM, Mikael Ståldal <mikael.staldal@magine.com>
wrote:

> > I am looking for some guidance on how I should go about submitting these
> changes back to the Apache Log4j 2.x team for inclusion in the code base.
>
> You would need to sign and submit an Apache CLA, see here:
>
> http://www.apache.org/dev/new-committers-guide.html#cla
>
>
> On Fri, Jan 8, 2016 at 5:13 PM, Bryan Krol <bryan.krol@technergetics.com>
> wrote:
>
>> Hello all,
>>
>> As part of some other work I have been doing, our team has decided that
>> it would be worth extending the Log4j2 library in such a way as to better
>> support logging of security events.  We also thought what we did would be
>> of interest to the larger Apache community, mostly because the need for
>> application-level security auditing is growing to help mitigate the
>> increase of application security incidents. In order to facilitate better
>> auditing practices, developers now have a need to include better security
>> logging practices in the development process.  Application logs provide
>> valuable data for:
>>
>>    -
>>
>>    Identifying security threats
>>    -
>>
>>    Monitoring policy violations
>>    -
>>
>>    Providing details about problems and unusual conditions
>>    -
>>
>>    Contributing application-specific data for auditing which is lacking
>>    in other sources
>>    -
>>
>>    Helping defend against vulnerability identification and exploitation
>>    through attack detection.
>>
>> ​I have attached a document that more thoroughly explains what we have
>> done and what "problems" we were looking to solve with our changes.
>> I am looking for some guidance on how I should go about submitting these
>> changes back to the Apache Log4j 2.x team for inclusion in the code base. I
>> have implemented both the functionality and the appropriate JUnit code for
>> testing of the additions.
>>
>> If anyone could respond with some information to help, I would greatly
>> appreciate it.
>>
>> Thank you,
>>
>> --
>> Bryan Krol
>> Software Engineer
>> Technergetics, LLC
>> bryan.krol@technergetics.com
>> Phone: (315) 271-2096
>> Fax: (886) 307-4382
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: log4j-dev-unsubscribe@logging.apache.org
>> For additional commands, e-mail: log4j-dev-help@logging.apache.org
>>
>
>
>
> --
> [image: MagineTV]
>
> *Mikael Ståldal*
> Senior software developer
>
> *Magine TV*
> mikael.staldal@magine.com
> Grev Turegatan 3  | 114 46 Stockholm, Sweden  |   www.magine.com
>
> Privileged and/or Confidential Information may be contained in this
> message. If you are not the addressee indicated in this message
> (or responsible for delivery of the message to such a person), you may not
> copy or deliver this message to anyone. In such case,
> you should destroy this message and kindly notify the sender by reply
> email.
>



-- 
E-Mail: garydgregory@gmail.com | ggregory@apache.org
Java Persistence with Hibernate, Second Edition
<http://www.manning.com/bauer3/>
JUnit in Action, Second Edition <http://www.manning.com/tahchiev/>
Spring Batch in Action <http://www.manning.com/templier/>
Blog: http://garygregory.wordpress.com
Home: http://garygregory.com/
Tweet! http://twitter.com/GaryGregory

Mime
View raw message