That may be true, but that doesn't mean that battle tested means nothing. There are plenty other logging libraries that have also been thoroughly tested. If you look for obscure logging libraries in c, c++ and even bash I wouldn't be surprised if you found rce bugs. In Java it's probably less common.
Nothing in programming is proven since everything changes all the time. Otherwise we would still be programming in Cobol, Fortran, LISP and APL without changes from the 1950's. It's like saying tanks from WW1 were good enough to last forever. Change means you have to prove things over and over, and generally the pace of change is too fast for anything to be proven before it is obsolete.
"Program testing can be used to show the presence of bugs, but never to show their absence!" - Djikstra... meaning, just because something is battle-tested, doesn't mean that we have proven it has no defects.
That’s an ad hominem attack. It shuts down conversation rather than encouraging it. Not the level of discourse we should be seeing on here. Everybody is allowed to have an opinion regardless of their background.
Anyway I have >20 years of experience and say kreeben has a point. The popularity of this library is working against it, preventing it from reversing bad decisions, and multiplying the harm. Sometimes it’s worthwhile in the long run to throw away the “battle tested” thing in favor of a newer, simpler alternative.
They didn't say their work is worth nothing, but that the label doesn't mean much. And even if they did, that's still a level better than your comment. And even if it wasn't, "they said something bad so now I'm going to insult them too" is not how discussions are supposed to work here.
