You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@daffodil.apache.org by Mike Beckerle <mb...@apache.org> on 2022/07/13 20:01:23 UTC
So many bot updates, so little time....
Anybody else think the bot-based updates are far too frequent?
What if we restricted this to monthly?
I'd like to find out earlier about security-related issues, but otherwise,
I'd really like to see these things less often.
But I'm curious of others' view.
Message ID: <ap...@github.com>
Re: So many bot updates, so little time....
Posted by "Shearer, Davin" <sh...@ctc.com>.
Hi Mike,
I can speak to the daffodil-vscode repo. I think once we clear this initial backlog of dependency updates, we'll get much less bot PR spam (theoretically). There is certainly value in dependabot and Scala steward and they are currently set to run on Sundays, so we can start to clear the backlog on Monday. What would help is if the bot PRs would run the CI workflows so we can quickly assess those dependency updates that break the build or the tests. Those PRs that pass CI can be more quickly reviewed and merged, and those that don't will need some extra attention. My opinion is that weekly is fine for now, but we can move to monthly if the bot backlogs continue to be substantial after a few weeks of weekly updates.
-Davin
On 7/13/22, 4:02 PM, "Mike Beckerle" <mb...@apache.org> wrote:
Anybody else think the bot-based updates are far too frequent?
What if we restricted this to monthly?
I'd like to find out earlier about security-related issues, but otherwise,
I'd really like to see these things less often.
But I'm curious of others' view.
Message ID: <ap...@github.com>
-----------------------------------------------------------------
This message and any files transmitted within are intended
solely for the addressee or its representative and may contain
company proprietary information. If you are not the intended
recipient, notify the sender immediately and delete this
message. Publication, reproduction, forwarding, or content
disclosure is prohibited without the consent of the original
sender and may be unlawful.
Concurrent Technologies Corporation and its Affiliates.
www.ctc.com 1-800-282-4392
-----------------------------------------------------------------