Now there's a LEGAL ticket for that: https://issues.apache.org/jira/browse/LEGAL-491
With a comment from Mark Thomas that this is no different than a committer running a local tool, reviewing the commit and pushing it. Read his comment on the ticket for more information and advice. Martijn On Sat, Oct 19, 2019 at 8:51 PM Enrico Olivelli <eolive...@gmail.com> wrote: > > I see value in it. > But from a legal point of view....there is no human who sends the PR, so in > theory we cannot accept such patches, can we? > > Enrico > > Il sab 19 ott 2019, 20:26 Tibor Digana <tibordig...@apache.org> ha scritto: > > > The dependabot looks interesting, cli has more possibilities than a pure > > button on GUI. > > >> does anyone enabled it > > I am all the ear how it can be enabled. > > > > On Fri, Oct 18, 2019 at 3:32 PM Enrico Olivelli <eolive...@gmail.com> > > wrote: > > > > > Hey guys, > > > Did you see dependabot on our repos? > > > > > > Like this automatic PR > > > > > > > > https://github.com/apache/maven-plugins/pull/147#pullrequestreview-303889692 > > > > > > I feel this is very useful, but... does anyone enabled it? > > > > > > Do we have to set a policy, this suggestions are security related fixes, > > we > > > could give them some kind of high priority? > > > > > > Enrico > > > > > -- Become a Wicket expert, learn from the best: http://wicketinaction.com --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org