On Wed, Sep 16, 2020 at 8:53 PM Matt Sicker wrote:
>
> Don’t Dependabot PRs show up as branches in each git repo?
Yes, which let's a build happen on that branch as a GitHub Action,
assuming you have Actions enabled for your repo.
Gary
I noticed that
> with the Dependabot config for Log4j2 at
Don’t Dependabot PRs show up as branches in each git repo? I noticed that
with the Dependabot config for Log4j2 at least, though perhaps that’s a
GitBox feature.
On Wed, Sep 16, 2020 at 19:44 Gary Gregory wrote:
> On Wed, Sep 16, 2020 at 7:10 PM Rob Tompkins wrote:
>
> >
>
> >
>
> >
>
> > > On
On Wed, Sep 16, 2020 at 7:10 PM Rob Tompkins wrote:
>
>
>
> > On Sep 16, 2020, at 4:43 PM, Gary Gregory wrote:
> >
> > On Wed, Sep 16, 2020 at 4:25 PM Gilles Sadowski
> > wrote:
> >>
> >>> Le mer. 16 sept. 2020 à 21:09, Gary Gregory a
> >>> écrit :
> >>>
> >>> I think we really want the
On Wed, Sep 16, 2020 at 7:10 PM Rob Tompkins wrote:
>
>
>
> > On Sep 16, 2020, at 4:43 PM, Gary Gregory wrote:
> >
> > On Wed, Sep 16, 2020 at 4:25 PM Gilles Sadowski
> > wrote:
> >>
> >>> Le mer. 16 sept. 2020 à 21:09, Gary Gregory a
> >>> écrit :
> >>>
> >>> I think we really want the
> On Sep 16, 2020, at 4:43 PM, Gary Gregory wrote:
>
> On Wed, Sep 16, 2020 at 4:25 PM Gilles Sadowski wrote:
>>
>>> Le mer. 16 sept. 2020 à 21:09, Gary Gregory a
>>> écrit :
>>>
>>> I think we really want the PRs, the main benefit is to have the software
>>> built and tested WITH the
On Wed, Sep 16, 2020 at 4:25 PM Gilles Sadowski wrote:
>
> Le mer. 16 sept. 2020 à 21:09, Gary Gregory a écrit :
> >
> > I think we really want the PRs, the main benefit is to have the software
> > built and tested WITH the dependency update, that is a huge time saver.
>
> Yes, but the bot
Le mer. 16 sept. 2020 à 21:09, Gary Gregory a écrit :
>
> I think we really want the PRs, the main benefit is to have the software
> built and tested WITH the dependency update, that is a huge time saver.
Yes, but the bot should submit the PR only when asked by a human,
at times where it brings
I think we really want the PRs, the main benefit is to have the software
built and tested WITH the dependency update, that is a huge time saver.
Gary
On Wed, Sep 16, 2020, 13:17 Ralph Goers wrote:
> I am not sure that is possible since Dependabot is actually creating PRs
> and GitHub sends
I am not sure that is possible since Dependabot is actually creating PRs and
GitHub sends those to the mailing list. What I heard was that they would like
to have Dependabot just send reports from time to time about what dependencies
could be changed rather than create PRs. Matt also mentioned
I think the desire-complaint is how to stop Dependabot from sending emails
to our ML.
Gary
On Wed, Sep 16, 2020, 09:33 Matt Sicker wrote:
> Did you know that you can configure Dependabot to ignore specific
> dependencies and version ranges? You can also configure default
> reviewers (see also
Did you know that you can configure Dependabot to ignore specific
dependencies and version ranges? You can also configure default
reviewers (see also the GitHub CODEOWNERS file which can help set up
default reviewers [1]). If desired, you can configure it to only make
PRs for security updates
On Wed, Sep 16, 2020 at 8:31 AM Jochen Wiedmann
wrote:
>
> On Sun, Sep 6, 2020 at 3:39 PM Gary Gregory wrote:
>
> > The idea behind making *Util constructors private is that it does not make
> > sense to instantiate a class that only has static methods.
>
> True, but that also eliminates reuse
Le mer. 16 sept. 2020 à 14:42, Jochen Wiedmann
a écrit :
>
> On Wed, Sep 16, 2020 at 2:38 PM Gilles Sadowski wrote:
>
> > Isn't what
> >https://spamassassin.apache.org/
> > is about?
>
> Not that I am uptodate, but at least historically it hasn't. It's
> mostly about blocking spam. Related,
On Thu, Sep 10, 2020 at 4:18 AM Peter Lee wrote:
> I noticed that some Commons components snapshot versions released in
> https://repository.apache.org/content/groups/snapshots/org/apache/commons
> have not been updated for some time.
>
> Just curious about how do we publish snapshot versions
On Wed, Sep 16, 2020 at 2:38 PM Gilles Sadowski wrote:
> Isn't what
>https://spamassassin.apache.org/
> is about?
Not that I am uptodate, but at least historically it hasn't. It's
mostly about blocking spam. Related, but not necessarily reusable for
the suggested purpose.
Jochen
---
Look,
Le mer. 16 sept. 2020 à 14:29, Jochen Wiedmann
a écrit :
>
> On Wed, Sep 16, 2020 at 12:37 PM Gilles Sadowski wrote:
>
> > As I've already stated in the previous "discussion" (from
> > where I was left with the only solution of filtering out), a lot
> > of the bot-generated messages is just
On Sun, Aug 30, 2020 at 12:53 AM Gary Gregory wrote:
> Any thoughts for or against creating a new git repository which would
> contain all 'proper' Commons components as git submodules?
>
> The idea is to be able to checkout all of Commons 'proper' in one go in one
> place.
Sounds to me like a
On Sun, Sep 6, 2020 at 3:39 PM Gary Gregory wrote:
> The idea behind making *Util constructors private is that it does not make
> sense to instantiate a class that only has static methods.
True, but that also eliminates reuse by subclassing, and similar
techniques. In my opinion, static utility
On Wed, Sep 16, 2020 at 12:37 PM Gilles Sadowski wrote:
> As I've already stated in the previous "discussion" (from
> where I was left with the only solution of filtering out), a lot
> of the bot-generated messages is just spam.
> IMO, it's not needed for traceability, and nobody/norobot is
>
2020-09-16 8:16 UTC+02:00, Jochen Wiedmann :
> On Mon, Sep 14, 2020 at 2:48 PM Gary Gregory
> wrote:
>
>> [...]
>> I don't really care about
>> the emails one way or another.
Then why force them down onto people who did care?
>
> I don't need a compromise. Just wanted to trigger a discussion.
On Mon, Sep 14, 2020 at 2:48 PM Gary Gregory wrote:
> - Jochen: What you do with your inbox is your business ;-) What is
> the happy compromise here? Do you want a separate email list? Zero
> Dependabot emails anywhere? If you feel strongly about this, please
> create a [POLL] thread for what
21 matches
Mail list logo
