tuxji commented on pull request #699: URL: https://github.com/apache/daffodil/pull/699#issuecomment-988991167
> So given your observations @tuxji, what triggers scala-steward to provide this as an update. > > Feels like there is a substantial secuirty risk if people don't give scala-steward PRs significant scrutiny. > > Why would some contributor's fork cause scala-steward to notice? No, scala-steward didn't notice the contributor's fork. What happened is that JDOM had an old maintainer (Rolf) who held the Sonatype account credentials. The new maintainer (Jason) had to get Sonatype account credentials by adding a TXT record to the JDOM website's DNS records, and then uploaded this jar to Sonatype. Scala-steward then noticed the new jar had appeared in Maven Central and sent us a PR. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
