elharo commented on PR #5: URL: https://github.com/apache/maven-project-utils/pull/5#issuecomment-1322014122
> How do you propose I do this at scale? When reporting hundreds or thousands of security vulnerabilities across OSS, I am only one person. How do you propose I attempt to follow the policies of every org I report to? How would you solve this problem? Patient: Doctor, it hurts when I bang my head against the wall. Doctor: Simple, stop banging your head against the wall. You are **not** reporting hundreds or thousands of security vulnerabilities across OSS. You are running an automated code analyzer that spams many repos and maintainers with low quality, non-bugs. This is not helpful. Any actual problems the tool uncovers are completely lost in a sea of false positives. If the bugs the tool finds are not worth your time to investigate, why do you think the bugs will be worth other people's time? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
