JLLeitschuh commented on PR #5:
URL:
https://github.com/apache/maven-project-utils/pull/5#issuecomment-1323069630
I've clearly upset several of you through this process, and for that I'm
sorry.
> You are running an automated code analyzer that spams many repos and
maintainers with low quality, non-bugs. This is not helpful.
Given your view of the world, and the PRs that you all have received
to-date, I can understand this response and why that would be upsetting. This
is not representative of the general experience of maintainers I've had across
the board.
I'm working on compiling some of the data from the various campaigns and the
over 5,000 automated pull requests I've issued to-date to provide accurate
merge/rejection-counts and potentially also some sentiment analysis on the
responses from the maintainers.
To provide a smaller snapshot from my previous campaigns that I do have data
for.
I generated 1,596 pull requests to fix the use of HTTP (instead of HTTPS) to
resolve dependencies in maven POM files back in 2020. This has had a 40% merge
rate as of 2022.
For this particular campaign, local temporary file information disclosure,
58 PRs have been issued to-date, two CVEs will be issued so far:
- https://github.com/cowtowncoder/java-merge-sort/pull/21
- https://github.com/apache/james-mime4j/pull/81
I suspect more will come out of this work as well.
Give me a bit more time to come up with better statistics. I have some other
bulk PR campaigns I engaged in, but my merge rate vs close rate statistics are
out-of-date, and I don't want to misrepresent the current state of the world.
I'd also like to collect the stats on the number of CVEs that have been issued
from this work as well.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
