Hi, I'm part of Virtuslab Group (as Softwaremill) and already asked to take a look at that PR. Let me know if you need anything else :)
Cheers Łukasz pon., 12 sty 2026 o 11:54 Arnout Engelen <[email protected]> napisał(a): > > Let's try it: https://github.com/VirtusLab/scala-steward-repos/pull/608 > > On Mon, Jan 12, 2026 at 11:22 AM PJ Fanning <[email protected]> wrote: > > > I'm happy to have us try out using the VirtusLab ScalaSteward bot. > > We can just raise PRs to add repo names to: > > https://github.com/VirtusLab/scala-steward-repos/blob/main/repos-github.md > > > > On Mon, 12 Jan 2026 at 09:38, Arnout Engelen <[email protected]> wrote: > > > > > > Hi, > > > > > > The Pekko projects currently use a setup with a custom GitHub bot and the > > > Scala Steward GitHub Action. I'm leaning towards retiring this custom > > setup > > > in favour of adding our repo's to > > > > > https://github.com/VirtusLab/scala-steward-repos/blob/main/repos-github.md > > > > > > I found https://issues.apache.org/jira/browse/INFRA-24961 that says "It > > can > > > be argued that (..) is this approach more secure" but I'm not sure I > > > understand in what way it would be more secure. An advantage of using our > > > own bot could be that it'd be easier for us to run tweaked versions of > > the > > > logic, but I don't see a strong use case for that. > > > > > > Security-wise, a 3rd party with no write permissions creating public pull > > > request seems hard to beat. The scala-steward action now contains > > > 'compiled' javascript ( > > > https://github.com/apache/infrastructure-actions/pull/444) which seems > > more > > > tricky. I've brought this up before on Slack and on GitHub comments, but > > > wanted to have it here as well before making the change. > > > > > > > > > Kind regards, > > > > > > -- > > > Arnout Engelen > > > ASF Security Response > > > Apache Pekko PMC member, ASF Member > > > NixOS Committer > > > Independent Open Source consultant > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > > > > > -- > Arnout Engelen > ASF Security Response > Apache Pekko PMC member, ASF Member > NixOS Committer > Independent Open Source consultant --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
