I'd go with option 3 (including the JIRA number in the title of the dependabot PR) if it's possible, or option 2 (as you've done with your Omid example) otherwise.
Geoffrey On Mon, Apr 25, 2022 at 3:42 AM Istvan Toth <st...@apache.org> wrote: > The recently enabled depandabot has opened a few PRs, that we should handle > somehow. > > Some of those PRs, like the Hadoop versions changes are obviously > non-starters, as they would break the project, or at the very least > our test infra. > > However, some of them are relevant, and risk-free. > > Our current policy is that every commit should have a corresponding JIRA, > obviously the github bot doesn' create JIRAs. > > We could > - Ignore the Github PR, and just open a separate JIRA with a patch for the > update > - Open a JIRA, clone the GitHub PR, and change the description to include > the JIRA > - Something else, like modifying the dependabot PR directly to add the JIRA > (not sure how/if that would work). > - Skip the JIRA, and just directly commit the dependabot PR (would cause > problems with the Release notes, and our pre-release checklists) > > I have opened OMID-211 according to the 2nd option here: > https://issues.apache.org/jira/browse/OMID-221 > > What do you think ? > > Istvan >
