Keeping dependencies up-to-date is mandatory to get bug and security
fixes as fast as possible and avoid piling up tech debt and CVEs from
outdated dependencies.
Moving to a weekly schedule would _not_ reduce that noise but instead
_increase_ it and imply _more_ work to the few persons who deal with
dependency updates.
It is _much_ easier to deal with dependency updates as they are created.
Therefore my (binding) -1 vote on this.
On 21.02.25 14:38, Jean-Baptiste Onofré wrote:
Hi folks,
I know it's a hot topic, but I would like to avoid any frustration in
our community.
Before the vote, let me put some context.
To manage our dependency updates, we are using renovatebot.
The current renovatebot configuration uses "at any time" schedule
(e.g. * * * * * cron), except for AWS SDK and boto3 updates which run
weekly.
Some contributors are complaining about the "noise" generated by renovatebot.
In order to "mitigate" that, we introduced "polaris-renovate" label to
easily filter the notification coming from renovatebot.
However, an issue has been created 4 days ago
(https://github.com/apache/polaris/issues/1018), meaning the "issue"
is still there.
So, I propose this vote to have clear feedback from the community, as
we don't have clear lazy consensus.
The vote is to schedule renovatebot update weekly:
[ ] +1 - Use weekly schedule for all renovatebot updates
[ ] 0
[ ] -1 - Don't use weekly schedule, keep the "at any time" schedule
Thanks,
Regards
JB
NB: we can consider this vote as a code modification vote (see
https://www.apache.org/foundation/voting.html#votes-on-code-modification).
--
Robert Stupp
@snazy
