The vote is only about weekly schedule (not grouping). I mentioned grouping to reduce the number of PRs but I’m more in favor of keeping atomic PRs.
Regards JB Le mar. 25 févr. 2025 à 11:09, Robert Stupp <sn...@snazy.de> a écrit : > > On 24.02.25 10:54, Jean-Baptiste Onofré wrote: > > Hi Robert, > > > > As your vote is binding, and this vote is a code modification change, > > it basically means veto. > > > > Let me try to convince you to revert your vote ;) > > You are maybe right about the noise, but worth a try. I think that > > grouping + weekly schedule should reduce the noise. > > I'm confused now. This one is about "weekly schedule" but ARAIK we all > agreed that "grouping everything" is definitely not an option, no? > > > About keeping dependencies up-to-date, especially for bugs and > > security issues, I'm with you on that. > > That said, we can always have a "quick" update, so we can have weekly > > schedules and "on-demand" updates when needed (CVE, ...). > > > > Thoughts ? > > Currently it's sadly maybe 3 people who constantly tackle dependency > updates. To be honest, I'm quite disappointed that not more people are > interested in keeping dependencies up to date. Keeping those up-to-date > _actively_ prevents tech debt from piling up and running into (already > fixed) bugs and security issues. > > What was probably not considered at all: Weekly updates will _increase_ > the amount of "noise". Just think about it: Renovate creates all updates > at once - once one change is merged, Renovate will rebase/recreate all > other updates, CI will run again for all the other updates. > > If all people are fine with more noise, let's go for it - I'd be happy > to revert my vote if that's the case. > > > Regards > > JB > > > > On Sun, Feb 23, 2025 at 1:04 PM Robert Stupp <sn...@snazy.de> wrote: > >> Keeping dependencies up-to-date is mandatory to get bug and security > >> fixes as fast as possible and avoid piling up tech debt and CVEs from > >> outdated dependencies. > >> > >> Moving to a weekly schedule would _not_ reduce that noise but instead > >> _increase_ it and imply _more_ work to the few persons who deal with > >> dependency updates. > >> > >> It is _much_ easier to deal with dependency updates as they are created. > >> > >> Therefore my (binding) -1 vote on this. > >> > >> On 21.02.25 14:38, Jean-Baptiste Onofré wrote: > >>> Hi folks, > >>> > >>> I know it's a hot topic, but I would like to avoid any frustration in > >>> our community. > >>> > >>> Before the vote, let me put some context. > >>> > >>> To manage our dependency updates, we are using renovatebot. > >>> The current renovatebot configuration uses "at any time" schedule > >>> (e.g. * * * * * cron), except for AWS SDK and boto3 updates which run > >>> weekly. > >>> Some contributors are complaining about the "noise" generated by > renovatebot. > >>> In order to "mitigate" that, we introduced "polaris-renovate" label to > >>> easily filter the notification coming from renovatebot. > >>> However, an issue has been created 4 days ago > >>> (https://github.com/apache/polaris/issues/1018), meaning the "issue" > >>> is still there. > >>> > >>> So, I propose this vote to have clear feedback from the community, as > >>> we don't have clear lazy consensus. > >>> > >>> The vote is to schedule renovatebot update weekly: > >>> > >>> [ ] +1 - Use weekly schedule for all renovatebot updates > >>> [ ] 0 > >>> [ ] -1 - Don't use weekly schedule, keep the "at any time" schedule > >>> > >>> Thanks, > >>> Regards > >>> JB > >>> > >>> NB: we can consider this vote as a code modification vote (see > >>> > https://www.apache.org/foundation/voting.html#votes-on-code-modification). > >> -- > >> Robert Stupp > >> @snazy > >> > -- > Robert Stupp > @snazy > >
