potiuk commented on issue #1235: URL: https://github.com/apache/tooling-trusted-releases/issues/1235#issuecomment-4425059709
This is what I am going to use scrutineer for. Previously I had some deterministic tooling that I use for first version of Airflow Beach Cleaning https://docs.google.com/spreadsheets/d/1IT8PMEhtvhwSgH9ksXl97F-NJKez0wR7gTgP6NiMcJk/edit?gid=0#gid=0 where I had a deterministic python script looking at OSS scorecard + some manual classification and "quick eyeball` assesment. But I hit the "Scaling" wall when I was doing it - it was very time consuming and manual - even if parts were possible to automate. Only the AI + Agents opened a way to make it way better. So my plan is: a) use scrutineer to scan them -> including detecting insecure setup b) use it to reach out to those deps (scrutineer integrates with ecosyste.ms for dependency data + maintainer contacts etc. c) generate PRs to fix issues found (with AI) d) see if they are resonding e) choose: (f)ix, (f)ork, (f)orego The AI /Agentic tooling as of 2 months allows doing it at scale. This is basically what I am doing (in a small scale) to learn and see how people respond (experiment) with I was first doing it semi-manually, then I asked my agent to do it for me in several actions, and finall https://github.com/apache/infrastructure-actions/pull/807 @dave2wave just merged a SKILL that is supposed to do exactly this. With Scrutineer - a lot of SKILLS for that are already there - but I will want to experiment and add SKILLs that are specifically targetted to walk the dependency tree, starting interaction with the maintainer and tracking that, so I do not have to do it manually - I will generally want most of it to happen semi-automatically (following the principles of https://github.com/apache/airflow-steward ) - where all "write" shoudl be always reviews and confirmed by Human... But it has good chance to scale - I will likely build some of that even directly in "!Steward" -> as a reusable skill for other maintainers. So eventually .. one way for ATR to do it will be to "adopt" "!steward" and use skills from there. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
