damccorm commented on PR #17766: URL: https://github.com/apache/beam/pull/17766#issuecomment-1138921301
> I also like the idea of linking to: > > https://deps.dev/go/github.com%2Fapache%2Fbeam%2Fsdks%2Fv2/ > > Which will list all versions of the module, and include the various scorecards and things automatically, and then the dependencies are also visible right there. Unless we plan on staying on top of those warnings, I'm not sure I want to direct users that way. Security conscious customers will mostly already have a way of assessing their dependencies (or will find one), but most others will probably navigate to that page, be alarmed, and not have the context to tell if any of these dependencies actually matter to Beam. If we're planning on getting green on that page and staying green then I care less (but I don't really see that being a high priority) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
