Daniel Beck, Wadeck Follonier, do you think it could be possible for the security team to do a security review of this app? On Wednesday, September 7, 2022 at 2:53:42 PM UTC+2 Jesse Glick wrote:
> On Wed, Sep 7, 2022 at 6:42 AM 'Herve Le Meur' via Jenkins Developers < > [email protected]> wrote: > >> I think it could be useful on the jenkinsci and jenkins-infra GitHub >> organizations, WDYT? >> > > Sure, assuming it passes some sort of security review. As someone who > frequently creates sets of interrelated PRs in @jenkinsci, I would at least > try it. (Really I think it should be something built into GitHub with > first-class presentation.) > > Note that its model is a bit simplistic—as soon as the upstream PR is > merged, the downstream is unblocked. That suffices for PRs within a > repository, but when using Maven dependencies across repositories what we > actually want is for the upstream PR to be *released* and for the > downstream PR to encode that release version in a dependency. Typically I > have encoded this by leaving the downstream PRs in draft status and keeping > a TODO comment visible in the diff noting the upstream PR, which works but > is clumsy. > -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/e7cd7623-e41a-4812-82ff-7e2955966ba1n%40googlegroups.com.
