Dzeri96 commented on PR #43844: URL: https://github.com/apache/spark/pull/43844#issuecomment-3470511444
Hi @bjornjorgensen , First of all, thank you for the very comprehensive answer. I have one thing to ask you though: where does the discussion leading to these decisions take place? My company is doing a security audit for a certificate and any official discussion on why something is or isn't a threat would really help make our case in situations where we chose not to upgrade a package like Spark. Additionally, knowing this information would help with threat modelling. In today's world, it's impossible to understand how every single (sub)dependency inside your project is used. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
