This is all part of playing nicer in the larger FOSS ecosystem, as is
the generation of SBOMs, all items that were inspired from the fall
out of Log4Shell.
Gary
On Fri, Sep 30, 2022 at 6:26 AM Thomas Vandahl wrote:
>
> Hi Gary
>
> > Am 28.09.2022 um 21:31 schrieb Gary Gregory :
> >
> > A
Hi Gary
> Am 28.09.2022 um 21:31 schrieb Gary Gregory :
>
> A specific version of the ossf/scorecard-action is approved by Apache Infra.
Is there any discussion I might have missed why this is required now?
Bye, Thomas
-
To
A specific version of the ossf/scorecard-action is approved by Apache Infra.
Do not merge ossf/scorecard-action PRs, this will cause the next run of
ossf/scorecard-action to fail (see the logs).
When it is eventually time to merge (in the future), please edit the PR to
fix the comment, for
