On Fri, Sep 8, 2017 at 2:33 PM, Pramod Immaneni <pra...@datatorrent.com> wrote:
> Second and more importantly, the vulnerabilities cannot be > reported in a public way which integrating with the open build systems will > do. How about implementing it so that it can be run manually, for example as part of a release? False alarms are a problem, but ultimately relevant vulnerabilities will need to be identified and fixed. It's part of project maintenance (like CI and other times), which cannot be neglected.
