Not sure, guess you have dependabot oovers and haters but let stay simple: 1. If maven version plugin does not do its job let's fix it, 2. If release manager handles dep check before the release as most asf project, let's drop dependabot, 3. If not and dependabot is acgually useful let's make it more clever by checking compat between dep, handle dep baseline (prevent to use servlet 4 if you must be compat with v2 for ex) and OSGi meta (how many commons project validate it with dependabot?).
>From my experience 2 is the most efficient and cheaper but 3 is an option if somebody wants to do the investment too. Le mar. 28 déc. 2021 à 23:03, Xeno Amess <xenoam...@gmail.com> a écrit : > I think most people like me actually do not hate dependabot but hate the > email flood and notification flood it brings... > > XenoAmess > ________________________________ > From: Xeno Amess <xenoam...@gmail.com> > Sent: Wednesday, December 29, 2021 6:01:58 AM > To: Commons Developers List <dev@commons.apache.org> > Subject: Re: can we get rid of dependabot? > > junit 5 rc for example > > XenoAmess > ________________________________ > From: Xeno Amess <xenoam...@gmail.com> > Sent: Wednesday, December 29, 2021 6:01:35 AM > To: Commons Developers List <dev@commons.apache.org> > Subject: Re: can we get rid of dependabot? > > versions maven plugin's problem is it will bring you latest release,even > rc release... > > XenoAmess > ________________________________ > From: Xeno Amess <xenoam...@gmail.com> > Sent: Wednesday, December 29, 2021 6:00:40 AM > To: Commons Developers List <dev@commons.apache.org> > Subject: Re: can we get rid of dependabot? > > dependabot is useful but dependabot email is annoying. > can we find a solution and kill the dependabot emails? > > XenoAmess > ________________________________ > From: Mark Thomas <ma...@apache.org> > Sent: Wednesday, December 29, 2021 5:52:54 AM > To: dev@commons.apache.org <dev@commons.apache.org> > Subject: Re: can we get rid of dependabot? > > +1 > > And it isn't just the notifications an upgrade is available. The > associated GitHub emails are just as much of a problem. > > The Versions Maven Plugin would be a much better solution to this problem. > - Run it once as part of the pre-release process. > - One commit to apply all pending updates. > - Job done. > > Mark > > > On 28/12/2021 18:29, Romain Manni-Bucau wrote: > > +1, a lot of false positives and useless noise so the gain is rather not > > positive for me too (and we revew deps before a release anyway...when > there > > are some important ones) > > > > Romain Manni-Bucau > > @rmannibucau <https://twitter.com/rmannibucau> | Blog > > <https://rmannibucau.metawerx.net/> | Old Blog > > <http://rmannibucau.wordpress.com> | Github < > https://github.com/rmannibucau> | > > LinkedIn <https://www.linkedin.com/in/rmannibucau> | Book > > < > https://www.packtpub.com/application-development/java-ee-8-high-performance > > > > > > > > Le mar. 28 déc. 2021 à 19:20, Phil Steitz <phil.ste...@gmail.com> a > écrit : > > > >> I can no longer effectively monitor commits@ due to the spam generated > >> by this tool. I am afraid my eyeballs aren't the only ones going > >> missing here and that is a problem much more severe than any value > >> provided by this tool, IMO. > >> > >> Phil > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > >> For additional commands, e-mail: dev-h...@commons.apache.org > >> > >> > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > For additional commands, e-mail: dev-h...@commons.apache.org > >
