cziegeler commented on PR #149: URL: https://github.com/apache/sling-site/pull/149#issuecomment-1850481283
Very good points. While it might be hard to get all that data, I would expect that installations out there are fairly up to date with security updates. I would also like to add the question "how painful is it to update the required dependencies?" Since we started with the policy of lowest possible dependencies, a lot has changed. Especially tooling is far better these days. If someone wants to update a bundle, tooling will tell you before the deployment whether that bundle will resolve or needs additional things. Some tooling will also help you in finding these things. Based on that, it is probably less of a deal to update a Sling module together with it dependencies - of course as long as this does not require any code changes. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org