chatman commented on PR #3731: URL: https://github.com/apache/solr/pull/3731#issuecomment-3387283993
> this PR would have been complicit in compromising the security of any Solr deployment Maybe we should flag a warning via GH actions for any PR that introduces a non Maven Central artifacts repository? This way, the committers who review contributions would be notified before they merge the PRs. To be clear, in this case, I was the committer who merged the PR (https://github.com/apache/solr/pull/3615) with the third-party Maven repository with the full knowledge of why and what is going on, so this particular instance is not an attack. FYI @narangvivek10. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
