Security concern is indeed an issue there, same for Dependabot and other things. TL;DR: A malicious GitHUb app maintainer can push code to your repo. AFAIK GitHub is well aware about this concern, and they are introducing more and more fine grain permissions.
Even if we put configs on a global level, I do not plan to add the application globally. It will be still enabled on a per-repo basis after the explicit confirmation from maintainers that they understand the risks. related effort to actually standardize use of Release Drafter, so that > plugins.jenkins.io is able to obtain changelogs from the GitHub release > metadata rather than Confluence. > I also keep this story in mind, but we firstly need to get some adoption IMHO. BR, Oleg On Thursday, May 23, 2019 at 5:57:15 PM UTC+2, Gavin Mogan wrote: > > I don't think the warning about release drafter really affects jenkins. > Its all open source and public anyways. > > +1 to standardising on using github releases. I started letting release > drafter work and then copy the release notes to confluence just for > backwards compability > > On Thu, May 23, 2019 at 8:16 AM Jesse Glick <jgl...@cloudbees.com > <javascript:>> wrote: > >> +1 from me as well. I guess we would consider it a separate though >> related effort to actually standardize use of Release Drafter, so that >> plugins.jenkins.io is able to obtain changelogs from the GitHub >> release metadata rather than Confluence. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Jenkins Developers" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to jenkin...@googlegroups.com <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/jenkinsci-dev/CANfRfr1gg%3DzKKPUvgajeDMznLeBHDh6AZa-UPfa%3Dgmk0vtKJpQ%40mail.gmail.com >> . >> For more options, visit https://groups.google.com/d/optout. >> > -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-dev+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/ef30e3e4-70fa-4e4f-8931-ae094e68d308%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.