Daniel Beck, Wadeck Follonier, do you think it could be possible for the security team to do a security review of this app? On Wednesday, September 7, 2022 at 2:53:42 PM UTC+2 Jesse Glick wrote:
> On Wed, Sep 7, 2022 at 6:42 AM 'Herve Le Meur' via Jenkins Developers < > jenkin...@googlegroups.com> wrote: > >> I think it could be useful on the jenkinsci and jenkins-infra GitHub >> organizations, WDYT? >> > > Sure, assuming it passes some sort of security review. As someone who > frequently creates sets of interrelated PRs in @jenkinsci, I would at least > try it. (Really I think it should be something built into GitHub with > first-class presentation.) > > Note that its model is a bit simplistic—as soon as the upstream PR is > merged, the downstream is unblocked. That suffices for PRs within a > repository, but when using Maven dependencies across repositories what we > actually want is for the upstream PR to be *released* and for the > downstream PR to encode that release version in a dependency. Typically I > have encoded this by leaving the downstream PRs in draft status and keeping > a TODO comment visible in the diff noting the upstream PR, which works but > is clumsy. > -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-dev+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/e7cd7623-e41a-4812-82ff-7e2955966ba1n%40googlegroups.com.
