Conversation

Notices

1. Embed this notice
   Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Thursday, 28-Mar-2024 01:06:42 JST Haelwenn /элвэн/ :triskell:
   @ariadne Sounds like a dependabot/renovator kind of thing.
   The problem I then have with those is how they typically lack something like pkgdiff being hooked up so you're risking accepting malware (or missing recipes changes to be done).
   (renovator even tries to give a diff, but between two github tags, not the actual tarballs that are being used)
   • Embed this notice
     Hugo 雨果 (whynothugo@fosstodon.org)'s status on Thursday, 28-Mar-2024 01:41:52 JST Hugo 雨果

     in reply to

     @lanodan a human needs to looks at the release itself anyway. The automation is would do the repetitive part (pull latest generate commit, push to new branch, open MR).

   • Embed this notice
     Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Thursday, 28-Mar-2024 01:41:52 JST Haelwenn /элвэн/ :triskell:

     in reply to

     • Hugo 雨果
     @whynothugo Yeah, just that the problem I see with this system is it makes it much less attractive to have any release reviews in place.
     Getting the latest tarball from a release feed isn't the hard part, nor is making an MR with just a version bump.