| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ZXrNI9Pqln9HVYVc@archie.me>
Date: Thu, 14 Dec 2023 16:38:43 +0700
From: Bagas Sanjaya <bagasdotme@...il.com>
To: Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Linux DRI Development <dri-devel@...ts.freedesktop.org>
Cc: Helen Koike <helen.koike@...labora.com>,
Maarten Lankhorst <maarten.lankhorst@...ux.intel.com>,
Maxime Ripard <mripard@...nel.org>,
Thomas Zimmermann <tzimmermann@...e.de>,
David Airlie <airlied@...il.com>,
Daniel Vetter <daniel@...ll.ch>,
David Heidelberg <david.heidelberg@...labora.com>,
Dorine Tipo <dorine.a.tipo@...il.com>
Subject: Automatically update drm CI dependencies?
Hi all,
I'm referring to dependabot PR on torvalds.git GitHub mirror [1]. I know
that PRs submitted there are not accepted (the repo is essentially read-only
mirror), hence this mail question.
In summary, dependabot submitted automated PR that bumps package versions
in `drivers/gpu/drm/ci/xfails/requirements.txt`. In this case, pip was
upgraded to 23.3.
From my experience, such automated PRs can pollute commit history (in
some GitHub projects these PR kind can contribute up to half of total
commits since the beginning of project). And in some projects, dependabot
PRs are automatically merged without any maintainer intervention.
Does such PRs (when submitted to LKML these will be patches) make sense
for DRM subsystem?
Thanks.
[1]: https://github.com/torvalds/linux/pull/807
--
An old man doll... just what I always wanted! - Clara
Download attachment "signature.asc" of type "application/pgp-signature" (229 bytes)
Powered by blists - more mailing lists