singa-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] [singa] moazreyad commented on pull request #780: Adding dependabot support
Date Sun, 27 Sep 2020 11:40:22 GMT

moazreyad commented on pull request #780:
URL: https://github.com/apache/singa/pull/780#issuecomment-699624036


   > let's consider this PR in the next version.
   
   Ok. Although we can at least enable the dependabot support and badge, even though we don't
resolve the problems that dependabot report. Just like we enabled lgtm but we don't have to
fix all its errors, and we enabled codecov but we don't have to test with 100% coverage. 
   
   > One potential issue is that protocol buffer (PB) is not backward compatible.
   > If there is a new version of PB, we may have to update many dependent libs to remove
the warnings from the dependent bot.
   
   We don't have to update immediately all the dependencies that dependabot found obsolete
or insecure. At least we can have the results of the dependency analysis and the singa team
can decide the work priorities. The PB team are working now on a release candidate for version
4 and planning to upgrade singa PB to at least version 3 can be useful.
   
   > Now we support both conda and pip.
   
   We don't support machine readable requirements that can be found by Github tools. The instructions
to installing singa dependencies with pip is only human readable in the web site documentation,
or in the conda scripts. We need to extract these dependencies into something like requirements.txt
so that Github (and other tools) can find them.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



Mime
View raw message