Agreeing with the dependabot's PR notification noise. Though I am not sure
if addressing this at the infrastructure is the right thing to do. So far I
am having a pleasant ride by extending my existing filtering with an extra
`dependabot[bot]` predicate on the subject.

Even though I am not inclined to, we can add `github.dependabot_updates:
false` to `.asf.yml`
<https://cwiki.apache.org/confluence/display/INFRA/Git+-+.asf.yaml+features#Git.asf.yamlfeatures-DependabotAlertsandUpdates>,
if that is what the rest wants.

Let me also state that I don't have this problem in projects where
dependabot PRs are merged automatically, e.g., `log4j-tools`. PR comes in,
`verify` succeeds, PR gets merged, and I see this beautiful interaction in
my inbox. This simply puts a smile on my face, or when `verify` fails, a
frowning look to check what went wrong.

On Wed, Feb 1, 2023 at 10:21 PM Matt Sicker <m...@musigma.org> wrote:

> I like to follow the notifications lists because that’s where I can see
> code changes committed, PRs opened, issues opened, etc. However, Dependabot
> spam makes it nearly impossible to find. There was a recent update to the
> .asf.yaml config features that allow customizing where Dependabot shit
> goes. I propose we create another list (which I won’t subscribe to) for
> Dependabot-related notifications.

Reply via email to