ppkarwasz opened a new issue, #3604: URL: https://github.com/apache/logging-log4j2/issues/3604
We should reconsider enabling the Scorecard action, considering especially that: - A Scorecard for Apache Log4j is computed anyway, since [Scorecards are computed for 1 million critical projects](https://github.com/ossf/scorecard?tab=readme-ov-file#public-data). Running the action ourselves we have more control on what the public sees. - We enabled mandatory PR reviews, so random pushes to our default branch will not decrease our score. Blocked by ossf/scorecard-webapp#554 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@logging.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
