On Tue, Jan 31, 2023 at 7:24 AM 'wfoll...@cloudbees.com' via Jenkins Developers <jenkinsci-dev@googlegroups.com> wrote: > As it's about reducing the risk and not eliminating it
I do not see a reason why we should accept continued exposure. Software supply chain attacks have been increasing in recent years, highlighting the need for a thorough response. As industry leaders in this space, we ought to be role models rather than doing the bare minimum. > from my PoV it's another topic with harder consensus to find. I see no evidence that consensus would be hard to find. It would be one thing if concrete objections had been raised in this discussion, but so far nobody has provided a cogent counterargument to the points made in my last post. -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-dev+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjqQDRBwq8QRTVDj7UTr%2BfEOvOnfn73Oiq9L48xmHkUm_w%40mail.gmail.com.
