An interesting issue wrt CLA


Brendan Burns
 

Folks,
See:

Dependabot is automatically generating a PR to update vulnerable dependencies, but of course the CNCF CLA is required, and dependabot (being a bot) has no ability to sign.

Any thoughts about the right approach here? (for this specific one I'm going to clone the PR myself, but in general it's an interesting issue)

Thanks
--brendan


Join cncf-toc@lists.cncf.io to automatically receive all group messages.