I understand and agree that that is what parent is saying.
I think it might be worth considering that Dependabot outdid a Github feature to do the exact same thing. Dependabot beat out the in-house Github implementation by being better and having better features. Indeed, Dependabot integrated with Github better!
I understand the concern. There's a very real fear that having Dependabot in-house at Github might mean that something even better never develops. It's very possible that this might come true this time! But I am skeptical, given that it clearly failed to occur previously. I'm not seeing why this time around will be different, but I'm sure that's just a lack of vision on my part.
Plus, well, if Dependabot keeps away all would-be competitors by being so good at what it does that nobody can compete... I consider that a win. My main concern and primary goal is more secure software, not more startups rooted in an ecosystem around Github.
I think it might be worth considering that Dependabot outdid a Github feature to do the exact same thing. Dependabot beat out the in-house Github implementation by being better and having better features. Indeed, Dependabot integrated with Github better!
I understand the concern. There's a very real fear that having Dependabot in-house at Github might mean that something even better never develops. It's very possible that this might come true this time! But I am skeptical, given that it clearly failed to occur previously. I'm not seeing why this time around will be different, but I'm sure that's just a lack of vision on my part.
Plus, well, if Dependabot keeps away all would-be competitors by being so good at what it does that nobody can compete... I consider that a win. My main concern and primary goal is more secure software, not more startups rooted in an ecosystem around Github.