bug-standards
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: purpose and implementation of code reviews


From: Richard Stallman
Subject: Re: purpose and implementation of code reviews
Date: Sun, 07 Apr 2024 18:23:26 -0400

[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

  >    The main implication is that commits from *all* developers should be
  >    reviewed from now on. Not only of the more junior ones. Not only of those
  >    developers who frequently make mistakes.

  > GNU is voulnteer based, such a scheme like this would require paid
  > individuals.

We can ask the appointed mainainers not to install patches (except
from well-known contributors) without first reviewing them carefully.
This might cause development to progress more slowly, but it would
improve security, even with volunteer maintainers.

       > - In packages with few developers, on the other hand, where
       >   co-developers may not be available for review within 24
       >   hours, requiring review before commit would significantly
       >   slow down the main developers' workflow. IMO for such
       >   packages it is appropriate to do the review after the
       >   commit.

Another alternative: we could make a rule to finish pending patch
reviews before making any sort of release.  That might be a good
compromise between the strictest approach (see above)
and no rule about this specific point.

-- 
Dr Richard Stallman (https://stallman.org)
Chief GNUisance of the GNU Project (https://gnu.org)
Founder, Free Software Foundation (https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)





reply via email to

[Prev in Thread] Current Thread [Next in Thread]