[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: purpose and implementation of code reviews
From: |
Richard Stallman |
Subject: |
Re: purpose and implementation of code reviews |
Date: |
Sun, 07 Apr 2024 18:23:26 -0400 |
[[[ To any NSA and FBI agents reading my email: please consider ]]]
[[[ whether defending the US Constitution against all enemies, ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]
> The main implication is that commits from *all* developers should be
> reviewed from now on. Not only of the more junior ones. Not only of those
> developers who frequently make mistakes.
> GNU is voulnteer based, such a scheme like this would require paid
> individuals.
We can ask the appointed mainainers not to install patches (except
from well-known contributors) without first reviewing them carefully.
This might cause development to progress more slowly, but it would
improve security, even with volunteer maintainers.
> - In packages with few developers, on the other hand, where
> co-developers may not be available for review within 24
> hours, requiring review before commit would significantly
> slow down the main developers' workflow. IMO for such
> packages it is appropriate to do the review after the
> commit.
Another alternative: we could make a rule to finish pending patch
reviews before making any sort of release. That might be a good
compromise between the strictest approach (see above)
and no rule about this specific point.
--
Dr Richard Stallman (https://stallman.org)
Chief GNUisance of the GNU Project (https://gnu.org)
Founder, Free Software Foundation (https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)