[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Tricking peer review
|
From: |
Ryan Prior |
|
Subject: |
Re: Tricking peer review |
|
Date: |
Mon, 18 Oct 2021 19:56:00 +0000 |
On Monday, October 18th, 2021 at 7:40 AM, Ludovic Courtès
<ludovic.courtes@inria.fr> wrote:
> Hi Ryan,
> How would we define “bad” though?
A definition isn't necessary, this can be an "I know it when I see it" thing.
If we have an oops or discover an issue, and say oh darn that lives in the repo
forever now, we'd be able to leave a note to all who try in the future to visit
impacted commits that all was not well.
Some of this is already captured by our CVE scanning feature, but other things
(like your hypothetical "somebody snuck a bad `sed` in!") would benefit from
yet more explanation. We don't need a perfect and complete definition of "bad"
to agree that any commit where `sed` is actually `grep` (or malware) is a bad
commit & merits a warning. This should not interfere with people who want to
keep using their pinned version of Guix & aren't impacted by the bad package,
which remains useful as you note.
- Tricking peer review, Ludovic Courtès, 2021/10/15
- Re: Tricking peer review, Liliana Marie Prikler, 2021/10/15
- Re: Tricking peer review, Ryan Prior, 2021/10/15
- Re: Tricking peer review, Ludovic Courtès, 2021/10/18
- Re: Tricking peer review,
Ryan Prior <=
- Re: Tricking peer review, zimoun, 2021/10/19
- Re: Tricking peer review, Leo Famulari, 2021/10/20
- Re: Tricking peer review, zimoun, 2021/10/21
Re: Tricking peer review, Thiago Jung Bauermann, 2021/10/15
Re: Tricking peer review, Ludovic Courtès, 2021/10/18
Re: Tricking peer review, zimoun, 2021/10/19