On Mon, Sep 19, 2022 at 05:58:36PM +0200, Vít Ondruch wrote:
Dne 16. 09. 22 v 19:03 Kevin Fenzi napsal(a):
> On Fri, Sep 16, 2022 at 10:03:35AM +0200, Vít Ondruch wrote:
> > Isn't peer review much better and easier solution over all? We could also
> > require signed commits I guess.
> I think it would slow things down quite a lot to require peer review of
> every commit.
This proposal was based mainly upon the conversation, where nothing what was
proposed was secure enough. Every proposal was shot down having some
possible holes. While peer review might be slow and it is certainly not
bullet proof, I don't think we can do any better.
Well, the problem is 'secure enough'. Security is not a checkbox.
You can't ever say "ok, we are secure". Security is a process. What
things you do are based on what possible solutions you have and what
possible attacks you have and the tradeoffs you have to make to
implement things.
I don't personally think right now the tradeoffs are worth requiring
review for every change. I fear it would result in a lot of "hey can you
+1 my change" and people just clicking reviewed without reviewing. Bad
actors would just need to find another person to approve their change
without much review. Of course a lot of people would review and perhaps
it would improve overall quality.
Long ago, when number of changes was small... I used to actually read
all of them and comment when I found something concerning. I've not been
able to do that in many years tho... In the past 30 days there have been
41080 changes to spec files. That is a ton.
And BTW, when I talk about peer review, I think that also ex-post
peer
review is valuable. E.g. if I contribute to some package, I'll look at every
commit notification and check the changes. If I see something concerning,
I'll try to address it. Better late then never.
Absoluetely.
kevin