On Thu, 04 Apr 2024 13:51:59 +0000, Arnie T via devel wrote:
The 'basic issue' I see is the "one or two" developers, some that nobody knows in person, vis-à-vis "many" developers on a big project.
The same sort of a secret agent's infiltration attack on a project would also be possible with contributors knowing themselves "in person". It's not about someone gaining commit access and impatiently running wild within the next week already, but about a much longer period of time. "Another pair of eyes" on any commit as well as on pull requests is always a good idea. Not because you don't trust other contributors but because even basic peer review often helps with spotting bugs and regression.