|
|
|
|
|
|
by sneak
1648 days ago
|
|
|
You need the two-person rule on changes to master simply to avoid compromised developer credentials being equal to a full compromise of production systems and databases. A minimum of two sets of eyeballs on every change. CI cannot detect intentional backdoors being introduced. |
|
|
I've seen plenty of subtle bugs get introduced by someone who has an overly simplistic view of some part of a system. And they expose a simple method to share their simplified view of some part to the world. "I believe you when you say that in all of your tests this array has a length of 1. This is a failure of your test cases. Don't add a getter method which returns arr[0]. Come with me and lets chat in front of a whiteboard."
The log4j bug might have been caught with more eyeballs. "Here's a small patch which adds JNDI support in log messages" -> "Whoa hold on - what are the implications of that? JNDI is complex". But of course, most opensource code can't afford to spend developer time on code review by multiple people.