|
|
|
|
|
|
by duncan-donuts
1063 days ago
|
|
|
In this case there isn’t a lot you can do. If a bad actor is going to spend a lot of time gaining your trust and doing good before they do bad how do you vet that? You either have to maintain full control forever or you have accept this possibility. The OP does mention that this might be a bad idea if your project has any level of security. |
|
|
One of the maxims of security is that a sufficiently determined and resourceful attacker will always win. The defender's job is to disincentivize the attacker.
However, I think for a sufficiently high-impact project no-one should have commit access, every commit should be reviewed by quorum. Even so, you still run into "Underhanded C"-style stuff (and disinterested reviewers), and you still need to vet the quorum.