[__MatrixMan__]

I'm not so worried about my disciplined coworker who just wants to help. If we were all reviewing his code I'd agree with you.

The people I want to help are those who are unknowingly reviewing malicious commits, and I think that declarative configuration languages have a part to play there.

[charlotte-fyi]

This is solved in tools like Pulumi by having a declarative and auditable build artifact as an intermediate step that can be diffed. This seems to solve a lot of the security issues (and is generally a good idea anyway).

[NegativeLatency]

I would still prefer to debug terraform (which is a fair bit more declarative) rather than pulumi