Do you know of any software systems that do 'double key lockout' like this? I've wanted one for a long time but I am having a failure of imagination on how to implement it.
Or I should say, I see the trap in the two or three most obvious variants which makes them even less effective because you create a Confused Deputy situation with the person you expect to sign off.
Example: If I file a PR to change a production flag, and I tell you what (I think) I just did, you're likely to approve my change because I've primed you to see what I wanted you to see, and you miss the same bug I missed. You're going to trust my judgement when the whole point of not allowing me to just push without a second pair of eyes is that you cannot trust my judgement 100.00% of the time. If I'm 99.9% trustworthy you're likely to stop looking at my ideas expecting to see a problem.
I believe if we don't send each other code we are more likely to get that 4th 9. But I could still be wrong thanks to the Primacy Effect mentioned above.
Or I should say, I see the trap in the two or three most obvious variants which makes them even less effective because you create a Confused Deputy situation with the person you expect to sign off.
Example: If I file a PR to change a production flag, and I tell you what (I think) I just did, you're likely to approve my change because I've primed you to see what I wanted you to see, and you miss the same bug I missed. You're going to trust my judgement when the whole point of not allowing me to just push without a second pair of eyes is that you cannot trust my judgement 100.00% of the time. If I'm 99.9% trustworthy you're likely to stop looking at my ideas expecting to see a problem.
I believe if we don't send each other code we are more likely to get that 4th 9. But I could still be wrong thanks to the Primacy Effect mentioned above.