[npsimons]

Some of these can be caught automatically, and the more automation (taking the human out of the loop), the better, because humans can gloss over a checklist or accidentally skip something. My current project uses a combination of Gerrit, Jenkins and Sonar, along with unit/regression tests, so that every single change is checked automatically to make sure it builds and passes the tests, along with requiring at least one human review and okay it. Combine this with code checking tools (vera++, rats, cppcheck, cpplint, flawfinder, pscan, valgrind, fuzz, along with just about every warning available on two compilers), and we hardly ever have to do anything but look at code in Gerrit and approve it.

[swah]

Side discussion: why do you guys think software like Gerrit, Jenkins and Sonar, software that is used by many folks and mostly praised, is written in Java (instead of say, Python)?

[npsimons]

Honestly? Don't know, don't care. And yes, we have arguments about the pros and cons of programming languages all the time. I'm guessing that Java started down this road of appearing more "professional", and that went some ways towards people actually wanting to prove it, so things like accountability and reproducibility started getting serious consideration in mainstream programming. And it's not like everything is Java; git, vera, cpplint, valgrind are all not written in Java.

To be honest, the only reason we are using C++ is because it's mandated by the project, and quite frankly, it's what we're good at (we'd probably be working another C++ project if this one wasn't in C++). And yes, we know C++ is a kludge; quite frankly, I wouldn't trust a C++ "expert" who didn't question design decisions of C++.