undefined | Better HN

0 pointssneak4y ago0 comments

You need the two-person rule on changes to master simply to avoid compromised developer credentials being equal to a full compromise of production systems and databases.

A minimum of two sets of eyeballs on every change. CI cannot detect intentional backdoors being introduced.

0 comments

josephg4y ago

CI also cannot detect the downstream effects of some small changes.

I've seen plenty of subtle bugs get introduced by someone who has an overly simplistic view of some part of a system. And they expose a simple method to share their simplified view of some part to the world. "I believe you when you say that in all of your tests this array has a length of 1. This is a failure of your test cases. Don't add a getter method which returns arr[0]. Come with me and lets chat in front of a whiteboard."

The log4j bug might have been caught with more eyeballs. "Here's a small patch which adds JNDI support in log messages" -> "Whoa hold on - what are the implications of that? JNDI is complex". But of course, most opensource code can't afford to spend developer time on code review by multiple people.

j / k navigate · click thread line to collapse

0 pointssneak4y ago0 comments

You need the two-person rule on changes to master simply to avoid compromised developer credentials being equal to a full compromise of production systems and databases.

A minimum of two sets of eyeballs on every change. CI cannot detect intentional backdoors being introduced.

0 comments

josephg4y ago

CI also cannot detect the downstream effects of some small changes.

j / k navigate · click thread line to collapse