Hi, On Wed, 2024-04-03 at 08:53 -0500, Joel Sherrill wrote: > On Wed, Apr 3, 2024, 3:09 AM Florian Weimer via Gdb <g...@sourceware.org> > wrote: > > * Guinevere Larsen via Overseers: > > > > > Beyond that, we (GDB) are already experimenting with approved-by, and > > > I think glibc was doing the same. > > > > The glibc project uses Reviewed-by:, but it's completely unrelated to > > this. Everyone still pushes their own patches, and there are no > > technical countermeasures in place to ensure that the pushed version is > > the reviewed version. > > Or that there isn't "collusion" between a malicious author and reviewer. > Just tagging it approved or reviewed by just gives you two people to blame. > It is not a perfect solution either. > > But double checking and checklists are good practices. > They are not foolproof if some bad actor is determined enough.
Agreed. If you just focus on completely fool proof technically checkable measures then you end up doing nothing. But making things like always getting a Reviewed-by or Tested-by tag in your commit message does strengthen the social norms. And once they are common practice you could even add some technical checks. I am sure a really determined bad actor can always find some social or technical engineering trick to "defeat" our project policies. But that doesn't mean we shouldn't do things which are good practices anyway. Cheers, Mark
