According to the OSSF Scorecards <https://github.com/ossf/scorecard>, we are missing two check marks (LOG4J2-3260 <https://issues.apache.org/jira/browse/LOG4J2-3260>) there:
1. Require code review (every change goes into a PR and requires at least one reviewer) 2. Require a CI status check Even though I admit with the convenience of freedom we have right now, I personally find it difficult to keep track of what is going in and out. This convention does not aim to obstruct the development progress, but rather improve the overall code quality and spread the know-how in a scalable way. Hence, I want to implement this feature on `release-2.x` and `master` branches. Thoughts?
