> For example, I opened some patches to improve solr's security because its currently an RCE-fest. I'm gonna wait a couple days, if nobody says anything about these patches I opened for Solr, I'm gonna fucking commit them: someone needs to address this stuff. Why should I wait weeks/months for some explicit review? There is repeated RCE happening, how the hell could I make anything worse?
+1 Robert, totally agree. RCE etc should be absolutely top priority. Thanks a ton for tackling this. Breaking functionality (not deliberately of course) is better than having RCEs in a release. IOW, it can't get worse. On Mon, 2 Dec, 2019, 3:03 PM Robert Muir, <[email protected]> wrote: > > > On Mon, Dec 2, 2019 at 3:49 AM Jan Høydahl <[email protected]> wrote: > >> I think the distanse is not necessarily as large as it seems. Nobody >> wants to get rid of lazy consensus, but rather put down in writing when we >> recommend to wait for explicit review. >> > > Then change the document's name to be Recommendation instead of Policy! >
