> Why should I ask for your review? It's not even your code thats running anymore, its the hackers code :)
Haha! +1 on moving ahead with RCEs and other security issues without needing to wait for reviews. Waiting for reviews (esp. if no one has enough bandwidth for quick reviews) for such crucial issues can risk dragging those issues on and on needlessly. Reviews can happen after commit too, if people have the time. On Tue, 3 Dec, 2019, 6:51 AM Robert Muir, <[email protected]> wrote: > > > On Mon, Dec 2, 2019 at 3:33 PM David Smiley <[email protected]> > wrote: > >> >> Rob wrote: >> >>> Why should I wait weeks/months for some explicit review >>> >> Ask for a review, which as this document says is really just a LGTM >> threshold of approval, not even a real code review. Given your reputation >> of writing quality code, this isn't going to be an issue for you. If it's >> taking multiple weeks for anyone then we have a problem to fix -- and at >> present we do in Solr. Explicitly encouraging mere approvals (as the >> document says) should help a little. Establishing that we want this >> standard of conduct as this document says (even if not mandatory) will also >> help -- "you scratch my back, I scratch yours". But I think we should do >> even more... >> >> > Why should I ask for your review? It's not even your code thats running > anymore, its the hackers code :) > > >
