On 4/14/06, Bill Sommerfeld <[EMAIL PROTECTED]> wrote: > On Fri, 2006-04-14 at 07:41, Dennis Clarke wrote: > > But some measures, as I am sure you will agree, need to be > > enforced to ensure safety and quality. > > Right, but what should those measures be? Is it better to focus on > people, or on code? > > The Solaris development process more or less rejects the notion of > trusted developers. > > I expect everything I do to be questioned, and if I can't adequately > explain and defend my proposed changes, I'm not ready to integrate. > > Everything we do is (or at least should be) subject to peer and expert > review. No change ends up in OS/Net without being reviewed by at least > 2 other people, and sometimes far more than that. > > We emphasize control over *what* goes in, not *who* makes the change.
That would work for source code, but would it for machine code? How could one peer review a binary package for anything other than "does what it says"? Going with the example Dennis gave earlier, if someone introduced a back door into something, say, MySQL, it could prove difficult to pick up with any amount of review. -- Eric Enright _______________________________________________ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org
