On Sep 13, 2006, at 6:56 PM, Tom Dunstan wrote:
Regarding the idea of a list of approved patch authorisers, don't
we have
such a group now? i.e. "committers".
Right, and if committers or others are willing to put in the time
required to verify that patches aren't nasty before going onto the
blessed patch queue, the idea could quite possibly work and provide
some value. Note that all we really need to test for here is that
the patch isn't malicious; patches that are bad design or whatever
are unlikely to open security holes or fry your box. A major point
of the queue is that the appropriate committer often doesn't have
the time to review the patch right now. There might be some benefit
in allowing a wider set of contributors to bless patches as non-
nasty for testing purposes, rather than waste the limited time of
qualified committers. Maybe such an army doesn't exist, though.
That's something I'd be willing to do. And for many people that
aren't committers but are still trusted in the community, we could
probably bypass the checking.
Another possibility would be to test these patches in some kind of
virtual machine that gets blown away every X days, so that even if
someone did get something malicious in there it wouldn't last long.
--
Jim Nasby [EMAIL PROTECTED]
EnterpriseDB http://enterprisedb.com 512.569.9461 (cell)
---------------------------(end of broadcast)---------------------------
TIP 4: Have you searched our list archives?
http://archives.postgresql.org
