I am trying to understand how the code review process is conducted in OpenBSD. I can see all the OK's in the commit log, but not every commit has the OK.
On FreeBSD there where a serious problem with a developer who was hired to by Netgear to create a WireGuard VPN implementation as a kernel-mode solution and this was then contributed to FreeBSD. It was removed in the last minute. https://arstechnica.com/gadgets/2021/03/buffer-overruns-license-violations-and-bad-code-freebsd-13s-close-call/ Is it a condition for code to go into the OpenBSD source tree (not talking about ports) that at least one other developer has reviewed the code? Is there a process in place to guarantee this? If it's not a condition and anyone with commit access can commit freely, how do you prevent something like a committer going "rogue" and inserts a backdoor or creates another serious problem? Cheers.
