On Thu, 04 Apr 2024 13:51:59 +0000, Arnie T via devel wrote: > The 'basic issue' I see is the "one or two" developers, some that nobody > knows in person, vis-à-vis "many" developers on a big project. >
The same sort of a secret agent's infiltration attack on a project would also be possible with contributors knowing themselves "in person". It's not about someone gaining commit access and impatiently running wild within the next week already, but about a much longer period of time. "Another pair of eyes" on any commit as well as on pull requests is always a good idea. Not because you don't trust other contributors but because even basic peer review often helps with spotting bugs and regression. -- _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
