On Sep 13, 2006, at 6:56 PM, Tom Dunstan wrote:
Regarding the idea of a list of approved patch authorisers, don't we have
such a group now? i.e. "committers".


Right, and if committers or others are willing to put in the time required to verify that patches aren't nasty before going onto the blessed patch queue, the idea could quite possibly work and provide some value. Note that all we really need to test for here is that the patch isn't malicious; patches that are bad design or whatever are unlikely to open security holes or fry your box. A major point of the queue is that the appropriate committer often doesn't have the time to review the patch right now. There might be some benefit in allowing a wider set of contributors to bless patches as non- nasty for testing purposes, rather than waste the limited time of qualified committers. Maybe such an army doesn't exist, though.

That's something I'd be willing to do. And for many people that aren't committers but are still trusted in the community, we could probably bypass the checking.

Another possibility would be to test these patches in some kind of virtual machine that gets blown away every X days, so that even if someone did get something malicious in there it wouldn't last long.
--
Jim Nasby                                            [EMAIL PROTECTED]
EnterpriseDB      http://enterprisedb.com      512.569.9461 (cell)



---------------------------(end of broadcast)---------------------------
TIP 4: Have you searched our list archives?

              http://archives.postgresql.org

Reply via email to