Proposal: HAZARD tag

Wed, 17 Jan 2018 10:16:46 -0800
First proposal: For cases where a piece of code needs to embed brittle assumptions, in addition to the comment block explaining said assumptions it should also include a HAZARD tag with a one line summary (not unlike a git summary line). While this standard will only help to catch instances of bitrot that are marked, it will make finding those cases far easier. 

Example:

# HAZARD: assumes this and that
# more detailed explanation
# follows here
[code doing brittle stuff]


Second proposal: As part of the pre-release checklist someone should 
grep the entire codebase for the HAZARD tag and post the list of 
instances to the devlist. Each one must be either signed off on by a 
core developer, or checked for bitrot. Signing off would be the norm, 
used in cases where it is known that the ground has not changed since 
last release and at least one core developer knows/remembers enough 
about the territory that is doesn't need a manual check.


Disadvantages:
    * extra work for release
    * more "paperwork", even if only in the form of devlist traffic

Advantages:
    * known sites with high bitrot potential are regularly checked
    * exerts pressure to fix those sites

    * NTPsec has robustness requirements that make the tradeoff of 
having another checklist more valuable than it would otherwise be



Potential failure mode: everyone signs off out of habit / not caring 
without ever checking anything.



I judge "not caring" a very low probability with this team. Anyone who 
is onboarded is also likely to be assimilated into / have a preexisting 
sense of duty on such matters.



Habit is a more likely problem, but I believe that the proper solution 
is the focus on the "exerts pressure to fix those sites" part of the 
proposal. This type of bad habit is most likely to form where there are 
many items to check.


--

/"In the end; what separates a Man, from a Slave? Money? Power? No. A 
Man Chooses, a Slave Obeys."/ -- Andrew Ryan



/"Utopia cannot precede the Utopian. It will exist the moment we are fit 
to occupy it."/ -- Sophia Lamb



_______________________________________________
devel mailing list
devel@ntpsec.org
http://lists.ntpsec.org/mailman/listinfo/devel





















					Reply via email to