This only applies to DonationInterface and fundraising code, but self-review also put us in PCI non-compliance [1]. We currently operate at the self-assessed and certified PCI level A, but we have not precluded formal certification at a higher level.
[1] - PCI-DSS v2 - 6.3.2 https://www.pcisecuritystandards.org/documents/pci_dss_v2.pdf On Wed, Feb 27, 2013 at 11:30 AM, Matthew Walker <[email protected]>wrote: > All, > > I noticed when going through recent patches to DonationInterface that we > had an instance of someone not in fundraising self commit some code -- > similar changes resulting from the same 'bug' were affected across our code > base. Admittedly this was was a minor textual fix - but as per [1] "Except > for documentation fix-ups, don't +2 your own code. 'Self-review is bad for > code quality and bad for morale.'" > > I will admit I was in a terrible mood already today -- but discovering this > pissed me off. I am a strong advocate of never +2'ing your own code; and > this is especially true when you don't own the code in question. I don't > want to see this again. > > [1] https://www.mediawiki.org/wiki/%2B2#Revocation > > ~Matt Walker > Wikimedia Foundation > Fundraising Technology Team > _______________________________________________ > Wikitech-l mailing list > [email protected] > https://lists.wikimedia.org/mailman/listinfo/wikitech-l _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
