this post was submitted on 30 Oct 2024
90 points (91.7% liked)

Technology

34894 readers
844 users here now

This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.


Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.


Rules:

1: All Lemmy rules apply

2: Do not post low effort posts

3: NEVER post naziped*gore stuff

4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.

5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)

6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist

7: crypto related posts, unless essential, are disallowed

founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 41 points 2 weeks ago (2 children)

They haven’t been removed from the community though — just the maintainers list. Now they need someone else’s review to commit code to the kernel.

Personally, I think even maintainers should be required to have that — you can be the committer for pre-reviewed code from others, but not just be able to check anything you want in, no matter your reputation (even if you’re Linus). That way a security breach is less likely to cause havoc.

[–] [email protected] 14 points 2 weeks ago (1 children)

I find that difficult. Aside from code reviews, often times your job as a maintainer is:

  • getting a refactor or code cleanup in while everyone's asleep
  • shuffling commits around between branches
  • fixing the CI toolchain
  • rolling back or repairing a broken change
  • unfucking the repo
  • fixing a security vulnerability

A required review slows all of these tasks to a crawl. I do agree that the kernel is important enough that it might be worth the trade-off.
But at the same, I do not feel like I could do my (non-kernel) maintainer job without direct commit access...

[–] [email protected] 6 points 2 weeks ago* (last edited 2 weeks ago)

I feel your pain. I have maintainer roles for a few projects where things could be slowed down by a week or more if I didn’t have direct commit access. And I do use that access to make things run faster and smoother, and am able to step in and just get something fixed up and committed while everyone else is asleep. But. For security critical code paths, I’ve come to realize that much like Debian, sometimes slow and secure IS better, even if it doesn’t feel like it in the moment (like when you’re trying to commit and deploy a critical security patch already being exploited in the wild, and NOBODY is around to do the review, or there’s something upstream that needs to be fixed before your job can go out).