I do think we need to decrease code review latency. And I do think it's inconvenient to wait for code review instead of just committing. But I have to emphasize the security issue here.
We are one compromised committer account away from a massive breach that actively runs code on the computers of probably half the Java developers on the planet. And that includes the accounts of people we haven't heard from in over a decade. And the whole open source ecosystem is under active attack from state sponsored organizations who are highly motivated to do this. So yes, implementing this will slow our velocity. That is a cost, and the cost is worth it. -- Elliotte Rusty Harold [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
