Not sure the point, we lower the quality instead of killing dead projects? (This is how i get your point from a project stand point even if I get the intent)
Romain Manni-Bucau @rmannibucau <https://x.com/rmannibucau> | .NET Blog <https://dotnetbirdie.github.io/> | Blog <https://rmannibucau.github.io/> | Old Blog <http://rmannibucau.wordpress.com> | Github <https://github.com/rmannibucau> | LinkedIn <https://www.linkedin.com/in/rmannibucau> | Book <https://www.packtpub.com/en-us/product/java-ee-8-high-performance-9781788473064> Javaccino founder (Java/.NET service - contact via linkedin) Le sam. 16 mai 2026, 22:36, Slawomir Jaranowski <[email protected]> a écrit : > Two more questions .... > > How much PR did you review today? > How much PR did you merge today? > > You do not need an answer here - you can answer yourself :-) > > On Fri, 15 May 2026 at 12:45, Elliotte Rusty Harold <[email protected]> > wrote: > > > > I'vd noticed that on at least some (maybe all?) of our repos PRs can > > be and are being merged without any approving code reviews. We have > > enough active developers that this shouldn't be necessary. This feels > > increasingly important given the active state sponsored supply chain > > attacks on many open source projects. > > > > We could add something like this to .asf.yaml to guarantee code reviews: > > > > protected_branches: > > main: > > required_status_checks: > > # strict means "Require branches to be up to date before > merging". > > strict: true > > required_pull_request_reviews: > > require_last_push_approval: true > > required_approving_review_count: 1 > > > > Contrary to what has been asserted in the past, this is not a veto. It > > does not require authors to get approval from all reviewers, or > > prevent merging PRs where one or more reviewers have requested > > changes. It simply requires one other person to approve the PR. That's > > what we do anyway 90%+ of the time and should be a low enough bar to > > clear for anything important. > > > > -- > > Elliotte Rusty Harold > > [email protected] > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > > > > -- > Sławomir Jaranowski > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
