On 4/8/24 22:57, Bruce Momjian wrote:
On Sat, Mar 30, 2024 at 04:50:26PM -0400, Robert Haas wrote:
An awful lot of what we do operates on the principle that we know the
people who are involved and trust them, and I'm glad we do trust them,
but the world is full of people who trusted somebody too much and
regretted it afterwards. The fact that we have many committers rather
than a single maintainer probably reduces risk at least as far as the
source repository is concerned, because there are more people paying
attention to potentially notice something that isn't as it should be.
One unwritten requirement for committers is that we are able to
communicate with them securely. If we cannot do that, they potentially
could be forced by others, e.g., governments, to add code to our
repositories.
Unfortunately, there is on good way for them to communicate with us
securely once they are unable to communicate with us securely. I
suppose some special word could be used to communicate that status ---
that is how it was done in non-electronic communication in the past.
I don't know how that really helps. If one of our committers is under
duress, they probably cannot risk outing themselves anyway.
The best defense, IMHO, is the fact that our source code is open and can
be reviewed freely.
The trick is to get folks to do the review.
I know, for example, at $past_employer we had a requirement to get
someone on our staff to review every single commit in order to maintain
certain certifications. Of course there is no guarantee that such
reviews would catch everything, but maybe we could establish post commit
reviews by contributors in a more rigorous way? Granted, getting more
qualified volunteers is not a trivial problem...
--
Joe Conway
PostgreSQL Contributors Team
RDS Open Source Databases
Amazon Web Services: https://aws.amazon.com
