On Mon, 27 Jan 2025 at 03:09, Yura Sokolov <y.soko...@postgrespro.ru> wrote: > > 23.01.2025 15:57, Jelte Fennema-Nio пишет: > > (Resent because sending to both -hackers and -www gets emails put in > > the moderation queue, and I don't want to introduce that delay to all > > replies. If you received the previous version because you're in the CC > > please only reply to this one) > > > > # Background > > > > As some of you might have noticed I've been trying to breathe some > > more life into development on the commitfest app[1], both by > > contributing myself but also by encouraging contributions of others. > > Basically I'd like to become one of the maintainers of the commitfest > > app project. The process to get there has been much more of a struggle > > than I'd hoped... > > > > ... > > > > I requested Magnus to give me commit access to the pgcommitfest repo > > so that I could deploy improvements without having to wait for his > > reviews. > > Given history of libxz backdoor, I'd fear to give "commit access" for > anything critical to rather fresh member of community. +1 in github you can enforce a minimum number of reviewers. IMO there should be a minimum of two reviewers and one of the reviewers should be from the security group/role. Though primary risk would be introducing new vulnerable dependency but there is no bound to other kinds of exploitation. Also github vulnerability scan should be enabled by default.
> > I'm not in core-team though. > > -- Umar Hayat Bitnine (https://bitnine.net/)
