On Sun, 26 Jan 2025 at 19:09, Yura Sokolov <y.soko...@postgrespro.ru> wrote: > Given history of libxz backdoor, I'd fear to give "commit access" for > anything critical to rather fresh member of community.
That's definitely a valid concern in the general case, but I wouldn't call myself a fresh member of the community. I've been the primary maintainer of the PgBouncer repo for ~2 years now and I also have commit access to the cfbot repo. So *if* I wanted to add backdoor in some critical infrastructure I wouldn't need access to the commitfest app repo to do that. I also rank relatively high on Robbert's yearly stats list[1]. [1]: http://rhaas.blogspot.com/2025/01/who-contributed-to-postgresql.html
