From: Felipe Contreras <felipe.contreras@gmail.com>
To: Taylor Blau <me@ttaylorr.com>
Cc: Junio C Hamano <gitster@pobox.com>,
git@vger.kernel.org, Derrick Stolee <derrickstolee@github.com>
Subject: Re: What's cooking in git.git (May 2023, #04; Thu, 11)
Date: Thu, 11 May 2023 22:46:39 -0500 [thread overview]
Message-ID: <CAMP44s0N7tLmpEbScVDDc=M2NG=vx+SoMLu4Vc_vRcS7dvLOgQ@mail.gmail.com> (raw)
In-Reply-To: <ZF2tDgngoBHZojLf@nand.local>
On Thu, May 11, 2023 at 10:05 PM Taylor Blau <me@ttaylorr.com> wrote:
> On Thu, May 11, 2023 at 08:36:36PM -0500, Felipe Contreras wrote:
> > Junio C Hamano wrote:
> > > * ds/merge-tree-use-config (2023-05-10) 1 commit
> > > (merged to 'next' on 2023-05-11 at e0dab53028)
> > > + merge-tree: load default git config
> > >
> > > Allow git forges to disable replace-refs feature while running "git
> > > merge-tree".
> > >
> > > Will merge to 'master'.
> > > source: <pull.1530.git.1683745654800.gitgitgadget@gmail.com>
> >
> > Why was this series merged after only 11 minutes of review window? Are patches
> > from GitHub favored over all others?
>
> Certainly not.
>
> The reason that this was merged quickly is because both of the first two
> reviewers had already seen the patch and reviewed it earlier on the
> git-security list. The patch that Stolee sent was urgent enough to merit
> a quick merge.
There's a quick review, and there is zero review.
Even Derrick Stolee wanted more time for the public list to review the patch.
If the eyeballs of the public list are not wanted after a security
review, then why bother sending it here? Just merge it directly from
git-security.
I don't think that's desirable though. I share the opinion of Linus
Torvalds that security fixes are not special: they are just another
fix. Therefore they should go through the same process as any other
patch, because just like any other patch, they can introduce
regressions, and benefit from more eyeballs.
If "given enough eyeballs, all bugs are shallow", I fail to see why we
would want less eyeballs for security fixes. I for one found two
issues with the patch, my first comment was a bit more than an hour
later, and it's already merged.
I don't think that's ideal.
Cheers.
--
Felipe Contreras
next prev parent reply other threads:[~2023-05-12 3:46 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-12 0:39 What's cooking in git.git (May 2023, #04; Thu, 11) Junio C Hamano
2023-05-12 1:36 ` Felipe Contreras
2023-05-12 3:05 ` Taylor Blau
2023-05-12 3:46 ` Felipe Contreras [this message]
2023-05-12 7:13 ` ps/fetch-output-format (was: What's cooking in git.git (May 2023, #04; Thu, 11)) Patrick Steinhardt
2023-05-12 19:33 ` ps/fetch-output-format Junio C Hamano
2023-05-12 15:26 ` tl/push-branches-is-an-alias-for-all (Was: Re: What's cooking in git.git (May 2023, #04; Thu, 11)) Elijah Newren
2023-05-12 17:23 ` tl/push-branches-is-an-alias-for-all Junio C Hamano
2023-05-12 20:52 ` What's cooking in git.git (May 2023, #04; Thu, 11) brian m. carlson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAMP44s0N7tLmpEbScVDDc=M2NG=vx+SoMLu4Vc_vRcS7dvLOgQ@mail.gmail.com' \
--to=felipe.contreras@gmail.com \
--cc=derrickstolee@github.com \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=me@ttaylorr.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).