Yes that is why usually it becomes harder and harder to become a new formal commiter in a mature apache project. Btw even if you know the commiter be a real human face, can you just decide if he evil? Or is the face really him, or a cheap Indian-face-freelancer hired at network for a 10$ salary? So maybe the only way is just strengthen the code review, and yes, even commiters need to be reviewd by 1-2 other commiter, that makes things safer.(than push to master directlly) BTW Elli yourself have lots of branches at main repo too...well yes master branch and release branch is more important, yes. but other branches in the same repo shall be...more formal, right? After all, they be central repo. Just, all we senior coders here know the coding world, no matter open-source, or close-source, is just full of shit, and nobody's hand is totally clean of it. we have to eat shit others poop (or starve then struggle), and we poop shit for others to eat(and yes overlook the shit we poop, think it delicious), and some bad guys, who thinking themselves great great hackers or some free free hero thing, add poison in their shit to poison others for nothing(or money? who knows), and that's life... Maybe 5 years later the malf code review can be done by glm or other llm, who knows, but now we just...have to take it carefully by human code review...and yes, behavior standardizes...
Matthias Bünger <runningj...@web.de.invalid> 于2025年2月8日周六 14:52写道: > This is already required. Otherwise Boxer does not link the GH account > > Am 07.02.2025 um 14:51 schrieb Elliotte Rusty Harold: > > Fourth, we should require all committer Github accounts to turn on two > > factor authentication. We might already be doing this.