I am thinking about the scenario when I read a 300 line commit and I am unsure about some of the lines. Say it removes one include and adds another include.
If that commit comes from someone whom I talk to every day - someone whom I know to be very concerned about security and privacy - and someone I know is competent and has approver rights - I might ignore these 2 lines and assume that the compiler will fail on the CI in case the removed header was still needed. When the commit comes from someone whom I have never heard of - I will look into whether there is a symbol that will now be resolved differently - and if there is, I assume that this "differently" opens a backdoor. On 13.10.2017 14:52, Marc Mutz wrote: > On 2017-10-13 13:04, Viktor Engelmann wrote: >> * I don't think we need to be as paranoid towards contributions >> from >> our own employees as we need to be towards external contributions. > > I believe you got that the wrong way around :) > > Thanks, > Marc > -- Viktor Engelmann Software Engineer The Qt Company GmbH Rudower Chaussee 13 D-12489 Berlin viktor.engelm...@qt.io +49 151 26784521 http://qt.io Geschäftsführer: Mika Pälsi, Juha Varelius, Mika Harjuaho Sitz der Gesellschaft: Berlin, Registergericht: Amtsgericht Charlottenburg, HRB 144331 B The Future is Written with Qt www.qtworldsummit.com _______________________________________________ Development mailing list Development@qt-project.org http://lists.qt-project.org/mailman/listinfo/development
