On 08/12/2022 10:49, George Dunlap wrote: > Concerns were raised about two maintainers from the same company > colluding to get a patch in from their company; but such maintainers > could already collude, by working on the patch in secret, and posting > it publicly with only a single author's SoB, and having the other > person review it.
I know this was how the concern was voices, but it was fairly bogus even as stated. "same company" or not has no bearing at all on two maintainers choosing to collude in secret. The mitigation to all of this is the fact that being a maintainer starts from having gained trust / reputation in the community, and comes with the responsibility to not violate that trust. Furthermore, there are mechanisms in place to deal with issues around said trust being violated. > There's also something slightly strange about adding "Reviewed-by" to > code that you've written; but in the end you're reviewing not only the > code itself, but the final arrangement of it. There's no need to > overcomplicate things. > > Encode this in MAINTAINERS as follows: > > * Refine the wording of requirement #2 in the check-in policy; such > that *each change* must have approval from someone other than *the > person who wrote it*. > > * Add a paragraph explicitly stating that the multiple-SoB-approval > system satisfies the requirements, and why. > > Signed-off-by: George Dunlap <[email protected]> Acked-by: Andrew Cooper <[email protected]>
