Development Security Considerations #2029
Replies: 3 comments 8 replies
-
Mindless other thoughts whereabout I don't really know enough thereon to comment (list may grow over time):
|
Beta Was this translation helpful? Give feedback.
-
Yes, thanks for raising this! I agree with all the points you made so far. |
Beta Was this translation helpful? Give feedback.
-
I've applied the "Review at least one reviewer" change to develop and master (obviously can change it back if there are objections). It looks like there is no way to achieve "Require at least 1 review if the author is maintainer, and require at least 2 reviews if the author is not". |
Beta Was this translation helpful? Give feedback.
-
The library is by its nature and design very 'low-risk': this isn't about issues with the library as-is; rather, certain recent events have me thinking about the development process, particularly if we are considering automatically pushing pre-release packages to nuget again (#1912 (comment)), and we should probably have a proper discussion about it. Obviously this is mostly a consideration for existing admins/maintainers, but other input welcome.
Without thinking too hard I'd suggest we change the configuration for both develop and master to
This would limit the harm that can be done by e.g. leaked credentials, and provide confidence that at least two people have looked at any piece of 'published' code. I think adding these 3 check-marks in the branch settings for each branch would achieve this:
The obvious concern with requiring this is that it means that we need two active maintainers to stop things grinding to a halt. I'm not intending to go anywhere, but as will be obvious to everyone I'm not as active as I'd like, though I can usually find time for reviews (which we have tacitly demanded anyway).
I would prefer that any PR requires 2 maintainers to review it (including the author), but that doesn't seem to be an option. (This is the only way to defeat a malicious maintainer, or now that I think about it leaked credentials for a maintainer beyond just the ability to push code)
Beta Was this translation helpful? Give feedback.
All reactions