Re: Assuring Security by testing

On Thu, May 1, 2008 at 5:56 AM, Michael Osipov <ossipov@...> wrote:
>  Is there any multi-tier patch revision? The folks at Apache Tomcat do a
>  three-person-review of patches before they get committed.

We have no formal process at the moment, except that Brion reviews
everything after it's committed but before it's synced to the servers.
 People with commit access basically commit whatever they want, and if
someone spots that it's broken or otherwise objectionable, they either
revert it immediately or post a note to some development forum (this
list, #mediawiki on FreeNode, etc.) asking for people's opinions on
whether to revert it.  In the event of a dispute, Brion resolves it as
lead developer.  People other than Brion can review whatever they feel
like.  I at least glance at all commits to core code or extensions
used by Wikimedia, and sometimes look them over more closely.  It's
likely that most interesting commits get at least two other people
looking them over.

Bad changes do occasionally go live on Wikipedia (I broke it within
hours of getting commit access, woo), but rarely for long.  They tend
to be spotted quickly by editors, and since changes go live every
couple of days on average, it's easy to quickly figure out what must
have caused the breakage and fix it.