overreacting (was: Re: [MPlayer-dev-eng] uau - svn account removal)
dalias at aerifal.cx
Mon Feb 26 07:13:03 CET 2007
On Mon, Feb 26, 2007 at 05:36:20AM +0200, Uoti Urpala wrote:
> > and mallicious code which is executed every time is way more effective
> > than some buffer overflow which is dependant various other factors like
> > gcc, and kernel and of course a video file which exploits it ...
> So you're talking about the case where someone hacks the account of a
> person with svn access and commits code which directly does malicious
> things (and so needs to contain a "payload" and is thus likely harder to
> hide than a subtle vulnerability)?
uau, this entire discussion about the relative ease or difficulty of
the attack is aside from the point. Good policy dictates that commits
be reviewable, not based on the authority of the person committing. If
you are unwilling to ensure that your commits are reviewable then you
are not fit to have svn write access.
This is the same policy that people submitting patches are subjected
to, and the same policy that all other developers follow. svn write
access is not to exempt you from the requirement of submitting
reviewable code. It's just to allow you to get the code inserted
without waiting for other overworked team members (who may not even be
familiar with the code in question) to review and apply it. But
regardless, review must always be possible and feasible!!
More information about the MPlayer-dev-eng