05-03-2021, 12:11 PM
(05-03-2021, 07:49 AM)tiwil Wrote: Absolutely. It's nonsense but also alarming us. They do research about insecurities over open source and it seems they are successful since we see that their questionable commit get approved and paper is going out.Yes.But not a easy problem to solve.It takes great effort and time to do a code review for every commit for popular projects like this and it is not necessary at most times.Most guys are good guys.Spending too much time on this affects development.So the only possible solution is to warn and do a review for their first commits.Just like first-post approve mode,that protects you from the most basic bots but not a bad guy.
What we can conclude here is: There might be a case someone is actually do this for bad things, and get their commit approved. We should think again about this possibilities. What do you guys think?
VPS 3 Provided by Post4vps and Racknerd .