| From: | Jelte Fennema-Nio <postgres(at)jeltef(dot)nl> |
|---|---|
| To: | Umar Hayat <postgresql(dot)wizard(at)gmail(dot)com> |
| Cc: | Yura Sokolov <y(dot)sokolov(at)postgrespro(dot)ru>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>, Magnus Hagander <magnus(at)hagander(dot)net>, Jacob Brazeal <jacob(dot)brazeal(at)gmail(dot)com>, Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com>, Andreas Karlsson <andreas(at)proxel(dot)se>, Andres Freund <andres(at)anarazel(dot)de> |
| Subject: | Re: New process of getting changes into the commitfest app |
| Date: | 2025-01-27 09:03:07 |
| Message-ID: | CAGECzQTkBNc1TZWkZfdOaxZVN5e88heOjZjK5VUW_py7+Rq0Eg@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Mon, 27 Jan 2025 at 05:38, Umar Hayat <postgresql(dot)wizard(at)gmail(dot)com> wrote:
> +1 in github you can enforce a minimum number of reviewers. IMO there
> should be a minimum of two reviewers and one of the reviewers should
> be from the security group/role.
In a perfect world I'd agree, but I don't think there are currently
enough people involved in the project to make two reviewers a
realistic option.
> Though primary risk would be
> introducing new vulnerable dependency but there is no bound to other
> kinds of exploitation. Also github vulnerability scan should be
> enabled by default.
Enabled that now on my Github mirror. I don't think it'll actually do
anything though. We don't pin exact python dependency versions,
because on prod we only use Python dependencies available in Debian
(which should resolve security issues).
| From | Date | Subject | |
|---|---|---|---|
| Next Message | torikoshia | 2025-01-27 09:04:59 | Re: RFC: Allow EXPLAIN to Output Page Fault Information |
| Previous Message | Amit Kapila | 2025-01-27 08:57:40 | Re: create subscription with (origin = none, copy_data = on) |