This is the standard operating procedure, and to have an engineer in OWNERS exercise their judgment and authority as such, and having at least one independent engineer cross-check them, is sufficient to constitute authorization to commit code to trunk. Period.
-
-
Prikaži ovu nit
-
All deploys are done from source verifiably built from trunk. As long as code that's pushed was built from trunk (and therefore had the cross-check happen), the deploy is authorized. What's a bypass of security procedures is if an engineer emergency commits code without review.
Prikaži ovu nit -
or if code that wasn't from trunk is built and deployed to production (but security controls exist to prevent code that wasn't built from trunk from even _running_ in production absent extenuating circumstances). So no,
@eiais did not violate any security procedures or policies.Prikaži ovu nit -
An "emergency push" is not as scary as stated, because it is... pushing binaries that were built from trunk, which contains only vetted source code reviewed or authored by at least one OWNER authorized to understand the scope of the code and make modifications.
Prikaži ovu nit -
Don't believe me? Ask
@mjg59, who is the tech lead of that team.https://twitter.com/mjg59/status/1207003914718998528 …Prikaži ovu nit -
Also, it's worth pointing out that "Rapid push" is the name of the _normal_ deploy procedure using the tool named "Rapid". An expedited/emergency "rapid push" is not a "emergency-fast" push, it's an emergency "safe-push" using normal toolchain! See https://www.usenix.org/sites/default/files/conference/protected-files/lisa15_slides_mcnutt.pdf …
Prikaži ovu nit -
Remember all the discussion about blamelessness and Westrum culture and psychological safety? Google has thrown it out the window by summarily firing someone for a tooling related process error, if this is what it's about...https://twitter.com/lizthegrey/status/1207118046051082240 …
Prikaži ovu nit
Kraj razgovora
Novi razgovor -
-
-
Being in OWNERS is sufficient by itself, you don't need to wait for a colleagues approval if you deem speed to be necessary; you mark it TBR, or "to be reviewed", and submit anyway. Audit logs will be clear.
-
yes, but TBR is... sketch whereas peer review is SOP.
- Još 9 drugih odgovora
Novi razgovor -
-
-
Liz, I'm sorry but I think you are wrong here. While what you say is technically true, OWNERS access is for certain use cases (i.e. business use cases) and IMO, this is not one of them. Just like when you have access to corp data (read or write) you can't use it for personal gain
-
It's a business use case to warn people against breaking the law, and that includes breaking the NLRA...
- Još 2 druga odgovora
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.
& queer 
