[openstack-dev] [all][infra][tc][ptl] Scaling up code review process (subdir cores)

James Bottomley James.Bottomley at HansenPartnership.com
Wed Jun 3 14:33:54 UTC 2015

On Wed, 2015-06-03 at 09:29 +0300, Boris Pavlovic wrote:
> *- Why not just trust people*
> People get tired and make mistakes (very often).
> That's why we have blocking CI system that checks patches,
> That's why we have rule 2 cores / review (sometimes even 3,4,5...)...
> In ideal work Lieutenants model will work out of the box. In real life all
> checks like:
> person X today has permission to do Y operation should be checked
> automatically.
> This is exactly what I am proposing.

This is completely antithetical to the open source model.  You have to
trust people, that's why the project has hierarchies filled with more
trusted people.  Do we trust people never to make mistakes?  Of course
not; everyone's human, that's why there are cross checks.  It's simply
not possible to design a system where all the possible human mistakes
are eliminated by rules (well, it's not possible to imagine: brave new
world and 1984 try looking at something like this, but it's impossible
to build currently in practise).

So, before we build complex checking systems, the correct question to
ask is: what's the worst that could happen if we didn't?  In this case,
two or more of your lieutenants accidentally approve a patch not in
their area and no-one spots it before it gets into the build.
Presumably, even though it's not supposed to be their areas, they
reviewed the patch and found it OK.  Assuming the build isn't broken,
everything proceeds as normal.  Even if there was some subtle bug in the
code that perhaps some more experienced person would spot, eventually it
gets found and fixed.

You see the point?  This is roughly equivalent to what would happen
today if a core made a mistake in a review ... it's a normal consequence
we expect to handle.  If it happened deliberately then the bad
Lieutenant eventually gets found and ejected (in the same way a bad core
would).  The bottom line is there's no point building a complex
permission system when it wouldn't really improve anything and it would
get in the way of flexibility.


More information about the OpenStack-dev mailing list