Open Stack

Excerpts from Thierry Carrez's message of 2015-11-23 09:17:06 -0800:
> Morgan Fainberg wrote:
> > [...]
> > With all that said, here is the proposal I would like to set forth:
> > 
> > 1. Code reviews still need 2x Core Reviewers (no change)
> > 2. Code can be developed by a member of the same company as both core
> > reviewers (and approvers).
> > 3. If the trust that is being given via this new policy is violated, the
> > code can [if needed], be reverted (we are using git here) and the actors
> > in question can lose core status (PTL discretion) and the policy can be
> > changed back to the "distrustful" model described above.
> > 
> > I hope that everyone weighs what it means within the community to start
> > moving to a trusting-of-our-peers model. I think this would be a net win
> > and I'm willing to bet that it will remove noticeable roadblocks [and
> > even make it easier to have an organization work towards stability fixes
> > when they have the resources dedicated to it].
> > 
> > Thanks for your time reading this.
> 
> +1
> 
> There are so many ways to abuse strict rules that it's better to have a
> loose, trust-by-default policy and a strong history of fixing the
> mistakes and abuses whenever they arise.
> 

I second this response, third the position that we should trust each
other first.

All of the objections that have been raised boil down to that fundamental
issue.

If we are going to distrust people, let's have a reason, not a theory. How
about evidence of instances when _three_ employees from a company colluded
to merge a bad change in any OpenStack project.