“It is important to create conditions for cooperation, which can help develop a unique product,” Russia's digital ministry said in response to 11 developers being delisted from maintaining the Linux kernel.
They haven’t been removed from the community though — just the maintainers list. Now they need someone else’s review to commit code to the kernel.
Personally, I think even maintainers should be required to have that — you can be the committer for pre-reviewed code from others, but not just be able to check anything you want in, no matter your reputation (even if you’re Linus). That way a security breach is less likely to cause havoc.
I find that difficult. Aside from code reviews, often times your job as a maintainer is:
getting a refactor or code cleanup in while everyone’s asleep
shuffling commits around between branches
fixing the CI toolchain
rolling back or repairing a broken change
unfucking the repo
fixing a security vulnerability
A required review slows all of these tasks to a crawl. I do agree that the kernel is important enough that it might be worth the trade-off.
But at the same, I do not feel like I could do my (non-kernel) maintainer job without direct commit access…
They haven’t been removed from the community though — just the maintainers list. Now they need someone else’s review to commit code to the kernel.
Personally, I think even maintainers should be required to have that — you can be the committer for pre-reviewed code from others, but not just be able to check anything you want in, no matter your reputation (even if you’re Linus). That way a security breach is less likely to cause havoc.
I find that difficult. Aside from code reviews, often times your job as a maintainer is:
A required review slows all of these tasks to a crawl. I do agree that the kernel is important enough that it might be worth the trade-off.
But at the same, I do not feel like I could do my (non-kernel) maintainer job without direct commit access…