[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: 4 eyes priciple on subversion

From: Hans HESPEN <hans.hespen_at_caduciel.com>
Date: Fri, 8 Dec 2017 15:13:41 +0000

Dear Paul & Johan,

thank you for your reply. Indeed, 4 eyes principle is like Paul says.

The 4 eyes-principle is known for important decisions. Some decisions can't be made by a single person, and need to be made by two persons, for instance a CEO and the CFO. Launching a nuclear missile needs, apart from a lot of other hassle, the synchronous turning of two keys (at least in the James Bond movies).

The same idea, coming from industrialisation processes in Japan, exists for code. The idea here is not that the committing is of that high importance. The basic reason here is the easy human failure where you tend to overlook your own errors. Just as you tend to overlook your writing errors in a letter. It's not that I can't write English, and committed code of course does compile, but didn't you forget to free a used object? You did some copy/paste in code and you forgot to rename an object.

Of course, there is also an element of security. I worked for a lot of high security customers already, where you don't want backdoors being built in, for instance. At last, but not least, it's also an opportunity for learning when a fellow programmer can show you some techniques or show a different approach.

Of course, it could be possible to not commit into svn at all, create a patch that's being sent to the head-programmer, who verifies and merges.

That's not handy. I want an oversight of all commit's waiting for validation. It needs to be known that some commit is waiting, that some task is being done. I want, as a programmer myself also to be able to commit my code. It's when it is in the server that I can close my task and that my code is safe. But if you can not enforce it, then people don't do it, or they feel put into a corner, being labeled as a bad programmer. Whereas this is entirely not the case. I forgot recently to uncomment a where-clause, although I develop for the past twenty+ years.

Anyway, Paul has put me on the line of code review tools, post and pre-commit. Tools like RhodeCode, Crucible, Rietveld, Collaborator. This is actually a bit too much for what I was looking for, but this might be a very good alternative. I will look further into them.

Thank you so much.

High regards,

Hans Wendel van Hespen

________________________________
From: Paul Hammant <paul_at_hammant.org>
Sent: Friday, December 8, 2017 12:51:38 PM
To: Johan Corveleyn
Cc: Hans HESPEN; users_at_subversion.apache.org
Subject: Re: 4 eyes priciple on subversion

I think Hans means code review prior to the commit landing in branch that other people are continually doing 'svn up' from.

If so, Rietveld, Gerrit specifically enable code review before the commit lands. Commercial vendors such as RhodeCode an Assembla have code-review capabilities in their larger portal experiences.

- Paul
Received on 2017-12-08 16:13:57 CET

This is an archived mail posted to the Subversion Users mailing list.