Proposal: HAZARD tag
ianbruene at gmail.com
Wed Jan 17 18:16:24 UTC 2018
First proposal: For cases where a piece of code needs to embed brittle
assumptions, in addition to the comment block explaining said
assumptions it should also include a HAZARD tag with a one line summary
(not unlike a git summary line). While this standard will only help to
catch instances of bitrot that are marked, it will make finding those
cases far easier.
# HAZARD: assumes this and that
# more detailed explanation
# follows here
[code doing brittle stuff]
Second proposal: As part of the pre-release checklist someone should
grep the entire codebase for the HAZARD tag and post the list of
instances to the devlist. Each one must be either signed off on by a
core developer, or checked for bitrot. Signing off would be the norm,
used in cases where it is known that the ground has not changed since
last release and at least one core developer knows/remembers enough
about the territory that is doesn't need a manual check.
* extra work for release
* more "paperwork", even if only in the form of devlist traffic
* known sites with high bitrot potential are regularly checked
* exerts pressure to fix those sites
* NTPsec has robustness requirements that make the tradeoff of
having another checklist more valuable than it would otherwise be
Potential failure mode: everyone signs off out of habit / not caring
without ever checking anything.
I judge "not caring" a very low probability with this team. Anyone who
is onboarded is also likely to be assimilated into / have a preexisting
sense of duty on such matters.
Habit is a more likely problem, but I believe that the proper solution
is the focus on the "exerts pressure to fix those sites" part of the
proposal. This type of bad habit is most likely to form where there are
many items to check.
/"In the end; what separates a Man, from a Slave? Money? Power? No. A
Man Chooses, a Slave Obeys."/ -- Andrew Ryan
/"Utopia cannot precede the Utopian. It will exist the moment we are fit
to occupy it."/ -- Sophia Lamb
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the devel