this post was submitted on 17 Sep 2024
454 points (99.1% liked)

Open Source

31217 readers
167 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
 

I had no idea this issue had been identified. While I find this tool very useful, the project is seeming rather questionable to me now.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 26 points 1 month ago (1 children)

Aaaand thats why all commits should be signed with your pgp key

[–] [email protected] 10 points 1 month ago (1 children)

It sounds like they weren’t using any form of version control, so that’s definitely on them at this point

[–] [email protected] 18 points 1 month ago (1 children)

What makes you say that? To me, it sounds like that's what they do have cause they tracked the change back to him. The commit message obviously said nothing about the file.

[–] [email protected] 5 points 1 month ago (1 children)

Ah I could see that. I took it as them not knowing where the file came from at all, so they’re just asking all the devs who would have had access at that point, which is why it was “hey do you know anything about this file?” and not “is there a specific reason you committed this file to the build?”

[–] [email protected] 6 points 1 month ago (1 children)

You think they'd call up devs who left them just to ask if they happen to know about a random file?

[–] [email protected] 1 points 1 month ago (1 children)

You think they’d call up devs who left them just to ask if they happen to know about a random file?

I mean, that’s what op said happened. Literally with the verbiage of “file we found” and not “file you committed”

[–] [email protected] 1 points 1 month ago* (last edited 1 month ago) (1 children)

I did mean random devs, not the dev they tracked down that made the change.

[–] [email protected] 1 points 1 month ago* (last edited 1 month ago)

Right, I based it on an estimate on the size of the company and how many devs they’ve had. But if a 7MB file doubled their build size and nobody noticed for 5 years, it likely wasn’t code reviewed or committed and rather just added somewhere, It’d be my guess that it’s a pretty small team, and if they’re willing to call anyone at this point anyway as they only have a few devs, and not just remove the file, they’re probably unsure on if it serves any sort of point, which usually would be clear in a commit or PR