[Python-Dev] I would like an svn account
Victor Stinner
victor.stinner at haypocalc.com
Sat Jan 3 03:53:21 CET 2009
Le Wednesday 31 December 2008 22:20:54, vous avez écrit :
> When it comes to commit privs in general, I am of the school that they
> should be handed out carefully. I for one do not want to have to
> babysit other committers to make sure that they did something
> correctly.
Last time I asked if anyone could help me in Python core if I had an svn
account, and I get this answer: everybody will review the changes. Anyway,
why do you fear problems? Did I already push buggy commits? I posted many
patches on Python bug tracker, most of them required many versions until they
get perfect. But it doesn't mean that with an svn account, I will skip the
bug tracker to wrote directly in the svn as my personal copy of Python!?
> I also want people who have no agenda. It's okay to have an area you
> care about, but that doesn't mean you should necessarily say "I will
> only work on math, ever, even if something is staring me right in the
> face!", etc.
I wrote that I would like to improve Python quality by fuzzing, but I already
contributed to many different topics by patches on the bug tracker.
> There is also dedication. I don't like giving commit privileges to
> people who I don't think will definitely stick around. (...)
I don't understand why this is a problem.
> To start, your focus on security, for me at least, goes too
> far sometimes. I have disagreed with some of your decisions in the
> name of security in the past and I am not quite ready to say that if
> you committed something I wouldn't feel compelled to double-check it
> to make sure you didn't go too far.
I'm not sure that I understood correclty: does it mean that some of my issues
were not reproductible in the real world (far from the real usage of Python)?
It's true that some issues found by fuzzing are hard to reproduce (require a
prepared environment), but my goal is to kill all bugs :-) Even if the bug is
hard to reproduce, it does exist and that's why I'm thinking that it should
be fixed.
Sorry if I misused the name "security" but I don't remember where I wrote
that "this issue is very security and related to security". Maybe by the
imageop issues?
--
About fuzzing: I'm still using my fuzzer Fusil on Python trunk and py3k, and I
find fewer and fewer bugs ;-) Most of the time I rediscover bugs already
reported to the tracker, but not fixed yet. So the fuzzing job is mostly
done ;-)
--
Victor Stinner aka haypo
http://www.haypocalc.com/blog/
More information about the Python-Dev
mailing list