This only applies to DonationInterface and fundraising code, but
self-review also put us in PCI non-compliance [1]. We currently operate at
the self-assessed and certified PCI level A, but we have not precluded
formal certification at a higher level.
[1] - PCI-DSS v2 - 6.3.2
https://www.pcisecuritystandards.org/documents/pci_dss_v2.pdf
On Wed, Feb 27, 2013 at 11:30 AM, Matthew Walker <mwalker(a)wikimedia.org>wrote;wrote:
All,
I noticed when going through recent patches to DonationInterface that we
had an instance of someone not in fundraising self commit some code --
similar changes resulting from the same 'bug' were affected across our code
base. Admittedly this was was a minor textual fix - but as per [1] "Except
for documentation fix-ups, don't +2 your own code. 'Self-review is bad for
code quality and bad for morale.'"
I will admit I was in a terrible mood already today -- but discovering this
pissed me off. I am a strong advocate of never +2'ing your own code; and
this is especially true when you don't own the code in question. I don't
want to see this again.
[1]
https://www.mediawiki.org/wiki/%2B2#Revocation
~Matt Walker
Wikimedia Foundation
Fundraising Technology Team
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l