back to article Google now requires two staff to sign off each Go change

Google is planning to tighten the security around its open source Go programming language by requiring two Google employees to be involved in code changes, where previously only one approver needed to be company-affiliated. "For compliance and supply chain security reasons, Google recently revisited the code review …

  1. Anonymous Coward
    Anonymous Coward

    3+ for internal ?

    Hopefully internally the requirement would be 3+ google employees randomly selected from diverse teams around the globe.

    I'm not going to say which company I've seen it happen, or in what country. But some company in the past 40 years employed a developer that was outputting high quality code at insane rates (it was almost like a large team of developers were generating that individuals code). Needless to say that the manager of that individual was promoted and the developer was moved into position where they could manage their own hand-picked team, all of which amazingly were outputting high quality code at insane rates (it was almost like a small team of developers were generating each individuals code). Soon this team of god like coders had their fingers in every pie at said company .... anyhow long story short, after a number of years it eventually came to light that the company had hired an entire department of spies.

    1. Anonymous Coward
      Anonymous Coward

      Re: 3+ for internal ?

      In this day and age, the unwritten requirement will be the approvers have to be....

      Different races

      Straight, gay and Questioning

      Male, Female, and Transgender...

    2. DS999 Silver badge

      Re: 3+ for internal ?

      I can understand why the superhuman coder was promoted and got to build his own team, but why was his manager promoted? What did he have to do with that guy producing reams of code?

      1. Craig 2

        Re: 3+ for internal ?

        Obviously you've never dealt with management.... generally they get promoted for their underling's work!

        1. NoneSuch Silver badge

          Re: 3+ for internal ?

          Most managers get promoted by not getting caught.

      2. Someone Else Silver badge

        Re: 3+ for internal ?

        It was clearly an American business, and that's how we roll on this side of the pond.

        Besides, 40 years ago was the Go-Go '80s, where Greed was God, and business, especially American business, was incestuous.

    3. Anonymous Coward
      Anonymous Coward

      Re: 3+ for internal ?

      Cool story bro!

  2. Forget It

    Going to A Go Go ...

    else Stop Go

  3. Aitor 1

    Bean counters

    In my opinion, this is a sign bean counters and powerpoint creators have taken over and org.

    Why? It does sound all good and reasonable. Hey, in my company we have a three people sign off... But is it reasonable?

    I suspect that approvers won't have enough time or expertise 5o fully understand the consequences of the changes or the quality of them. I think so because I myself frankly don't have time except for the most egregious issues, and subtle breakage of chain of supply would mean subtle changes.

  4. Version 1.0 Silver badge

    Scott Adams has documented this

    So the PHB has a plan to avoid any issues for himself, maybe it will work, maybe not - and if not then the PHB will just propose a new plan and blame Dilbert. 50% chance of the icon.

  5. trevorde Silver badge

    Does not address real problem

    which is third party libraries

    1. VoiceOfTruth Silver badge

      Re: Does not address real problem

      Up to a point I agree with you. So many people (who call themselves 'developers') just go and import abc, or the equivalent in whatever language, without reviewing any of the code contained therein. This is mentioned in the article. We see from time to time how this comes back and bites them on the backside.

      But this seems to be more about the core language. After all, there is no requirement to use third-party packages. Most of us do it because it is convenient.

  6. Anonymous Coward
    Thumb Up

    I can't fault the concept

    The proof will be in the pudding of implementation.

    But in an age of computerized (I refuse to call them AI) code reviews with minimal human review, it sounds like something all language developers (or even all developers) should consider.

  7. Andy 68


    I know this is not the thrust of TFA, but isn't this the logical conclusion of Gerrit?

    I've only worked at one place that used it, but all I could see was a bureaucratic sludge on top of git.

    It _looked_ like something designed to empower PHBs/control freaks/God coders to engage in the development process.

    Genuine question - it could be either the implementation I saw, or my inability to see its strengths....

    1. Kevin McMurtrie Silver badge

      Re: Gerrit

      You have no idea how bad it is. Google's codebase is the '<- deprecated | not ready ->' road sign meme with Kool Aid guzzlers in charge of it. A code review can have 5 people arguing with each other about which APIs you're using and another 3 people arguing with each other about variable names and whitespace placement. Each believes they have god-like powers of code improvement yet none of them will notice critical product flaws.

    2. n_c

      Re: Gerrit

      Gerrit is code review for masochists

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like