-
Notifications
You must be signed in to change notification settings - Fork 0
Begin documenting a basic review process #86
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Open
Gnuxie
wants to merge
7
commits into
main
Choose a base branch
from
gnuxie/contribution-risk
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Changes from all commits
Commits
Show all changes
7 commits
Select commit
Hold shift + click to select a range
ca58c0d
Begin documenting a basic review process
Gnuxie c1b8f84
Note about the purpose of the document.
Gnuxie b76e150
Create a Contribution risk and response document.
Gnuxie 18e4959
Pull requests labels.
Gnuxie 2757f9b
typo
Gnuxie 77a3b96
Add trust under sight section on reviewing summarised contributions.
Gnuxie c43ddae
Add a note about LLMs
Gnuxie File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,133 @@ | ||
| # Contribution risk and response | ||
|
|
||
| > [!IMPORTANT] | ||
| > | ||
| > We are unable to accept LLM assisted or generated contributions, as we do not | ||
| > feel confident that it is possible for any party to fulfill their obligations | ||
| > under NLnet's generative AI policy | ||
| > https://nlnet.nl/foundation/policies/generativeAI/. | ||
|
|
||
| This document is about assessing and responding to risk. This document does not | ||
| change the nature of review. Reviews are supposed to be optimistic and | ||
| encouraging. The obligation to help contributors achieve their goals and merge | ||
| the PR lies with the maintainers, not the contributor. Always be prepared to | ||
| make requested changes yourself to see the contribution through. However | ||
| reviewers are never obliged to approve a change if they are not confident in the | ||
| change's correctness or safety. | ||
|
|
||
| ## Quick contribution risk check | ||
|
|
||
| Does any of these contexts apply to the contribution? | ||
|
|
||
| 1. [ ] Security | ||
|
|
||
| 2. [ ] Infrastructure | ||
|
|
||
| 3. [ ] Uncertainty | ||
|
|
||
| 4. [ ] Impact of failure and or bugs | ||
|
|
||
| If you are going to do any critical thinking and review, please think critically | ||
| about how the contribution impacts the system first. These are a guideline but | ||
| you must use your own judgement to determine the level of risk. | ||
|
|
||
| Use the pull request labels to assign risk contexts to pull requests. | ||
|
|
||
| ## Risk classification | ||
|
|
||
| - Minimal if none apply | ||
|
|
||
| - Sensitive if one apply | ||
|
|
||
| - Critical if two or more apply. | ||
|
|
||
| ## Contexts | ||
|
|
||
| ### Security | ||
|
|
||
| The contribution has subject matter related to security. Examples include: | ||
|
|
||
| - Authentication | ||
| - Cryptography (including policy hashes) | ||
| - Untrusted input | ||
| - Access control (both host and guest (ie Matrix)) | ||
|
|
||
| ### Infrastructure | ||
|
|
||
| The contribution has subject matter related to infrastructure. Examples include: | ||
|
|
||
| - Changes in dependencies | ||
| - Changes to CI | ||
| - Changes to contributor workflow | ||
| - Changes to the repository | ||
|
|
||
| ### Uncertainty | ||
|
|
||
| The contribution carries a lot of uncertainty. Examples include: | ||
|
|
||
| - Reviewer lacks subject knowledge and must trust other experts. | ||
| - Large Contribution (300-500+). | ||
| - Lack of upfront planning or design. | ||
| - Limited communication with contributor. | ||
|
|
||
| ### Impact | ||
|
|
||
| Consider specifically how problems in the change would be triaged if they were | ||
| buggy. | ||
|
|
||
| ## Risk Response | ||
|
|
||
| ### Quick checklist | ||
|
|
||
| - Sensitive changes and above should have a test plan. | ||
| - Sensitive changes and above should have the pull request checked out by the | ||
| reviewer. | ||
| - Sensitive changes and above should have all security sensitive code analysed | ||
| and discussed. | ||
|
|
||
| ### Checking out the PR | ||
|
|
||
| Check out the PR locally, don't just rely on the webview. Go through the changes | ||
| files in your editor (use | ||
| https://marketplace.visualstudio.com/items?itemName=GitHub.vscode-pull-request-github). | ||
|
|
||
| Make sure everything is as expected. For changes involving UI, run the bot | ||
| locally and try to evaluate the feature yourself. Following the test plan if | ||
| available. | ||
|
|
||
| ### Reviewing security sensitive changes | ||
|
|
||
| Think pessimistically about authentication and control flow through the | ||
| application. And think about how we arrive to the portion of code in question, | ||
| and where we go next. Think about the bigger picture and then the smaller | ||
| details. If anything is unclear, you MUST not continue, and instead ask for | ||
| clarification or get someone else involved. | ||
|
|
||
| ### Test plans | ||
|
|
||
| Pull requests with sensitive or critical risk should include a plan that | ||
| demonstrates the testing that the contributor has taken. This should be detailed | ||
| enough so that the reviewer can reproduce. | ||
|
|
||
| ## Expectations management | ||
|
|
||
| Always try to get upfront communication with contributors to exchange | ||
| expectations before they commit to significant work. New contributors are often | ||
| ambitious, and so it is important to try get them to scale down their work or | ||
| even plan it to maximise their chances of success. | ||
|
|
||
| This is especially important because big changes made by unfamiliar contributors | ||
| will always carry significant risk. Even when these changes concern | ||
| documentation. | ||
|
|
||
| When an unsolicited pull request is opened, it's important to try establish | ||
| these expectations retroactively. And to identify and communicate risk. | ||
|
|
||
| ## Trust under sight | ||
|
|
||
| When a contributor summarises work, it's very important to recognise that this | ||
| summary is a declaration of intent, and can only be used within the context of | ||
| expectations management. A summary of changes in the pull request description, | ||
| can never be trusted to provide an exhaustive list of changes made in the | ||
| contribution. It is essential to check the substance of any contribution in | ||
| exhaustion, irregardless of any surrounding context. | ||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.