I always assumed that part of the reason you mandate pre-commit code reviews was... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

jayofdoom on July 20, 2020 | parent | context | favorite | on: Post-Commit Reviews

I always assumed that part of the reason you mandate pre-commit code reviews was to protect the business from a rogue developer. If you have a developer who is empowered to merge code that is continuously deployed to production before a code review is done, that developer could code something that exfiltrates data and could do a lot of harm before it's rolled back.

This insider attack is clearly viable since something like this happened with the recent Twitter hack of verified accounts.

antoinealb on July 20, 2020 [–]

I think this point is addressed in the article: they mention that you can (should?) implement reviews post commit, but before the code reaches production.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact