Hacker News new | past | comments | ask | show | jobs | submit login

Also the heuristic used to collapse file diffs makes it so that the most important change in a PR often can't be seen or ctrl-f'd without clicking first.





Blame it on go dependency lists and similar.

What do you even review when it's one of those? There's thousands of lines changed and they all point to commits on other repositories.

You're essentially hoping it's fine.

reply


Shipping code to production without evidence anyone credible has reviewed it at a minimum is negligence.

reply


You're claiming here that you do a review of all of your dependencies?

reply


For security critical projects, of course. I even reproducibly bootstrap my own compilers and interpreters.

reply


I've always considered the wider point to be that viewing diffs inline has been a laziness inducing anti-pattern in development: if you never actually bring the code to your machine, you don't quite feel like it's "real" (i.e. even if it's not a full test, compiling and running it yourself should be something which happens. If that feels uncomfortable...then maybe there's a reason).

reply




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: