Author: Prayank 2021-10-01 15:55:15
Published on: 2021-10-01T15:55:15+00:00
The email exchange between Prayank and ZmnSCPxj discusses the importance of review processes in ensuring the security of projects, specifically in the context of Bitcoin development. They agree that reviews are necessary to catch potential vulnerabilities, and caution against using unmerged PRs in production without careful review. Prayank suggests an exercise to test the review process by inserting vulnerability-adding PRs under pseudonyms, with the intention of publicly praising successful catches and privately reporting any failures to the maintainers for correction. ZmnSCPxj agrees that this is a valuable exercise, but underscores the need for private handling of any vulnerabilities found in the review process, treating them with the same care as code vulnerabilities.
Updated on: 2023-06-15T02:26:17.421165+00:00