Brandon Turner wrote
" B - Sections of ReactOS which require auditing are 'locked', that being that the source is fully available to download and build, but no development work should be undertaken until the said code has passed the audit. The lock will be removed only when that section of code has been audited."
I have asked 3-4 times but still havent got an answer as far as I can tell. Does the definition of "audit" in the pharse mean the code needs to be looked through and documented and bad code be marked. Or does it mean all that and the marked code needs to be rewritten for it to be considered "audited".
Here is my understanding (although I'm not saying it's correct)
First of all, we must take the authors word on whether something needs auditing or not. If a particular author says the code which he wrote is clean, then this automatically bypasses the audit. This clears up James' worry about his dll code which he has declared clean.
If an author can't be contacted, it is classes as unknown and must go through the audit process.
Once we have a list of all code which has not been verified, a new SVN user is generated and he is used to lock all the code (this is done with a separate user to avoid certain features of SVN lock)
Any developer is able to remove a lock. Locking the code only really acts as a reminder that the code has not passed an audit. This code shouldn't be modified / improved until it has done so. The lock therefore ensures all the code is audited and nothing is missed. It also acts as an incentive to get the code audited. Without the lock, I think it will be conveniently forgotten about.....
Once code has been locked how does it get out of locked status?
I think there are 3 possibilities: - look through the code looking for anything even remotely strange. (I think Alex's description which I have linked to the end of this mail makes some good points). If all the code seems perfectly legitimate, it passes the audit and the lock is removed. - If code doesn't seem legitimate, search for documentation. If docs are found to cater for all the questionable code, the docs are added and the code passes audit. - If the code doesn't seem legitimate and docs can't be found, then the code is deemed dirty and further action must be taken (e.g. part of the code rewritten, all the code rewritten, docs written, etc). This would have to be discussed at greater length.
HTH
Ged.
************************************************************************ The information contained in this message or any of its attachments is confidential and is intended for the exclusive use of the addressee. The information may also be legally privileged. The views expressed may not be company policy, but the personal views of the originator. If you are not the addressee, any disclosure, reproduction, distribution or other dissemination or use of this communication is strictly prohibited. If you have received this message in error, please contact postmaster@exideuk.co.uk mailto:postmaster@exideuk.co.uk and then delete this message.
Exide Technologies is an industrial and transportation battery producer and recycler with operations in 89 countries. Further information can be found at www.exide.com
-
Murphy, Ged (Bolton)