C4 discussion
Gingeropolous posted this 7 years ago
Is there a thread to discuss this yet?
Here are the logs
I read through them quickly, and I didn't see any mention of the fact that the process is to be done exclusively on the dev branch. To me, this helps nullify the concern of some that malicious actors will be able to sneak stuff in. So this is how I understand it will work based on conversations, reading logs, etc. And for whatever reason I think in psuedocode.
for i = 1 to 180 days # 6 months of 30 days each, this is a magic for loop that knows when a day passes
{
1. new PR gets eyeball review
2. PR is merged to dev branch
3. if merge == crap, new PR made to address crap, goto 1. elseif, goto 4
4. if i == 180, merge to master. elseif, goto 1
}
Once in master, this is the code freeze essentially. Then 6 months roll by, and a release is tagged.
I also note that this C4 seems unique and addresses a different component of governance than that described in this year in review post
Of course, this doesn't entirely address the malicious actor or cohort of actors - a backdoor can go undetected during testing on testnet, for instance.