Feature: Security benefit on having 2 or more Required Reviews no clear (Feedback) #2472
Labels
kind/enhancement
New feature or request
Comments
|
To protect against insider risks: if one maintainer is compromised, an attacker can send a PR and use the compromised account to LGTM their own PRs. X LGTMs requires X compromised maintainers, which is harder. |
2 tasks
|
I've created a PR #3013 to address this issue and try to make this benefit clear to the user too. Thanks for the explanation @laurentsimon ! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
Some maintainers had raised the question about whether it is really a relevant security best practice to have 2+ Required Review (related to the branch protection check)
Describe alternatives you've considered
The Branch-Protection check explanation could talk (or at least refer) an explanation on why it is important to have 2 or more required reviews
Additional context
electron/electron#35741 (review)
The text was updated successfully, but these errors were encountered: