[ros-dev] Vote: code auditing

Ged Murphy gedmurphy at gmail.com
Fri Feb 17 00:00:38 CET 2006

Ged Murphy wrote:

 >  B - Sections of ReactOS which require auditing are 'locked',
 > that being that the source is fully available to download and
 > build, but no development work should be undertaken until
 > the said code has passed the audit. The lock will be
 > removed only when that section of code has been audited.

I am in agreement with proposal B, freezing of un-audited sections. Here 
are my reasons:

Firstly I'll elaborate on what a lock does:
Any developer can 'get-a-lock' on a file. Having this lock means only 
that developer can commit to that file*. A locked file cannot be 
modified, deleted or renamed in the repository by anyone else.

To set a lock on a file, you lock it as per your client syntax and set 
the subversion property svn:needs-lock. When this property is set on a 
file, a checked out or updated file is made read only locally. (except 
for the person who holds the lock*). This acts as a warning that the 
file should not be modified. Users of Tortoise will also have a 
graphical overlay stating a file is locked.

Locks can be removed by any developer in a process called 
breaking-the-lock. (ownership of the lock can also be taken known as 
stealing-the-lock, although that's not important for us). The ability to 
Break the lock ensures that no one developer has control over the lock. 
Anyone can remove a lock at any time.

Users and developers alike will not notice a lock unless they try to 
modify locked code, so it would in no way inhibit general usage.

*(a user named 'audit' can be set up to do the initial locking of the 

What the lock would do is act as a barrier for any further development 
on non-audited code. Code which has not been audited must be deemed as 
'tainted' until it has passed an audit.

I do however think that what we deem as tainted can be narrowed down. 
All usermode applications along with all Wine libs and many other areas 
(to be discussed) will bypass the lock immediately.

Code which has not yet passed the audit should not be improved, 
committed to, developed (whatever the phrase). There are 2 good reasons 
for this. Firstly, there is a possibility that this code needs to be 
removed, so it is a complete waste of a developers time to improve this 

Secondly (and most importantly), by freezing this code, it puts more of 
an incentive on developers to audit it. e.g. if someone is working on 
some code which requires a particular section of un-audited code to be 
modified, or exposes a bug in some un-audited code, the developer must 
audit the said code in order to fix the problem. Only then will they be 
able to take advantage of this with their ReactOS improvement/addition.

If this code wasn't frozen, the chances are, the developer will tweak 
the un-audited code and carry on regardless. Thus un-audited code will 
tend to take a back seat.

I agree with Gé, in that if some method is not put in place to ensure 
our code is audited, people will conveniently forget about it.

Not only must we been seen to be pro-active with the audit for the 
general public to see (e.g. osnews, slashdot), but we must also ensure 
we do not alienate developers who feel _very_ strongly about the 
un-audited code. By reopening the repository, with the addition of 
locking un-audited code, I think we can strike a fair compromise for all 
parties, and ensure the audit takes place.


More information about the Ros-dev mailing list