Firewall Wizards mailing list archives
Re: Code review/audit and/or version control
From: Kevin Steves <kevin () atomicgears com>
Date: Fri, 26 Jul 2002 17:36:07 -0700
On Mon, Jul 22, 2002 at 11:46:24AM -0400, Joseph S D Yao wrote:
If you are doing version control, you have access to previous versions and the commentary from when it was checked in. Just as with in-line comments, the version control comments have to be MEANINGFUL, not just "made changes."!!!
I generally prefer short commit messages, that briefly communicate what was changed and why. I can read the diff for the details of what--the message should provide hints as to whether you want to drill down into the diff. Also, there should generally be one change/fix/etc. per commit. Different project has varying levels of rigor in this area.
ISTM that the old versions can be used to good advantage in two ways: (1) New version introduces greater and unforeseen (of course!) security problem; quickly get out old version with known but lesser security problem, and also re-install whatever shim we had used to work around the security problem until the "fixed" version was installed. (2) Determine that the neat new way to do something has already been tried, and read the MEANINGFUL version control comments to determine why it was removed from service!
Yes, having revision history is invaluable. -- Kevin Steves | kevin () atomicgears com Atomic Gears LLC | http://www.atomicgears.com/ _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Code review/audit and/or version control George Capehart (Jul 22)
- Re: Code review/audit and/or version control Joseph S D Yao (Jul 22)
- Re: Code review/audit and/or version control George Capehart (Jul 22)
- Re: Code review/audit and/or version control Joseph S D Yao (Jul 23)
- Re: Code review/audit and/or version control Kevin Steves (Jul 26)
- Re: Code review/audit and/or version control George Capehart (Jul 22)
- Re: Code review/audit and/or version control Joseph S D Yao (Jul 22)