On Wed, Dec 11, 2013 at 2:38 PM, Tyler Romeo <tylerromeo(a)gmail.com> wrote:
I can definitely understand the reasoning behind this.
Right now with both
Gadgets and common.js we are allowing non-reviewed code to be injected
directly into every page. While there is a bit of trust to be had
considering only administrators can edit those pages, it is still a
security risk, and an unnecessary one at that.
I like the idea of having gadgets (and any JS code for that matter) going
through Gerrit for code review. The one issue is the question of where
would Gadget code go? Would each gadget have its own code repository? Maybe
we'd have just one repository for all gadgets as well as common.js
(something like operations/common.js)? I don't think sending wiki edits to
Gerrit is too feasible a solution, so if this were implemented it'd have to
be entirely Gerrit-based.
Could FlaggedRevs, perhaps with some modifications, be used to implement a
review process?