RFR: 673: PR author should be able to use /reviewers command [v3]

Kevin Rushforth kcr at openjdk.java.net
Tue Sep 15 15:09:20 UTC 2020


On Tue, 15 Sep 2020 13:32:01 GMT, Erik Helin <ehelin at openjdk.org> wrote:

>> bots/pr/src/main/java/org/openjdk/skara/bots/pr/ReviewersCommand.java line 111:
>> 
>>> 109:         }
>>> 110:
>>> 111:         if (pr.author().equals(command.user()) && !censusInstance.isReviewer(command.user())) {
>> 
>> Maybe simplify this to just `! isReviewer`? Including the test for `is author` doesn't really add value (removing it
>> seems to better reflect the intent and might be safer / more future proof).
>
> No, we don't want people who are _not_ the PR author and who are _not_ Reviewers to be able to increase the required
> number of reviewers. Allowing that makes it possible to harass pull request by e.g. registering a spam account and just
> drop a bunch `/reviewers 9` in a number of PRs.

I agree, but that isn't related to this block (your concern is a good one and is handled by the previous block). By
adding the `author &&` to `!reviewer` it makes this less restrictive not more. In any case, it doesn't matter...at
least not given the prior test.

-------------

PR: https://git.openjdk.java.net/skara/pull/820


More information about the skara-dev mailing list