We decided that everyone in the team is allowed to approve changes. If no one has reviewed your change within 24 hours you are allowed to approve it yourself. It will usually come up in the daily sync that a self approval is imminent, which usually leads to someone taking a look.
Self-approval leads to a road of sadness. For example, a theoretical company needs to self-renew an ssl cert. No problem, the cert will be stored with the rest of the secrets and retrieved in a secure way on deployment. Unfortunately if you don’t store the cert key in a secure way, the deployment still works fine and you don’t need to figure out the “onerous” encryption process.
So you push the private key to the company git repo, and then deploy the cert! Done and Done.
We have well established ways to deal with secrets. Also, everyone is responsible enough to not self approve changes where they do things they are uncertain of.
If you don’t establish an encryption mechanism for secrets that allows for automatic, in memory decryption on deployment from the start of your project, then your project is run by incompetent developers/ops specialists/architects/management/etc. and deserves to fail.
Who said anything about only requiring 1 reviewer?
And no, I did not drop an /s. You should try working for a healthy team where everyone takes collective responsibility and where the teams progress is more important than any one person’s progress.
I get the feeling you feel like I was somehow calling you out. I want to clarify the the intent of my message was more in the spirit of “wow must be nice” than “you’re making that up”. But also I’m just interested in how different your experience is from mine.
Who said anything about only requiring 1 reviewer?
I must have misunderstood. You said “If no one has reviewed your change within 24 hours you are allowed to approve it yourself.” To me, that sounds like, after 24 hours of no review, one self-approval is considered sufficient. That, in turn, seems to imply that before 24 hours, one non-self-approval is probably sufficient, no?
You should try working for a healthy team where everyone takes collective responsibility and where the teams progress is more important than any one person’s progress.
I’ve had team members in the past who are very self-focused, they tend to close a lot of tickets and look good, then get promoted out, leaving an unmaintainable mess behind. Allowing that is generally a failure of leadership. But right now, that’s not our problem, and what you describe is pretty much how we operate.
I’d love to work on a team where everybody took code review a lot more seriously, believe me, it’d be nice, but my team does generally get everything approved, with at least two non-self approvals, in under 24 hours. If something is getting ignored because people are busy and it’s a large change because we aren’t perfect, and there is some reason to get it in soon, it just takes a quick request on Slack to get the needed attention.
What I found surprising about your description was more that the potential of a self-approval coming up would, in itself, get people’s attention, rather than somebody reaching out personally and asking for a review.
Our big weakness is review quality, not quantity. It’s crazy the number of times I look at something and see the two or three approvals already, start going through it, and find issue after issue. I see that on other teams as well, where there’s usually only one or two devs who ever really make any comments on a review, it seems to be very common.
We decided that everyone in the team is allowed to approve changes. If no one has reviewed your change within 24 hours you are allowed to approve it yourself. It will usually come up in the daily sync that a self approval is imminent, which usually leads to someone taking a look.
genius!
Self-approval leads to a road of sadness. For example, a theoretical company needs to self-renew an ssl cert. No problem, the cert will be stored with the rest of the secrets and retrieved in a secure way on deployment. Unfortunately if you don’t store the cert key in a secure way, the deployment still works fine and you don’t need to figure out the “onerous” encryption process.
So you push the private key to the company git repo, and then deploy the cert! Done and Done.
We have well established ways to deal with secrets. Also, everyone is responsible enough to not self approve changes where they do things they are uncertain of.
If you don’t establish an encryption mechanism for secrets that allows for automatic, in memory decryption on deployment from the start of your project, then your project is run by incompetent developers/ops specialists/architects/management/etc. and deserves to fail.
Nevermind the idea that one reviewer is somehow sufficient, this sounds like pure fantasy. Did you forget a “/s”?
Who said anything about only requiring 1 reviewer? And no, I did not drop an /s. You should try working for a healthy team where everyone takes collective responsibility and where the teams progress is more important than any one person’s progress.
I get the feeling you feel like I was somehow calling you out. I want to clarify the the intent of my message was more in the spirit of “wow must be nice” than “you’re making that up”. But also I’m just interested in how different your experience is from mine.
I must have misunderstood. You said “If no one has reviewed your change within 24 hours you are allowed to approve it yourself.” To me, that sounds like, after 24 hours of no review, one self-approval is considered sufficient. That, in turn, seems to imply that before 24 hours, one non-self-approval is probably sufficient, no?
I’ve had team members in the past who are very self-focused, they tend to close a lot of tickets and look good, then get promoted out, leaving an unmaintainable mess behind. Allowing that is generally a failure of leadership. But right now, that’s not our problem, and what you describe is pretty much how we operate.
I’d love to work on a team where everybody took code review a lot more seriously, believe me, it’d be nice, but my team does generally get everything approved, with at least two non-self approvals, in under 24 hours. If something is getting ignored because people are busy and it’s a large change because we aren’t perfect, and there is some reason to get it in soon, it just takes a quick request on Slack to get the needed attention.
What I found surprising about your description was more that the potential of a self-approval coming up would, in itself, get people’s attention, rather than somebody reaching out personally and asking for a review.
Our big weakness is review quality, not quantity. It’s crazy the number of times I look at something and see the two or three approvals already, start going through it, and find issue after issue. I see that on other teams as well, where there’s usually only one or two devs who ever really make any comments on a review, it seems to be very common.