I had no idea this issue had been identified. While I find this tool very useful, the project is seeming rather questionable to me now.
I had no idea this issue had been identified. While I find this tool very useful, the project is seeming rather questionable to me now.
Aaaand thats why all commits should be signed with your pgp key
It sounds like they weren’t using any form of version control, so that’s definitely on them at this point
What makes you say that? To me, it sounds like that’s what they do have cause they tracked the change back to him. The commit message obviously said nothing about the file.
Ah I could see that. I took it as them not knowing where the file came from at all, so they’re just asking all the devs who would have had access at that point, which is why it was “hey do you know anything about this file?” and not “is there a specific reason you committed this file to the build?”
You think they’d call up devs who left them just to ask if they happen to know about a random file?
I mean, that’s what op said happened. Literally with the verbiage of “file we found” and not “file you committed”
I did mean random devs, not the dev they tracked down that made the change.
Right, I based it on an estimate on the size of the company and how many devs they’ve had. But if a 7MB file doubled their build size and nobody noticed for 5 years, it likely wasn’t code reviewed or committed and rather just added somewhere, It’d be my guess that it’s a pretty small team, and if they’re willing to call anyone at this point anyway as they only have a few devs, and not just remove the file, they’re probably unsure on if it serves any sort of point, which usually would be clear in a commit or PR