diff options
author | Philippe Lafoucrière <philippe.lafoucriere@tech-angels.com> | 2018-11-19 07:43:41 -0500 |
---|---|---|
committer | Philippe Lafoucrière <philippe.lafoucriere@tech-angels.com> | 2018-11-19 07:43:41 -0500 |
commit | c9b8bc490d7d02b64bd550261bb599a534546453 (patch) | |
tree | 33624dc2a792682e7b6ab950526807be9cd98c23 | |
parent | 696907fdf75c634d8e694606104d6988eb243529 (diff) | |
download | gitlab-ce-c9b8bc490d7d02b64bd550261bb599a534546453.tar.gz |
Create linkable section for security requirements
-rw-r--r-- | doc/development/code_review.md | 18 |
1 files changed, 10 insertions, 8 deletions
diff --git a/doc/development/code_review.md b/doc/development/code_review.md index 9970bd88060..9b63017dbb9 100644 --- a/doc/development/code_review.md +++ b/doc/development/code_review.md @@ -29,6 +29,13 @@ or more [maintainers](https://about.gitlab.com/handbook/engineering/#maintainer) For approvals, we use the approval functionality found in the merge request widget. Reviewers can add their approval by [approving additionally](https://docs.gitlab.com/ee/user/project/merge_requests/merge_request_approvals.html#adding-or-removing-an-approval). +Getting your merge request **merged** also requires a maintainer. If it requires +more than one approval, the last maintainer to review and approve it will also merge it. + +As described in the section on the responsibility of the maintainer below, you +are recommended to get your merge request approved and merged by maintainer(s) +from other teams than your own. + 1. If your merge request includes backend changes [^1], it must be **approved by a [backend maintainer](https://about.gitlab.com/handbook/engineering/projects/#gitlab-ce_maintainers_backend)**. 1. If your merge request includes frontend changes [^1], it must be @@ -41,20 +48,15 @@ widget. Reviewers can add their approval by [approving additionally](https://doc **approved by a [UX lead][team]**. 1. If your merge request includes a new dependency or a filesystem change, it must be **approved by a [Distribution team member][team]**. See how to work with the [Distribution team](https://about.gitlab.com/handbook/engineering/dev-backend/distribution/) for more details. + +### Security requirements + 1. If your merge request is processing, storing, or transferring any kind of [RED data][red data], possibly orange data too, it must be **approved by a [Security Engineer][team]**. 1. If your merge request is implementing, utilizing, or related to any type of authentication, authorization, or session handling mechanism, it must be **approved by a [Security Engineer][team]**. 1. If your merge request has a goal which requires a cryptographic function such as: confidentiality, integrity, authentication, or non-repudiation, it must be **approved by a [Security Engineer][team]**. - - -Getting your merge request **merged** also requires a maintainer. If it requires -more than one approval, the last maintainer to review and approve it will also merge it. - -As described in the section on the responsibility of the maintainer below, you -are recommended to get your merge request approved and merged by maintainer(s) -from other teams than your own. ### The responsibility of the merge request author |