Reply To: Got me a brand new *FAST* VPS

[__]

Now, do the staging server and the production server have to be separate servers?

Don’t have to be. could be.

what if there’s some malicious PHP that gets merged into the master?

How many people do you plan on being allowed to push-at-will? Requests, sure. But actually move code to master, and the server? If your team is big enough, I could see having a few people that can push through to the server (dev) on their own authority, but not so many that you wouldn’t have selected them and know they are dependable. And I’d still have one specific person responsible for the live site.

And you forget: it’s git. If something goes bad, revert. Being distributed, you’re sure to have clean copies in a few places even if you don’t make off-site backups intentionally (but you should, of course).

I get that there should ideally be some code review but when you’re dealing with 20,000 SLOC…

Code review should cover every line, at some point. You might not look at a particular line personally, but break it into components and try to arrange it so at least two people do (one of whom was not involved in writing it).

How much of this is a practical problem, vs. theoretical? Are you actually setting up a million-line web app with thousands of contributors?

If so, then I’d say it’s time for a different process. IMO, completely auto-pushing works best for one-man teams with the occasional outside contribution. Large teams with big projects need more bureaucracy.