Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

From viewpoint of security and separation of concerns giving unlimited access to everything by virtue of "everything" being stored in one giant repo sounds exceptionally short-sighted. A single rogue actor would be able to insert code to any component of choice instead of working on isolated repo with people who specifically know it and approve the code: the monorepo is a "big ball of mud" with vague shared responsibility that defers to people who worked on "specific parts" but they lack any authority or control, auditing the entire codebase doesn't scale.


Monorepo != all devs having merge permissions to all directories. Every single large monorepo company will have granular permissions on who can approve PRs into which directories based on team ownership. This is orthogonal to monorepo vs polyrepo.


Codeowners file + required review from the owner team solves like 90% of those worries




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: