What is the purview of a code review? Is it only about making sure the code meets technical standards, or are reviewers expected to comment holistically?
Reviewers are supposed to review holistically, and in cases where something raises larger questions (do we actually have approval for this change?) they shouldn't approve until those questions are resolved.
In this case I suspect the reviewers were supportive of the protest, and so approved it even though their authority didn't cover this kind of change.
I don't think any of these people should have been fired, but "by the book" is not a good way of characterizing this process. That would have been proposing the feature to management, getting their sign-off, and then making the code changes.
That sounds about right. So why doesn't Google fire the reviewers? If they don't, then they are inconsistently applying the standard. If they do, then they are punishing a coordinated employee action.
If Google just doesn't want unionized engineers, it could just fire all engineers. Obviously they need to balance their various objectives and firing productive people is costly to the business. I think they are hoping more to send a strong message to the whole company with as small a disturbance to the business as possible.
Because reviewers aren't held to the same level of responsibility for the content of the change as the author. Making them responsible for back-door vulnerabilities slipped in by employees compromised by a nation-state would grind the company to a halt.
My understanding is that Google is a rather bottoms-up culture regarding internal tooling, and that you don't normally need sign-off from management to take initiative and make changes to tooling like this. They're only mad that the particular change here involved labor organizing, which is obvious retaliation.
It kind of depends, not every task are the same. you won't review a trivial change the same way as a brand new feature.
Let's take for instance the fictional case of adding a list of website to a whitelist.txt. Maybe the source file had thousands of websites to be added. Anyone could add or remove some in the middle and no one would ever know
It looks good when you review it. but there is no way to check the data integrity (at review time), you can only rely on the good faith of your coworkers.
I am not saying that's what happened but this is a good example of how anyone could sneak-in arbitrary code that pass the code review.
