Approvers based on code owners
- To protect code, allow the ability for "code owners".
- Users indicate that they are responsible/own for specific parts of a codebase.
- If there's a change to a part of the codebase, the users owning that part should be involved in reviewing that change.
Design details to be worked out
- Indicate code ownership at the repo level by managing users associated with code directories.
- That code ownership information is directly checked into the code repository.
- For every code push to the source branch of the merge request, update the required approvers to include those who are code owners of the latest update of the source branch. As a first iteration, probably all those code owners should be "fully required" approvers as per #1979. I.e. they all have to approve at a minimum.
- Use notifications and system notes to update people that approvers have been added or removed.
- What happens when the code pushes add / subtract the required approvers? What happens to approvers who are no longer allowed approvers based on existing approvals logic?
- When creating a merge request, make the flow seamless so that you see the required approvers in that flow as long as the source branch already has a change compared to the target branch.
Maybe this is only interesting when you're using mono-repo's.
See the auditing part of https://secure.phabricator.com/book/phabricator/article/owners/ and https://www.chromium.org/developers/owners-files