Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Still fighting with the CTO on letting people other than him do code reviews. We don't do retrospectives and code reviews also take months. I also have to fill out a change request form (CRF) that has the git hash, list of files modified, and many other useless and redundant fields that are required.


I don't think I know a single engineer that would tolerate working in this environment.


> code reviews also take months

Wow. I don't think I would have lasted even the first month there.

Sounds not healthy.


It's rough, I'm looking =)


Wait, based on the article and your name, are you talking about Figma?


No chance this is Figma


Why not? It seems plausible to me.

The article came off as if the company is run by designers, not engineers. While the engineers I know generally appreciate some feedback, they don't need much of it on engineering questions. UX and design, however - bring it on! So "eng crits" sound like... learning exercises for juniors? If it works for them, that's good, but I don't see myself sending my CV over, at least not based on this article.


There is another post that mentions PCI compliance, but I don’t see how all of Figma falls under needing PCI compliance.


Good point!


No, I do not work at Figma lol


why is this being downvoted? I was wondering the exact same thing.


Never knew you could download comments! (sorry)


If the job market was better I'd tell you to quit. That sounds awful, and wildly irresponsible behavior from a CTO.


Who knows, maybe the product is stable and wildly successful.


It's not...


> code reviews also take months

Seems wildly counter-productive, as I'm guessing there will be a ton of merge conflicts.


This sounds like the worst version of SOC controls.


It's all for "PCI Compliance" lol


How is it for PCI compliance? Which of the PCI DSS requirements outlines this?


Got me, first time I've ever had to fill out something like this


Section 6.5: "Changes to all system components are managed securely."

6.5.1 is probably where the CRF form came from.


There’s a lot you can do with ‘separation of responsibilities’.


Can't you have normal peer review with the rest of the team in lower level branches? Have everything work out as "normal" with PRs and whatnot, then when you want to merge develop into master or whatever, then do the CRF and CTO review?

Everybody then gets what they want.


It's a mix of ego and people not knowing what they are doing. I had to fight my first month just to get code into BitBucket. Before that, it was a server in rackspace you pushed to as the root user.

Because the CTO only does the code reviews, people create the PR and the CRF. Issue is because it takes so long, the CTO wants merge conflicts resolved before it's reviewed. Problem with that is, no one remembers the context a month (or longer later).

I have A LOT of spare time so I will often help out with doing reviews but because I'm not allowed to merge or deploy code, it's more of helping junior engineers write better code.


Yikes! How is this tolerated?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: