Board Thread:General Discussion/@comment--20150814190019/@comment-24473195-20150815170149

Deadcoder wrote: While I'm glad that staff is finally taking security seriously, I'm worried about evaluation times. Perhaps Wikia should do this: users who have a reputation of safe useful Javascript edits can edit scripts "where they have the rights" without evaluation. Everyone else gets their code evaluated. As more edits are made, your reputation grows and eventually, you get an additional permission, and you no longer need your code audited. That sets a bad precendent. There are many admins and users who have been good editors for years, but one day they decide to simply go rogue and start vandalising or making a mess of wikis.

That's like saying that police officers who have been competent for a decade shouldn't be evaluated or that "internal affairs"  aren't needed. The fact remains that many police officers may become corrupt, and that even those people who have the best intentions sometimes may unknowingly make mistakes that expose others to danger.

Code-review means that even code-reviewers themselves should (at least if it is implemented correctly) also have to submit their own code for review.