@polotek I'm now also worried I'm explaining myself poorly, and didn't have as interesting a point as I initially thought
It is, after all, Friday
@polotek I'm now also worried I'm explaining myself poorly, and didn't have as interesting a point as I initially thought
It is, after all, Friday
@polotek Sometimes, the management decision is going to be "deploy something now, and we can absorb the risk", and sometimes (possibly never with pw hashing) that decision is going to be right, and sometimes it'll be wrong
My point is "Sometimes Engineers need to listen to management and sometimes they need to push back", and a good Engineer is someone who knows which is which, and how to advocate for themselves when they need to
I agree with your point that sometimes Engineers need to accept oversight; I also agree sometimes they need to assert their expertise. I also think there's a trade off between those two positions, and that trade off is what I was trying to point out.
@polotek Sorry, I think I mean I understood you as asking engineers not to listen to management if they're asking to deploy something potentially unsafe, and also saying engineers often need more oversight from management
There's not a contradiction there exactly, and I think I agree with both statements, but I do think they're in tension?
@polotek The distinction between "managers should trust engineers and leave them alone to do their work", and "You don't need a managers permission to hash the fucking passwords. And in fact, part of your job is to do it even though they didn't ask you to." seems fairly subtle?