Rietveld: another code review aid [LWN.net]

By Jake Edge
May 7, 2008

With the release of Rietveld, another tool for those interested in doing web-based code reviews is now available. We looked at Review Board back in January. It was inspired by an internal Google tool, written by Python creator and Google employee Guido van Rossum, called Mondrian. That tool in turn spawned Rietveld.

The feature sets of Rietveld and Review Board are strikingly similar, which is not surprising as they both used Mondrian as a model. van Rossum originally wanted to turn Mondrian into a free software project, but it was too tied to "proprietary Google infrastructure", so he started over, with Rietveld as the result. Both tools are implemented in Python using the Django framework, but one major difference is that Rietveld is written to use Google App Engine.

There are multiple ways to get a set of patches into the Rietveld system to create an "issue"—the term used for a patch set undergoing review—from an upload of a unified diff to using a python script to retrieve the patches from a repository. Currently Rietveld only supports Subversion, but van Rossum would like to see support added for other version control systems over time. Review Board has a bit of a head start in this area, so it supports Mercurial, Git, Bazaar, Perforce, Subversion and CVS.

Once an issue has been created in the system, reviewers can then be invited to comment on the changes. Navigating through the diff is straightforward, with Javascript being used liberally to give an interactive "local application" feel to the interface. Double-clicking on a line brings up a comment box that a reviewer can fill in to attach some comments to that line. All comments are held as "drafts" until the reviewer is satisfied with their review at which point they "publish" the comments for the author and other reviewers to see.

The Rietveld project is free software, released under the Apache 2.0 license, while the application itself runs via the Google App Engine. Anyone can browse the system, but folks who have a Google account can add issues, comments, and conduct reviews using the tool. Because it uses App Engine, people wanting to try it out on their code need not find a server to install and run the application—as would be required with Review Board—they can just upload a set of patches, invite some reviewers, and proceed.

This kind of simplified deployment is one of the benefits that Google App Engine is meant to provide. For free software projects, where code review is purposely done in the open, Rietveld provides a way to quickly try the application out. Those who wish to keep their source code secret may want to install their own instance of Review Board or another tool. It may be possible to install Rietveld in a different environment by replacing the App Engine-specific pieces, but that clearly is not where it is targeted.

While Rietveld does not provide much in the way of additional functionality from Review Board—in fact it lags Review Board in some areas—it does provide a very nice introduction to the Google App Engine interface. Developers will undoubtedly be using the code as a template for their own ideas once Google makes more App Engine accounts available. Given the shared history, language, and framework, it isn't impossible to imagine that Review Board and Rietveld might join forces one day. Even if they don't, some cross-pollination is inevitable which will result in both getting better. Hopefully, with more projects using one or both, better code for the community is the result.

(Log in to post comments)

Rietveld: another code review aid

Posted May 8, 2008 16:10 UTC (Thu) by paulmfoster (subscriber, #17313) [Link]

From what I've read, the Google appengine code runs on Google servers, 
period. Does no one else have any concern about the scope and size of 
Google? Regardless of the supposed altruism of Google's founders, the 
larger they get, and the more you throw your lot in with them, the more 
you will be forced to play their game their way. Having dealt with Google 
several times, I can attest that they are not the most easy company to 
deal with. While Rietveld seems to be a kewl tool, it bothers me that it 
can't be hosted on my local server. Maybe it's just me.

Rietveld: another code review aid

Posted May 8, 2008 19:50 UTC (Thu) by jbailey (subscriber, #16890) [Link]

(obdisclosure: I'm a Google employee, but the usual these are my words not the company's blah
blah apply..)

Slashdot had a post[0] of someone porting appengine to Amazon's EC2 cloud.  I'd be really
surprised if some "GNU AppEngine" for standalone hosting on free platforms didn't show up.

Something I do like about Google is that they've (we've?) been pretty good about publishing
the APIs that are used and not minding when other people implement that API themselves.

[0] http://tech.slashdot.org/article.pl?sid=08/04/14/233213&...

google's tracking cookies

Posted May 9, 2008 13:16 UTC (Fri) by wingo (subscriber, #26929) [Link]

Neat project.

However the bit about requiring a Google login is pernicious. Because the google cookie is
(AFAIK) used both for applications and for ads, and the ads are everywhere on the internet, if
you login to use reitveld you're exposing yourself to being tracked by Google all across the
internet.

You're not only exposing yourself to Google, of course; since the NSA monitors all internet
traffic into and out of the US, you're exposing yourself to the US government as well. I'd be
surprised if they didn't have explicit code to track google cookies.

This does have implications, what with the patriot act, the green scare
(http://www.baltimorechronicle.com/2008/042808Lendman.shtml), the redefinition of terrorism,
indefinite detention, etc: it's easy to build a case against someone these days. Centralized
tracking, as implemented by google, is centralized power.

So I think that it's especially important that free software avoid ties to centralized power
like this.

google's tracking cookies

Posted May 16, 2008 3:56 UTC (Fri) by Duncan (guest, #6647) [Link]

That's one good reason to use privoxy or the like, to turn all cookies 
into session-only by default, if your browser doesn't have a similar 
feature or the controls aren't fine enough to do that in general but turn 
it off, allowing saved cookies, for some sites.  Konqueror has the option 
but it's set globally, and kills existing cookies one might want to keep, 
for a few sites, so I don't use it, but use privoxy instead.  One 
remaining problem is that privoxy, unlike the proxomitron I formerly used 
on MS which used the SSLeay libs to intercept secure connections if set to 
do so as well, simply bypasses secure connections, so be aware that any 
secure connection can still set saved cookies even if you have privoxy set 
to session-only cookies.  Still, that would allow one to use Google 
services with secure logins if desired (I'm still suspicious and haven't 
needed to, so don't), while using privoxy to block standard ad use of the 
same cookies.

I believe I was reading about a Firefox cookie switcher extension as well.  
It let you switch cookie profiles, so you can browse with Google (for 
example) cookies disabled most of the time, but switch profiles, enabling 
a saved cookie, them when needed.  As I said I don't tend to use Google 
login services so I've not needed something like this and passed it up, 
preferring cookiesafe's per-site approach.  I'm not sure how they'd work 
together nor do I remember what the name of the cookie profile switcher 
extension was, but I do remember seeing it.

That said, the general problem you refer to, that of huge conglomerates 
such as google expanding into more and more areas and gaining more and 
more power over our lives and privacy, and the greedy noses of the US and 
other governments on top of that, still exist, regardless of the measures 
individual users may take.

Duncan