We should also be talking about what the pushed code does. If this is true, it enables them to block certain payments from the Treasury, while hiding the fact that they are blocking them.
Is there any legitimate use for that? If you're not going to pay, say that you're not going to pay, and why.
I’ve worked on government IT systems and their definition of fully QA’ed code can be pretty heavy.
The project I worked on required that changes to be printed, documented, bound in a paper manual, and put on a shelf after it went through a QA process where somebody had to write a test script, print, and bind that. There was a whole acceptance procedure that a state official had to sign off on after all that before it was deployed.
That was only what happened after a feature was implemented—I can’t imagine what it must have been like to define, design, and implement the feature.
A lot of that is OK, but the insistence the state had on print, binding, and shelving the documentation felt a bit extreme. It also took forever to get changed from idea to production, which is a feature or a bug depending on your agenda.
* A single pseudonymous jr engineer (3 years graduated from Rutgers) is making edits to the Treasury department payments system.
* The new code is being deployed directly to production rather than going through the regular release cycle (dev, staging, etc).
* There are no tests.
It almost doesn't matter what the code does.