There have been a few PR's lately that add permissions to tests via permissions.xml so that they pass under the security manager. 

The security manager focus is great, however if you are submitting a PR like this it would make reviewers jobs much easier if you include a simple justification of why the test needs the permission.

Basically if we have a permissions problem in our code we should not just be covering it up via permissions.xml in our tests, and as a reviewer is very hard to tell which permissions are genuinely needed.

Ideally this will take the form of the problematic stack trace in the PR, although if the test just needs a permission to do something test specific (like reading the ts.timeout.factor property) then a simple comment will suffice. 

Thanks,

Stuart