Brad House wrote: >> Brad, sorry, I didn't mean to come across as negative. The point I was >> trying to make is that once a validation starts I can't afford to delay >> it to deal with problems that are discovered in the already frozen >> baseline, unless those problems are critical to the requirements of the >> paying sponsors. Hence we don't solicit general public input for >> in-process validations. ... > Yes, that is understandable. Any code going through validation at that > time cannot be touched. I think what Kyle asked for was prior to the > next validation starting, a 2-week window where people could provide > patches. Basically a 'last-call', or at least some projected timelines > for when it would be submitted so we know if the code is 'close-to-final' > before we try to provide patches (at least portability patches as is > my selfish concern). > Well, a single two-week window is reasonable. In thinking through the issue more I realize there is another reason I've not been anxious to solicit patches form the whole world. The deadlines in the validation process are asymmetrical in that we as the vendor have to keep to tight schedules to have any hope of obtaining a validation in time to be useful to the sponsors, while the timelines for test lab or CMVP response to our inputs are always open ended. That means that I can state a deadline, have contributers frantically scrambling to code or test in the short time allotted, only to find that nothing happens for days or weeks afterwards and as a consequence a mod from someone else may subsequently be slipped in with no fuss or bother. The poor guy that worked all night or through the weekend to meet the original deadline I announced isn't happy when that happens.
So a "last call" timeline is going to have to be with the understanding that I can't really predict when the final cut-off point occurs. I also think checking the head of that branch is worthwhile, because any new validation will start from that point. While new problems may be introduced with new development it's unlikely that any problems already there will spontaneously disappear. -Steve M. -- Steve Marquess Open Source Software institute [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
