I should've said: if a fix is for a potential security issue, please don't create a pull request (they are public), instead send a patch to openssl-secur...@openssl.org.
You can create an appropriate patch file by doing something like this: $ git format-patch <revision to diff against> --stdout > your.patch On 24 April 2014 10:06, Ben Laurie <b...@links.org> wrote: > Note that this is just how to help me, not a consensus view from the > whole team, though I have no doubt much of it will be helpful to the > team, too. > > 1. Triage RT (https://rt.openssl.org/). > > RT has been neglected for a long time. People could usefully go > through it and identify: > > a) Tickets that can be closed > > b) Tickets that should have action taken, and how urgent that action is. > > If a ticket describes a potential security issue, then please don't > just announce it to the list. Instead send it to > openssl-secur...@openssl.org. > > In order to avoid duplication of effort, perhaps someone should set up > a github repo (or something else) assigning ranges to volunteers? It > might also be useful to use the same repo to hold the triage results > (so things can be ticked off as they are actioned). > > See also points 3, 4 and 5. > > 2. Triage Github pull requests > > There are less of these, and I do try to look at them from time to > time, nevertheless I think we are behind. > > 3. Write fixes > > Where an issue does not come with a patch, write a fix for it. Please > try to remain consistent with local style (yes, I know style is all > over the place, sorry about that, but there's no need to make it > worse). > > Please make sure fixes build and that "make test" passes. > > 4. Convert fixes to pull requests > > Pull requests are the easiest way to deal with incoming code. Note: > please _don't_ make public pull requests for security issues! > > 5. Port pull requests across all branches > > Whilst it is often possible to cherry-pick pulls across the branches, > it also fairly often fails. Having someone do the legwork to fix that > is very helpful (or say that the pull works across all branches). > > 6. Write new tests > > Our test suite sucks. More tests is better. > > NOTE: I have not suddenly got more time to deal with OpenSSL stuff, so > this process may well result in a backlog, but it will certainly make > the use of what time I have more efficient. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
