On Fri, 24 May 2019 16:39:51 +0200, Matt Caswell wrote: > > > > On 24/05/2019 15:30, Richard Levitte wrote: > > > > Not in practice. We *do* ask on the PR in question if it should be > > cherry-picked to 1.1.1 and seek approval for that action, but then it > > hasn't at all been clear what should happen regarding Received-By > > tags. > > > > I have personally never touched them when cherry-picking, even in this > > scenario. I do not know what others do in that case...> > > In the vast majority of the cases the reviewers are the same.
Yes, because cherry-picking as an after-though rarely happens. It's mostly been along the lines of "hey, why was this bug-fix only applied to master???" > I wouldn't want other people putting my name in a reviewed-by tag > where I have not approved it and I have not considered the > implications of that change in that branch. What if it resulted in a > critical CVE? I haven't given possible CVEs much though, quite frankly. But tell you what, I can certainly change my ways if this is what we all think is the way to go. Not a problem. And I'm glad that we talked about it, rather than staying with "I thought everyone else did the same". Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/