On 04/10/2019 08:15, Dr. Matthias St. Pierre wrote:
> Dear OMC,
>
> while the process of merging and committing to openssl/openssl has been
> formalized,
> no similar (official) rules for pull requests by non-OMC-member seem to apply
> to the
> other two repositories openssl/tools and openssl/web. Probably it's because
> hardly
> anybody outside the OMC else ever raises them? Or is it the other way around?
There are clear official rules. This vote was passed by the OMC over a year ago:
topic: Openssl-web and tools repositories shall be under the same review
policy as per the openssl repository where the reviewers are OMC members
So it needs two approvals from an OMC member. It looks like recent commits
haven't obeyed those rules.
> I would like to raise the question whether it wouldn't be beneficial for all
> of us,
> if we would apply the same rules (commit access for all committers, plus the
> well
> known approval rules) to all of our repos. After all, the openssl/openssl
> repository
> is the most valuable of the three and I see no reason why the others would
> need
> more protection. In the case of the openssl/web repository which targets the
> official website, you might want to consider a 2OMC approval rule, but even
> there
> I don't see why the usual OMC veto rule wouldn't be sufficient.
There is a lot of merit in that. Certainly for tools. I've added it to the OMC
agenda for Nuremburg.
Matt
