Re: Commit access to openssl/tools and openssl/web
FYI - I have reviewed and added my approval. No need to back out anything. Tim. On Fri, Oct 4, 2019 at 5:50 PM Dr Paul Dale wrote: > I believed that it required two OMC approvals but was pointed to an > earlier instance where only one was present and I flew with it without > checking further. > My apologies for merging prematurely and I’ll back out the changes if any > OMC member wants. > > As for discussing this at the upcoming face to face, I agree > wholeheartedly. > > > Pauli > -- > Dr Paul Dale | Distinguished Architect | Cryptographic Foundations > Phone +61 7 3031 7217 > Oracle Australia > > > > > On 4 Oct 2019, at 5:39 pm, Matt Caswell wrote: > > > > On 04/10/2019 08:15, Dr. Matthias St. Pierre wrote: > > Dear OMC, > > while the process of merging and committing to openssl/openssl has been > formalized, > no similar (official) rules for pull requests by non-OMC-member seem to > apply to the > other two repositories openssl/tools and openssl/web. Probably it's > because hardly > anybody outside the OMC else ever raises them? Or is it the other way > around? > > > There are clear official rules. This vote was passed by the OMC over a > year ago: > > topic: Openssl-web and tools repositories shall be under the same review > policy as per the openssl repository where the reviewers are OMC > members > > So it needs two approvals from an OMC member. It looks like recent commits > haven't obeyed those rules. > > > I would like to raise the question whether it wouldn't be beneficial for > all of us, > if we would apply the same rules (commit access for all committers, plus > the well > known approval rules) to all of our repos. After all, the openssl/openssl > repository > is the most valuable of the three and I see no reason why the others would > need > more protection. In the case of the openssl/web repository which targets > the > official website, you might want to consider a 2OMC approval rule, but > even there > I don't see why the usual OMC veto rule wouldn't be sufficient. > > > There is a lot of merit in that. Certainly for tools. I've added it to the > OMC > agenda for Nuremburg. > > Matt > > >
Re: Commit access to openssl/tools and openssl/web
I believed that it required two OMC approvals but was pointed to an earlier instance where only one was present and I flew with it without checking further. My apologies for merging prematurely and I’ll back out the changes if any OMC member wants. As for discussing this at the upcoming face to face, I agree wholeheartedly. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 4 Oct 2019, at 5:39 pm, Matt Caswell wrote: > > > > On 04/10/2019 08:15, Dr. Matthias St. Pierre wrote: >> Dear OMC, >> >> while the process of merging and committing to openssl/openssl has been >> formalized, >> no similar (official) rules for pull requests by non-OMC-member seem to >> apply to the >> other two repositories openssl/tools and openssl/web. Probably it's because >> hardly >> anybody outside the OMC else ever raises them? Or is it the other way around? > > There are clear official rules. This vote was passed by the OMC over a year > ago: > > topic: Openssl-web and tools repositories shall be under the same review > policy as per the openssl repository where the reviewers are OMC members > > So it needs two approvals from an OMC member. It looks like recent commits > haven't obeyed those rules. > > >> I would like to raise the question whether it wouldn't be beneficial for all >> of us, >> if we would apply the same rules (commit access for all committers, plus the >> well >> known approval rules) to all of our repos. After all, the openssl/openssl >> repository >> is the most valuable of the three and I see no reason why the others would >> need >> more protection. In the case of the openssl/web repository which targets the >> official website, you might want to consider a 2OMC approval rule, but even >> there >> I don't see why the usual OMC veto rule wouldn't be sufficient. > > There is a lot of merit in that. Certainly for tools. I've added it to the OMC > agenda for Nuremburg. > > Matt >
Re: Commit access to openssl/tools and openssl/web
On 04/10/2019 08:15, Dr. Matthias St. Pierre wrote: > Dear OMC, > > while the process of merging and committing to openssl/openssl has been > formalized, > no similar (official) rules for pull requests by non-OMC-member seem to apply > to the > other two repositories openssl/tools and openssl/web. Probably it's because > hardly > anybody outside the OMC else ever raises them? Or is it the other way around? There are clear official rules. This vote was passed by the OMC over a year ago: topic: Openssl-web and tools repositories shall be under the same review policy as per the openssl repository where the reviewers are OMC members So it needs two approvals from an OMC member. It looks like recent commits haven't obeyed those rules. > I would like to raise the question whether it wouldn't be beneficial for all > of us, > if we would apply the same rules (commit access for all committers, plus the > well > known approval rules) to all of our repos. After all, the openssl/openssl > repository > is the most valuable of the three and I see no reason why the others would > need > more protection. In the case of the openssl/web repository which targets the > official website, you might want to consider a 2OMC approval rule, but even > there > I don't see why the usual OMC veto rule wouldn't be sufficient. There is a lot of merit in that. Certainly for tools. I've added it to the OMC agenda for Nuremburg. Matt
Commit access to openssl/tools and openssl/web
Dear OMC, while the process of merging and committing to openssl/openssl has been formalized, no similar (official) rules for pull requests by non-OMC-member seem to apply to the other two repositories openssl/tools and openssl/web. Probably it's because hardly anybody outside the OMC else ever raises them? Or is it the other way around? I would like to raise the question whether it wouldn't be beneficial for all of us, if we would apply the same rules (commit access for all committers, plus the well known approval rules) to all of our repos. After all, the openssl/openssl repository is the most valuable of the three and I see no reason why the others would need more protection. In the case of the openssl/web repository which targets the official website, you might want to consider a 2OMC approval rule, but even there I don't see why the usual OMC veto rule wouldn't be sufficient. Regards, Matthias