[openssl-project] Final check against the release criteria

2018-09-10 Thread Matt Caswell
A final check against the release criteria:


- All open github issues/PRs older than 2 weeks at the time of release
to be assessed for relevance to 1.1.1. Any flagged with the 1.1.1
milestone to be closed (see below)

There are no 1.1.1 flagged issues. There is one 1.1.1 flagged PR which
was opened yesterday. It is a trivial fix in the ossltest engine,
currently blocked on the author updating it to add "CLA:trivial". This
is not a significant issue so I consider this criterion met.

- Clean builds in Travis and Appveyor for two days

AppVeyor has been green for more than two days. Travis is currently
green. It was red earlier due to an environmental change on Travis - not
due to any code issue in OpenSSL. It also briefly went red due to a
failure in travis to start the build properly (i.e. not an OpenSSL
issue). I don't consider either of these to be blockers for the release.

- run-checker.sh to be showing as clean 2 days before release

run-checker is currently green and has been for some while.

- No open Coverity issues (not flagged as "False Positive" or "Ignore")

There are no open Coverity issues not in the test suite that are not
flagged as false positive or ignore. Until yesterday the project
settings filtered out issues in the test suite. That setting has been
changed and now we have a whole bunch of them to fix. I don't think that
should stop us from releasing.

- TLSv1.3 RFC published (with at least one beta release after the
publicaction)

RFC is published!


In summary I consider the release criteria to be met and so I will be
going ahead with the release tomorrow.

Matt
___
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project


Re: [openssl-project] coverity defect release criteria (Fwd: New Defects reported by Coverity Scan for openssl/openssl)

2018-09-10 Thread Tim Hudson
On Mon, Sep 10, 2018 at 8:44 AM, Matt Caswell  wrote:

> As far as the release criteria go we only count the ones shown in the
> Coverity tool. That's not to say we shouldn't fix issues in the tests as
> well (and actually I'd suggest we stop filtering out problems in the
> tests if anyone knows how to do that...perhaps Tim?).
>

I have changed things to no longer exclude the tests area from the online
reports (that was a historical setting on the original project from
pre-2014).
The second project which I got added to track master has always emailed all
issues.
I have also now changed the OpenSSL-1.0.2 project to report all errors as
well via email - no longer excluding various components.

So now we should have both the online tool and the emails for both projects
configured the same and including the test programs.

Tim.
___
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project

Re: [openssl-project] coverity defect release criteria (Fwd: New Defects reported by Coverity Scan for openssl/openssl)

2018-09-10 Thread Kurt Roeckx
On Sun, Sep 09, 2018 at 11:44:33PM +0100, Matt Caswell wrote:
> 
> As far as the release criteria go we only count the ones shown in the
> Coverity tool. That's not to say we shouldn't fix issues in the tests as
> well (and actually I'd suggest we stop filtering out problems in the
> tests if anyone knows how to do that...perhaps Tim?).

You can change that in the project settings, where it splits the
paths into different groups.


Kurt

___
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project