Re: No two reviewers from same company

2019-05-23 Thread Tim Hudson
We have discussed this at numerous OMC meetings in terms of how to managed potential *perceived *conflicts of interest that might arise if people outside of the fellows come from the same company and hence can effectively turn the OMC review control mechanism into a single control rather than a

RE: No two reviewers from same company

2019-05-23 Thread Paul Dale
There hasn't been a vote about this, however both Shane and I have committed to not approve each other's PRs. I also asked Richard if this could be mechanically enforced, which I expect will happen eventually. Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption

AW: No two reviewers from same company

2019-05-23 Thread Dr. Matthias St. Pierre
> No such decision has been made as far as I know although it has been discussed > at various times. > > > Should this policy be extended to OpenSSL’s fellows? > > IMO, no. I agree with Matt: While this policy makes sense for employers of third party companies, because these companies might

Re: No two reviewers from same company

2019-05-23 Thread Viktor Dukhovni
On Thu, May 23, 2019 at 03:45:48PM +0100, Matt Caswell wrote: > IMO, no. I also don't see a need for this at present, and it is not clear that there are enough active part-time reviewers in place to keep up with commits from the fellows in a timely manner. -- Viktor.

Re: Committers Day Blog

2019-05-23 Thread Richard Levitte
On Thu, 23 May 2019 19:26:59 +0200, Matt Caswell wrote: > > On 23/05/2019 18:25, Matt Caswell wrote: > > Please see the following blog post by Matthias about the recent committers > > day: > > > > https://www.openssl.org/blog/blog/2019/05/23/f2f-committers-day/ > > I should point out BTW that

Re: No two reviewers from same company

2019-05-23 Thread Richard Levitte
On Thu, 23 May 2019 17:42:46 +0200, Matt Caswell wrote: > > On 23/05/2019 16:31, Salz, Rich wrote: > > > In private email, and > > https://github.com/openssl/openssl/pull/8886#issuecomment-494624313 the > > implication is that this was a policy. > > > > AFAIK this is not the case.

Re: Committers Day Blog

2019-05-23 Thread Matt Caswell
On 23/05/2019 18:25, Matt Caswell wrote: > Please see the following blog post by Matthias about the recent committers > day: > > https://www.openssl.org/blog/blog/2019/05/23/f2f-committers-day/ I should point out BTW that eating vegemite is not a requirement for becoming a committer. :-)

Committers Day Blog

2019-05-23 Thread Matt Caswell
Please see the following blog post by Matthias about the recent committers day: https://www.openssl.org/blog/blog/2019/05/23/f2f-committers-day/ Matt

Re: No two reviewers from same company

2019-05-23 Thread Matt Caswell
On 23/05/2019 18:14, Tomas Mraz wrote: > On Thu, 2019-05-23 at 17:17 +0200, Richard Levitte wrote: >> On Thu, 23 May 2019 16:25:07 +0200, >> Salz, Rich wrote: >>> I understand that OpenSSL is changing things so that, by mechanism >>> (and maybe by policy although >>> it’s not published yet),

Re: No two reviewers from same company

2019-05-23 Thread Tomas Mraz
On Thu, 2019-05-23 at 17:17 +0200, Richard Levitte wrote: > On Thu, 23 May 2019 16:25:07 +0200, > Salz, Rich wrote: > > I understand that OpenSSL is changing things so that, by mechanism > > (and maybe by policy although > > it’s not published yet), two members of the same company cannot > >

Re: No two reviewers from same company

2019-05-23 Thread Matt Caswell
On 23/05/2019 16:54, Salz, Rich wrote: >> In that example the potential conflict of interest comes from the >> individual's > employment with the third party organisation, not because they are fellows. > > Do you disagree with my contention that the OMC represents the project, and > not the

Re: No two reviewers from same company

2019-05-23 Thread Matt Caswell
On 23/05/2019 16:31, Salz, Rich wrote: > > In private email, and > https://github.com/openssl/openssl/pull/8886#issuecomment-494624313 the > implication is that this was a policy. > > AFAIK this is not the case. > > Is the comment wrong, either factually or because it is

Re: No two reviewers from same company

2019-05-23 Thread Salz, Rich
> In private email, and https://github.com/openssl/openssl/pull/8886#issuecomment-494624313 the implication is that this was a policy. AFAIK this is not the case. Is the comment wrong, either factually or because it is implementing something that isn't an official policy? >

Re: No two reviewers from same company

2019-05-23 Thread Matt Caswell
On 23/05/2019 16:01, Salz, Rich wrote: > > I understand that OpenSSL is changing things so that, by mechanism (and > maybe by > > policy although it’s not published yet), two members of the same > company cannot > > approve the same PR. That’s great. (I never approved Akamai

Re: No two reviewers from same company

2019-05-23 Thread Salz, Rich
> I understand that OpenSSL is changing things so that, by mechanism (and maybe by > policy although it’s not published yet), two members of the same company cannot > approve the same PR. That’s great. (I never approved Akamai requests unless it > was trivial back when I was

Re: No two reviewers from same company

2019-05-23 Thread Richard Levitte
On Thu, 23 May 2019 16:25:07 +0200, Salz, Rich wrote: > I understand that OpenSSL is changing things so that, by mechanism (and maybe > by policy although > it’s not published yet), two members of the same company cannot approve the > same PR. That’s > great. (I never approved Akamai requests

Re: No two reviewers from same company

2019-05-23 Thread Matt Caswell
On 23/05/2019 15:25, Salz, Rich wrote: > I understand that OpenSSL is changing things so that, by mechanism (and maybe > by > policy although it’s not published yet), two members of the same company > cannot > approve the same PR.  That’s great.  (I never approved Akamai requests unless > it

No two reviewers from same company

2019-05-23 Thread Salz, Rich
I understand that OpenSSL is changing things so that, by mechanism (and maybe by policy although it’s not published yet), two members of the same company cannot approve the same PR. That’s great. (I never approved Akamai requests unless it was trivial back when I was on the OMC.) Should this