RE: Beta1 PR deadline

2020-09-11 Thread Dr. Matthias St. Pierre
> > For a more accurate and timely public overview over the current state of 
> > the blockers,
> > it might be helpful to manage them via the 3.0.0  milestone
> >
> > https://github.com/openssl/openssl/milestone/15
> >
> > Some of the tickets listed below were already associated to the milestone, 
> > the others
> > were added by me now.
> 
> I think the 3.0.0 milestone is what we expect to be in the
> 3.0.0 release, not the beta release. That is bug fixes don't need
> to be in the beta release, but if it adds new functionallity it
> needs to be in the beta release.

I was aware of this subtlety but I thought that we just could (ab-)use the 
milestone for
the beta1 release and reuse it later for the final release, instead of creating 
a new milestone.

Practically all of the relevant PRs are associated to the [3.0 New Core + FIPS] 
GitHub Project
anyway, so it would be possible to remove the post-beta PRs from the milestone 
and restore
them later.  (In my mind, I see project managers running away screeming...)

Matthias


[3.0 New Core + FIPS]:  https://github.com/openssl/openssl/projects/2




Re: Beta1 PR deadline

2020-09-11 Thread Kurt Roeckx
On Fri, Sep 11, 2020 at 11:07:48AM +, Dr. Matthias St. Pierre wrote:
> For a more accurate and timely public overview over the current state of the 
> blockers,
> it might be helpful to manage them via the 3.0.0  milestone 
> 
> https://github.com/openssl/openssl/milestone/15
> 
> Some of the tickets listed below were already associated to the milestone, 
> the others
> were added by me now.

I think the 3.0.0 milestone is what we expect to be in the 
3.0.0 release, not the beta release. That is bug fixes don't need
to be in the beta release, but if it adds new functionallity it
needs to be in the beta release.


Kurt



Monthly Status Report (August)

2020-09-11 Thread Matt Caswell
As well as normal reviews, responding to user queries, wiki user
requests, OMC business, handling security reports, etc., key activities
this month:

- Raised PR to replace the legacy KDF bridge with a provider based KDF
bridge
- Continued work on and merged a fix to ensure that the default config
file has been loaded before working with default properties
- Performed the alpha 6 release
- Implemented a provider based MAC bridge
- Investigated and fixed an issue with stitched ciphersuites in TLSv1.0
- Drafted the job description for the new "Administrator and Manager" role
- Implemented a provider side HMAC implementation that is TLS aware
- Implemented checks in libssl to confirm if we have MD5-SHA1 or not
- Attended the OMC virtual face-2-face
- Wrote patches and security advisory in response to the Raccoon attack


Matt



RE: Beta1 PR deadline

2020-09-11 Thread Dr. Matthias St. Pierre
For a more accurate and timely public overview over the current state of the 
blockers,
it might be helpful to manage them via the 3.0.0  milestone 

https://github.com/openssl/openssl/milestone/15

Some of the tickets listed below were already associated to the milestone, the 
others
were added by me now.

Just a suggestion.

Matthias



> -Original Message-
> From: openssl-project  On Behalf Of Matt 
> Caswell
> Sent: Thursday, September 10, 2020 1:24 PM
> To: openssl-project@openssl.org
> Subject: Re: Beta1 PR deadline
> 
> 
> 
> On 10/09/2020 11:40, Matt Caswell wrote:
> >
> >
> > On 09/09/2020 13:03, Kurt Roeckx wrote:
> >> On Wed, Aug 26, 2020 at 04:58:26PM +0100, Matt Caswell wrote:
> >>> Please can anyone with PRs that they wish to have included in OpenSSL
> >>> 3.0 beta1 ensure that they are merged to master by 8th September.
> >>
> >> So that date has passed now. Can someone give an overview of what
> >> we think is still needed to be done before the beta 1 release? Are
> >> there open PRs for everything? Do we a milestone on github to
> >> indicate which PRs need to go in before beta1?
> >
> >
> > I believe the "blockers" to be:
> >
> > https://github.com/openssl/openssl/pull/12536
> > https://github.com/openssl/openssl/pull/12754
> > https://github.com/openssl/openssl/pull/12750
> > https://github.com/openssl/openssl/pull/12781
> > https://github.com/openssl/openssl/pull/12801
> >
> > Aside from these there are potential PRs not yet opened but slated for
> > beta1 regarding:
> > - Refactor serialization? (owner: Richard)
> > - lhash refactor? (owner: Me)
> > - IG D.9 update? (owner: Shane)
> 
> Oh, I think this last one might be:
> 
> https://github.com/openssl/openssl/pull/12835
> 
> Matt
> 
> >
> > There's also this issue - but I'm not sure that it needs to be resolved
> > for beta1:
> > https://github.com/openssl/openssl/issues/12195
> >
> > Matt
> >