[openssl-project] Open Source Summit Europe

2018-06-19 Thread Mark J Cox
Just as a FYI in case anyone is interested in an OpenSSL-related submission (if you want to do something joint with me, I'm interested and local lol). > Conference: Open Source Summit Europe > Location: Edinburgh > Dates: October 22 – 24 > > Deadline for speaking submissions: July 1

[openssl-project] Mitre GIT CVE pilot, vulnerability JSON files

2018-02-12 Thread Mark J Cox
the text versions we had to create, and are instead created using a script[4] from the XML format[3] we use to populate the OpenSSL site. Step by step Instructions for release managers are (temporarily) included in cvepool.txt file in the private repo. Mark J Cox [1] https://github.com/CVEProject

Re: [openssl-project] Please freeze the repo

2018-08-13 Thread Mark J Cox
done. On Mon, Aug 13, 2018 at 5:11 PM, Matt Caswell wrote: > Please could someone freeze the repo for me? > > $ ssh openssl-...@git.openssl.org freeze openssl matt > > Thanks > > Matt > ___ > openssl-project mailing list > openssl-project@openssl.org >

[openssl-project] Vote to update the security policy

2018-11-29 Thread Mark J Cox
Changes to policies require an OMC vote which I've called to approve an update to the security policy. This was as discussed at the face to face and the details and diff are at https://github.com/openssl/web/pull/96 topic: Update security policy as per

Planning a face to face committers meeting

2019-08-06 Thread Mark J Cox
We're planning a face to face two day committers meeting in October 2019. If you're an OpenSSL committer you should have received an email from me with the dates and locations we are considering to get your likely availability to help us choose the best location. If you didn't get the email

Re: Github PR label automation

2020-02-09 Thread Mark J Cox
if it is done differently or not used in the future should a better way present itself. Mark On Sun, Feb 9, 2020 at 12:19 AM Matt Caswell wrote: > > > > On 08/02/2020 15:56, Mark J Cox wrote: > > I've currently got a cron job running every hour that looks at open PR > > requests aga

Re: Github PR label automation

2020-02-12 Thread Mark J Cox
Correct, it has no way to know if something has been put into ready to merge deliberately despite it failing checks etc so it won't mess with removing the label. Mark On Wed, Feb 12, 2020 at 10:39 AM Dr. Matthias St. Pierre wrote: > > > check. It will not move to 'ready to merge' state

Re: Github PR label automation

2020-02-12 Thread Mark J Cox
> Does it also check that the CI says that everything is OK? Do we want it to? I assumed that Approval: done was not being applied unless tests past (but looking that's not always the case). Can we assume that something in "approval: ready to merge" but that failed CI won't get merged?

Re: Github PR label automation

2020-02-12 Thread Mark J Cox
I thought about it some more and Kurt is right. Something shouldn't be in "Ready to Merge" unless it's actually ready to merge. For example 10993. This PR shouldn't be ever automatically moved to ready to merge because it failed CI. A human has determined it is ready to merge and applied the

Re: My next step in handling stale PRs

2020-03-03 Thread Mark J Cox
> But recently you started to > add various prefixes like "Automated Ping:" and now "openssl-machine:". I'd > prefer if the messages > were consistently without a prefix, because they only distract from the gist > of the message IMHO, > in particular consistency junkies like me.

My next step in handling stale PRs

2020-03-03 Thread Mark J Cox
We have over 50 PRs that are in the state where they are held requiring a CLA, and stale (over 30 days since any comments). My intention is to have my script ping all these PRs with a comment like this: openssl-machine: This PR has the label "hold: cla required" and is stale: it has not been

Re: OpenSSL Logo (was: New GitHub Project Landing Page)

2020-02-27 Thread Mark J Cox
On Thu, Feb 27, 2020 at 9:31 AM Matthias St. Pierre wrote: > Because after all, the shape of the logo is an > essential part of the OpenSSL 'trade mark'. Although the current website logo as of January 2020 was used as the specimen to show our use of the trademark at renewal time, our official

Fwd: [openssl/openssl] A nonce does not have a minimum length (#5909)

2020-02-25 Thread Mark J Cox
If you are wondering what the strange automated pings are, I'm just experimenting looking at stale issues in various states and what we should do about them. (The tool is clever enough to ignore its own comments etc). I'm just running the tool manually at the moment. The idea is it will ping

Github PR label automation

2020-02-08 Thread Mark J Cox
I've currently got a cron job running every hour that looks at open PR requests against github openssl repo and does various actions. So if you were wondering why I was altering labels and making comments at 4am, now you know. No doubt we'll use some tool user for this in the future. So right

Re: Github PR label automation

2020-02-08 Thread Mark J Cox
; As the reviewers are expected to commit the PRs, could you also add the > reviewers' names as a part of the notification? > > On Sat, Feb 8, 2020 at 6:56 PM Mark J Cox wrote: >> >> I've currently got a cron job running every hour that looks at open PR >> requests against

Stale PR stats @Apr01

2020-04-01 Thread Mark J Cox
Earlier this month I started a script to ping stale PRs that were in certain states. The script has also been collecting statistics (trending and snapshot). I intend to post this monthly and after a few months with trends and commentary. PRs that have not had any updates in the last 30 days and

Stale PR stats @May01

2020-05-01 Thread Mark J Cox
Last month I started a script to ping stale PRs that were in certain states. The script has also been collecting statistics (trending and snapshot). I intend to post this monthly and after a few months with trends and commentary. PRs that have not had any updates in the last 30 days and are not

Re: Stale PR stats @May01

2020-05-01 Thread Mark J Cox
On Fri, May 1, 2020 at 3:30 PM Dmitry Belyavsky wrote: .. > And I also got an idea that ping comment leaves PRs out of this statistics :) Thanks! The script is designed to ignore the automated pings that it creates itself so they themselves don't reset the dates and artificially stop things

Prenotification policy change

2020-05-12 Thread Mark J Cox
FYI The OMC voted last week to update the security policy extending prenotifications[1] and we've just released a blog explaining this change[2] [1] https://github.com/openssl/web/pull/176/files [2] https://www.openssl.org/blog/blog/2020/05/12/security-prenotifications/ Regards, Mark

Stale PR stats @Jun01

2020-06-01 Thread Mark J Cox
In April I started a script to ping stale PRs that were in certain states. The script has also been collecting statistics (trending and snapshot). I intend to post this monthly and after a few months with trends and commentary. PRs that have not had any updates in the last 30 days and are not

Re: Stale PR stats @Jun01

2020-06-02 Thread Mark J Cox
Rich Salz mailed me about the issues that were in the "waiting for reporter" state in my summary noting that some of them shouldn't be in that state. I investigated just now and made some changes to my script, so if you are a reviewer or reporter you may get some extra pings today as things moved

OMC Vote: Change some words by accepting PR#12089

2020-06-26 Thread Mark J Cox
topic: Change some words by accepting PR#12089 Proposed by Mark Cox Public: yes opened: 2020-06-25

Stale PR stats @Jul 2020

2020-06-30 Thread Mark J Cox
During June I updated the stale PR script to start to ping reporters where issues were in the "changes requested" state. I corrected some issues that were incorrectly in this state where changes had been supplied. I also got the script to close the issues still "waiting for CLA" that had had no