FYI - I have reviewed and added my approval. No need to back out anything. Tim.
On Fri, Oct 4, 2019 at 5:50 PM Dr Paul Dale <[email protected]> wrote: > I believed that it required two OMC approvals but was pointed to an > earlier instance where only one was present and I flew with it without > checking further. > My apologies for merging prematurely and I’ll back out the changes if any > OMC member wants. > > As for discussing this at the upcoming face to face, I agree > wholeheartedly. > > > Pauli > -- > Dr Paul Dale | Distinguished Architect | Cryptographic Foundations > Phone +61 7 3031 7217 > Oracle Australia > > > > > On 4 Oct 2019, at 5:39 pm, Matt Caswell <[email protected]> wrote: > > > > On 04/10/2019 08:15, Dr. Matthias St. Pierre wrote: > > Dear OMC, > > while the process of merging and committing to openssl/openssl has been > formalized, > no similar (official) rules for pull requests by non-OMC-member seem to > apply to the > other two repositories openssl/tools and openssl/web. Probably it's > because hardly > anybody outside the OMC else ever raises them? Or is it the other way > around? > > > There are clear official rules. This vote was passed by the OMC over a > year ago: > > topic: Openssl-web and tools repositories shall be under the same review > policy as per the openssl repository where the reviewers are OMC > members > > So it needs two approvals from an OMC member. It looks like recent commits > haven't obeyed those rules. > > > I would like to raise the question whether it wouldn't be beneficial for > all of us, > if we would apply the same rules (commit access for all committers, plus > the well > known approval rules) to all of our repos. After all, the openssl/openssl > repository > is the most valuable of the three and I see no reason why the others would > need > more protection. In the case of the openssl/web repository which targets > the > official website, you might want to consider a 2OMC approval rule, but > even there > I don't see why the usual OMC veto rule wouldn't be sufficient. > > > There is a lot of merit in that. Certainly for tools. I've added it to the > OMC > agenda for Nuremburg. > > Matt > > >
