[web] master update
Matt Caswell
matt at openssl.org
Fri Jan 3 14:19:24 UTC 2020
The branch master has been updated
via f26e81f977a239116ab29fab62b4ed875d9099bc (commit)
from 23af72984b104ab0407873cd01c885be9635cb81 (commit)
- Log -----------------------------------------------------------------
commit f26e81f977a239116ab29fab62b4ed875d9099bc
Author: Matt Caswell <matt at openssl.org>
Date: Thu Nov 21 13:44:27 2019 +0000
Update policies for OTC changes
Update other policies as necessary to reflect the bylaws changes that
introduced the OTC concept.
Reviewed-by: Paul Dale <paul.dale at oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/web/pull/146)
-----------------------------------------------------------------------
Summary of changes:
policies/committers.html | 64 +++++++++++++++++++++++-------------------------
policies/secpolicy.html | 5 ++--
policies/sidebar.shtml | 4 +--
3 files changed, 34 insertions(+), 39 deletions(-)
diff --git a/policies/committers.html b/policies/committers.html
index 46e2b74..96f1018 100644
--- a/policies/committers.html
+++ b/policies/committers.html
@@ -10,7 +10,7 @@
<div class="blog-index">
<article>
<header>
- <h1>Guidelines for OpenSSL Committers</h1>
+ <h1>Policy for OpenSSL Committers</h1>
</header>
<div class="entry-content">
@@ -24,8 +24,8 @@
<h2>How to become a committer?</h2>
<p>Commit access is granted by the OpenSSL Management Committee
- (OMC) (see the
- <a href="/policies/omc-bylaws.html">OpenSSL bylaws</a>).
+ (OMC) typically on the recommendation of the OpenSSL Technical Committee (OTC)
+ (see the <a href="/policies/omc-bylaws.html">OpenSSL Bylaws</a>).
<p>We welcome contributors who become domain experts in some
part of the library (for example, low-level crypto) as well as
@@ -45,42 +45,38 @@
<a href="https://github.com/openssl/openssl/issues">Github issue tracker</a>,
and our
<a href="/community/mailinglists.html">mailing lists</a>
- find impactful ideas to work on. Seek feedback from multiple OMC
- members to understand the project, and to support your
- application. Let them know that you'd like to become a committer
- - they'll nominate you when your code review record demonstrates
- impact as well as understanding of the codebase and coding style
- (usually after a few months of activity). The final decision to
- grant commit access is taken by an OMC vote.</p>
-
- <h2>How to maintain commit status?</h2>
- <p>To maintain commit status, you should stay active in the
- project. As stated in the project bylaws, if you remain inactive
- for several months, your commit access will be withdrawn - but
- you are always welcome back, just ask an OMC member to
- re-nominate you.</p>
+ find impactful ideas to work on.</p>
+
+ <h2>How to maintain committer status?</h2>
+ <p>To maintain committer status, you must stay active in the
+ project. Refer to the <a href="/policies/omc-bylaws.html">OpenSSL Bylaws</a>
+ for details.</p>
<p>In the unlikely and unfortunate event that your actions
conflict with the project objectives or are otherwise
- disruptive, commit access may also be revoked by vote of the
- OMC.</p>
+ disruptive, committer status may also be revoked by the OMC.</p>
- <h2>Code reviews</h2>
+ <h2>Approvals and code reviews</h2>
<p>All submissions must be reviewed and approved by at least two
- committers, one of whom must also be an OMC member. If the
+ committers, one of whom must also be an OTC member. If the
author is also a committer then that counts as one of the
reviews. In other words:</p>
<ul>
- <li>OMC members need one approval from any committer</li>
- <li>Committers need one approval from a committer within the
- OMC</li>
+ <li>OTC members need one approval from any committer</li>
+ <li>Committers need one approval from an OTC member</li>
<li>Contributors without commit rights need two approvals,
- including one from the OMC.</li>
+ including one from an OTC member.</li>
</ul>
- <p>This process may seem a little heavy, but OpenSSL is a large,
- complicated codebase, and we think two reviews help prevent
- security bugs, as well as disseminate knowledge to the growing
- contributor base.</p>
+ <p>An OMC member may apply an OMC-hold to a submission.
+ An OTC member may apply an OTC-hold to a submission.
+ An OMC-hold may be cleared by being removed by the member
+ that put in place the hold or by a vote of the OMC.
+ An OTC-hold may be cleared by being removed by the member
+ that put in place the hold or by a vote of the OTC.</p>
+
+ <p>Approved submissions (outside of the automated release process and NEWS and
+ CHANGES file updates) shall only be applied after a 24-hour delay from the
+ approval (except for minor build and test breakage fix approvals).</p>
<p>Contributors without commit rights cannot formally approve
patches but are nevertheless welcome to comment on submissions
@@ -97,7 +93,7 @@
href="mailto:openssl-project at openssl.org">openssl-project at openssl.org</a>
(public, moderated).
On GitHub, you can target the OMC members with @openssl/omc,
- and committers with @openssl/committers.</p>
+ OTC members with @openssl/otc, or committers with @openssl/committers.</p>
<h2>Commit workflow</h2>
<p>We do code reviews on GitHub. The
@@ -116,12 +112,12 @@
a potential security issue, we ask that you report it to
<a href="mailto:openssl-security at openssl.org"> openssl-security at openssl.org</a>
and don't discuss it further in public. We review security
- sensitive patches privately, off GitHub. We do not currently
- have a way to open access to those reviews after the patches
- have been released.</p>
+ issues privately, however acceptance of a submission for a security issue
+ does not bypass the review process that applies to all submissions.</p>
<h2>A note on CLAs</h2>
- <p>All authors, including committers, must have current <a href="/policies/cla.html">CLAs</a> on
+ <p>All authors, including committers,
+ must have current <a href="/policies/cla.html">CLAs</a> on
file. A CLA is not required for trivial contributions (e.g. the
fix of a spelling mistake). Refer to the
<a href="cla.html">CLA</a> page for further details.
diff --git a/policies/secpolicy.html b/policies/secpolicy.html
index d54fcc6..67d91d1 100644
--- a/policies/secpolicy.html
+++ b/policies/secpolicy.html
@@ -27,10 +27,9 @@
<h2>Issue triage</h2>
<p>
- Notifications are received by a group of OpenSSL Management Committee
- members. We engage resources within
+ Notifications are received by the OMC and OTC. We engage resources within
OpenSSL to start the investigation and prioritisation. We may work in private
- with individuals who are not on the OpenSSL Management Committee as
+ with individuals who are not on the OMC or OTC as
well as other organisations and
our <a href="/community/thanks.html">employers</a> where we believe
this can help with the issue investigation, resolution, or
diff --git a/policies/sidebar.shtml b/policies/sidebar.shtml
index 389cc51..a7abcf5 100644
--- a/policies/sidebar.shtml
+++ b/policies/sidebar.shtml
@@ -22,10 +22,10 @@
<a href="secpolicy.html">Security Policy</a>
</li>
<li>
- <a href="omc-bylaws.html">OMC (project) Bylaws</a>
+ <a href="omc-bylaws.html">OpenSSL Bylaws</a>
</li>
<li>
- <a href="committers.html">Guidelines for Committers</a>
+ <a href="committers.html">Policy for Committers</a>
</li>
<li>
<a href="codingstyle.html">Coding Style</a>
More information about the openssl-commits
mailing list