[openssl-project] Issues review

Matt Caswell matt at openssl.org
Tue Jan 23 23:20:20 UTC 2018

On 23/01/18 20:55, Benjamin Kaduk wrote:
> On Tue, Jan 23, 2018 at 06:11:50PM +0000, Matt Caswell wrote:
>> On 23/01/18 18:05, Benjamin Kaduk wrote:
>>> On Tue, Jan 23, 2018 at 05:51:41PM +0000, Matt Caswell wrote:
>>>> On 23/01/18 17:49, Matt Caswell wrote:
>>>>> I completed my first pass review of all issues. I still need to look at
>>>>> PRs. I have put all PRs against a milestone using the following criteria:
>>>> I have put all *issues* against a milestone not PR!!
>>> Do we still need to review the issues assigned to milestones that
>>> have already happened (e.g., 1.1.0, post-1.1.0)?
>> There no issues against post-1.1.0 (there are PRs - but that will be
>> fixed when I do the PR review).
>> 1.1.0 and 1.0.2 are still supported so issues against those milestones
>> are still relevant. They are *not* relevant to the 1.1.1 release
>> timetable though (which is why I started this exercise). Consider an
>> issues against the 1.1.0 milestone to mean, relevant to the next 1.1.0
>> letter release.
> That's great if that's the intent, but I don't think that the
> current application of those tags is consistent with the above
> description.  For example, #1418 is a somewhat abstract question of
> what it means for acertificate to be self-signed, yet has the 1.0.2
> milestone, when (to me) 1.2.0 would seem more appropriate.

That *is* the intent. What I've done here is *triage* - spending a few
minutes on each one to assess the correct milestone. It would not
surprise me to learn that, having done that for over 380 issues, we
might have come to a different assessment on a few of them. :-)

To be absolutely sure though I just re-reviewed all of those issues
against the 1.0.2 and 1.1.0 milestones (there weren't that many of
them), to make sure I got them right. I made 2 or 3 changes including to
the issue you highlighted (moving it to the "Post 1.1.1" milestone).
Feel free to make any other adjustments you think might be necessary as
you come across them.

The primary objective here is to inform the debate on the release
criteria for 1.1.1 and the associated timeframes. You will recall that
one of the proposed criteria was:

"- All open github issues/PRs older than 2 weeks at the time of release
to be assessed for relevance to 1.1.1. Any flagged with the 1.1.1
milestone to be closed (see below)


Valid reasons for closing an issue/PR with a 1.1.1 milestone might be:
- We have just now or sometime in the past fixed the issue
- Unable to reproduce (following discussion with original reporter if
- Working as intended
- Deliberate decision not to fix until a later release
- Not enough information and unable to contact reporter
- etc"

We then got into discussions about timeframes - which was difficult
without knowing the scope of the work.

Although there may be some disagreements on a few of the issues. I am
confident that the milestones as they are currently set are broadly
correct - and a good basis for planning.


More information about the openssl-project mailing list