No two reviewers from same company
matt at openssl.org
Thu May 23 15:27:00 UTC 2019
On 23/05/2019 16:01, Salz, Rich wrote:
> > I understand that OpenSSL is changing things so that, by mechanism (and maybe by
> > policy although it’s not published yet), two members of the same company cannot
> > approve the same PR. That’s great. (I never approved Akamai requests unless it
> > was trivial back when I was on the OMC.)
> No such decision has been made as far as I know although it has been discussed
> at various times.
> In private email, and https://github.com/openssl/openssl/pull/8886#issuecomment-494624313 the implication is that this was a policy.
AFAIK this is not the case.
> > Should this policy be extended to OpenSSL’s fellows?
> IMO, no.
> Why not? I understand build process is always handled by Matt and Richard (despite many attempts in the past to expand this), but I think if Oracle or Akamai can't "force a change" then it seems to me that the OMC shouldn't either.
The only reason to have the "no two reviewers from the same company" policy is
to avoid a potential conflict of interest, i.e. where the interests of said
company conflict with the interests of openssl, two people from the same company
could collude to push a change through. In the case of the fellows, they
represent the project directly so there can be no conflict.
More information about the openssl-project