No two reviewers from same company

Matt Caswell matt at openssl.org
Thu May 23 15:27:00 UTC 2019



On 23/05/2019 16:01, Salz, Rich wrote:
>     > I understand that OpenSSL is changing things so that, by mechanism (and maybe by
>     > policy although it’s not published yet), two members of the same company cannot
>     > approve the same PR.  That’s great.  (I never approved Akamai requests unless it
>     > was trivial back when I was on the OMC.)
>     
>     No such decision has been made as far as I know although it has been discussed
>     at various times.
> 
> In private email, and https://github.com/openssl/openssl/pull/8886#issuecomment-494624313 the implication is that this was a policy.

AFAIK this is not the case.

>     
>     > Should this policy be extended to OpenSSL’s fellows?
>     
>     IMO, no.
> 
> Why not?  I understand build process is always handled by Matt and Richard (despite many attempts in the past to expand this), but I think if Oracle or Akamai can't "force a change" then it seems to me that the OMC shouldn't either.

The only reason to have the "no two reviewers from the same company" policy is
to avoid a potential conflict of interest, i.e. where the interests of said
company conflict with the interests of openssl, two people from the same company
could collude to push a change through. In the case of the fellows, they
represent the project directly so there can be no conflict.

Matt



More information about the openssl-project mailing list