No two reviewers from same company

Matt Caswell matt at
Thu May 23 15:27:00 UTC 2019

On 23/05/2019 16:01, Salz, Rich wrote:
>     > I understand that OpenSSL is changing things so that, by mechanism (and maybe by
>     > policy although it’s not published yet), two members of the same company cannot
>     > approve the same PR.  That’s great.  (I never approved Akamai requests unless it
>     > was trivial back when I was on the OMC.)
>     No such decision has been made as far as I know although it has been discussed
>     at various times.
> In private email, and the implication is that this was a policy.

AFAIK this is not the case.

>     > Should this policy be extended to OpenSSL’s fellows?
>     IMO, no.
> Why not?  I understand build process is always handled by Matt and Richard (despite many attempts in the past to expand this), but I think if Oracle or Akamai can't "force a change" then it seems to me that the OMC shouldn't either.

The only reason to have the "no two reviewers from the same company" policy is
to avoid a potential conflict of interest, i.e. where the interests of said
company conflict with the interests of openssl, two people from the same company
could collude to push a change through. In the case of the fellows, they
represent the project directly so there can be no conflict.


More information about the openssl-project mailing list