No two reviewers from same company

Tomas Mraz tmraz at
Thu May 23 17:14:51 UTC 2019

On Thu, 2019-05-23 at 17:17 +0200, Richard Levitte wrote:
> On Thu, 23 May 2019 16:25:07 +0200,
> Salz, Rich wrote:
> > I understand that OpenSSL is changing things so that, by mechanism
> > (and maybe by policy although
> > it’s not published yet), two members of the same company cannot
> > approve the same PR.  That’s
> > great.  (I never approved Akamai requests unless it was trivial
> > back when I was on the OMC.)
> We mostly seem to agree that it's morally dubious to approve stuff
> from people of the same company, and as far as I've heard so far,
> it's
> to ensure that the project's interests are over-ridden by company
> interests (including involuntary bias, which no one is really free
> from).

Does this also apply to non-committers submitting a PR being the same
company as one of the two required reviewers? I would have a problem if
there was only a single review required for non-committers but given
there are two reviews required one of them being from OMC member I
would not see much conflict of interest.

> > Should this policy be extended to OpenSSL’s fellows?
> I believe it's assumed that fellows have the project's interests in
> mind before any other work, so no conflicting bias there, i.e. not
> quite the same.  If this is a possible point of dispute, we should
> discuss it, of course.

+1 - I also don't see the reasons for conflict of interest applying to

Tomáš Mráz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb
[You'll know whether the road is wrong if you carefully listen to your

More information about the openssl-project mailing list