No two reviewers from same company

Paul Dale paul.dale at
Thu May 23 22:16:08 UTC 2019

There hasn't been a vote about this, however both Shane and I have committed to not approve each other's PRs.

I also asked Richard if this could be mechanically enforced, which I expect will happen eventually.

Dr Paul Dale | Cryptographer | Network Security & Encryption 
Phone +61 7 3031 7217
Oracle Australia

-----Original Message-----
From: Salz, Rich [mailto:rsalz at] 
Sent: Friday, 24 May 2019 1:01 AM
To: openssl-project at
Subject: Re: No two reviewers from same company

    > I understand that OpenSSL is changing things so that, by mechanism (and maybe by
    > policy although it’s not published yet), two members of the same company cannot
    > approve the same PR.  That’s great.  (I never approved Akamai requests unless it
    > was trivial back when I was on the OMC.)
    No such decision has been made as far as I know although it has been discussed
    at various times.

In private email, and the implication is that this was a policy.
    > Should this policy be extended to OpenSSL’s fellows?
    IMO, no.

Why not?  I understand build process is always handled by Matt and Richard (despite many attempts in the past to expand this), but I think if Oracle or Akamai can't "force a change" then it seems to me that the OMC shouldn't either.

More information about the openssl-project mailing list