AW: [openssl] OpenSSL_1_1_1-stable update
levitte at openssl.org
Fri May 24 14:54:00 UTC 2019
On Fri, 24 May 2019 16:39:51 +0200,
Matt Caswell wrote:
> On 24/05/2019 15:30, Richard Levitte wrote:
> > Not in practice. We *do* ask on the PR in question if it should be
> > cherry-picked to 1.1.1 and seek approval for that action, but then it
> > hasn't at all been clear what should happen regarding Received-By
> > tags.
> > I have personally never touched them when cherry-picking, even in this
> > scenario. I do not know what others do in that case...>
> In the vast majority of the cases the reviewers are the same.
Yes, because cherry-picking as an after-though rarely happens. It's
mostly been along the lines of "hey, why was this bug-fix only applied
> I wouldn't want other people putting my name in a reviewed-by tag
> where I have not approved it and I have not considered the
> implications of that change in that branch. What if it resulted in a
> critical CVE?
I haven't given possible CVEs much though, quite frankly.
But tell you what, I can certainly change my ways if this is what we
all think is the way to go. Not a problem. And I'm glad that we
talked about it, rather than staying with "I thought everyone else did
Richard Levitte levitte at openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
More information about the openssl-project