Commit access to openssl/tools and openssl/web

Matt Caswell matt at
Fri Oct 4 07:39:33 UTC 2019

On 04/10/2019 08:15, Dr. Matthias St. Pierre wrote:
> Dear OMC,
> while the process of merging and committing to openssl/openssl has been formalized,
> no similar (official) rules for pull requests by non-OMC-member seem to apply to the
> other two repositories openssl/tools and openssl/web. Probably it's because hardly
> anybody outside the OMC else ever raises them? Or is it the other way around?

There are clear official rules. This vote was passed by the OMC over a year ago:

topic: Openssl-web and tools repositories shall be under the same review
       policy as per the openssl repository where the reviewers are OMC members

So it needs two approvals from an OMC member. It looks like recent commits
haven't obeyed those rules.

> I would like to raise the question whether it wouldn't be beneficial for all of us,
> if we would apply the same rules (commit access for all committers, plus the well
> known approval rules) to all of our repos. After all, the openssl/openssl repository
> is the most valuable of the three and I see no reason why the others would need
> more protection. In the case of the openssl/web repository which targets the
> official website, you might want to consider a 2OMC approval rule, but even there
> I don't see why the usual OMC veto rule wouldn't be sufficient.

There is a lot of merit in that. Certainly for tools. I've added it to the OMC
agenda for Nuremburg.


More information about the openssl-project mailing list