Fwd: [openssl/openssl] A nonce does not have a minimum length (#5909)

Mark J Cox mark at openssl.org
Tue Feb 25 09:34:32 UTC 2020

If you are wondering what the strange automated pings are, I'm just
experimenting looking at stale issues in various states and what we should
do about them.  (The tool is clever enough to ignore its own comments
etc).   I'm just running the tool manually at the moment.  The idea is it
will ping issues where appropriate and do reports and generally end up
being a way we can monitor to make sure our project is healthy.

For example, nothing should be in a state waiting for an OMC decision for
more than a few weeks - it should be decided upon and moved to whatever
state the outcome of the decision is.  We had three of these (and looking
at them they all should just be in a different state).  For every issue it
ought to be very clear what the next action is (I'm a big fan of GTD
(Getting Things Done) process!)

So, right now, we have 82 PR's that have not been touched in the last 180
days.  I picked 180 just for an example because it creates a shorter list
and in practice I imagine 30 days will be the reports we do:

So of the 82:

* deferred after 1.1.1  ( 5 issues)
  - this is a valid state for stale PRs.  An item falls here if it's set to
the milestone for 1.1.1 or it's marked branch 1.1.1 and not master

* waiting for OMC  ( 2 issues)
  - as discussed above, we'll just comment them to ping the OMC

* waiting for OTC/waiting for review ( 0 issues)
  - similar to OMC, we'll just autocomment them to ping the OTC/committers

* cla required  ( 22 issues)
  - if something has been waiting for a CLA for 30 days or more we probably
ought to ping it a couple of times, but then reject the PR as it's unlikely
we'll get a CLA if none have been supplied after a couple of pings and a
couple of months.

* failed CI  ( 14 issues)
  - if it's not in any of the states above but it failed CI it ends up
here.  Some of these might be known false positives, so no action other
than interesting to monitor?  Maybe we need some label for "it failed CI
but that's expected and not a blocker"?  that way there's an action on the
PR creator to "get this in a state where CI passes" and we could auto
comment anything that's failed CI and not been touched for a month (and
perhaps even close it as rejected the next time).

* all the rest ( 39 issues)
  - most of these have no labels or milestones.  Some have
milestone:Assessed (but not sure how that helps).  Some have branch
labels.  This is just the backlog.


---------- Forwarded message ---------
From: openssl-machine <notifications at github.com>
Date: Tue, Feb 25, 2020 at 9:00 AM
Subject: Re: [openssl/openssl] A nonce does not have a minimum length
To: openssl/openssl <openssl at noreply.github.com>

Automated Ping: This issue is in a state where it requires action by
@openssl/omc <https://github.com/orgs/openssl/teams/omc> but the last
update was 607 days ago

You are receiving this because you are on a team that was mentioned.
Reply to this email directly, view it on GitHub
or unsubscribe
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-project/attachments/20200225/650d9586/attachment-0001.html>

More information about the openssl-project mailing list