[OTC VOTE PROPOSAL] Don't merge PR#14759 (blinding=yes and similar properties)
Nicola Tuveri
nic.tuv at gmail.com
Fri Apr 9 11:27:07 UTC 2021
But I am not opposed to separate the 2 votes if that is perceived as better
and we are ready to deal with the possible delays introduced in the
development.
I am not entirely sure if this PR can be retriaged by OTC as not-blocking
for the beta release, but that could also be an option to buy more time
while we define a policy and then vote to accept or reject based on that.
Nicola
On Fri, Apr 9, 2021, 14:24 Nicola Tuveri <nic.tuv at gmail.com> wrote:
> I agree with what Tomàš said, and that is the reason why I convoluted them
> in a single vote: we need to merge or reject the PR based on a policy, but
> if we do 2 separate votes we risk to create delays in the already quite
> loaded development cycles left!
>
> Nicola
>
> On Fri, Apr 9, 2021, 10:53 Tomas Mraz <tomas at openssl.org> wrote:
>
>> On Fri, 2021-04-09 at 08:44 +0100, Matt Caswell wrote:
>> >
>> > On 08/04/2021 18:02, Nicola Tuveri wrote:
>> > > Proposed vote text
>> > > ==================
>> > >
>> > > Do not merge PR#14759, prevent declaring properties similar to
>> > > `blinding=yes` or `consttime=yes` in our implementations and
>> > > discourage 3rd parties from adopting similar designs.
>> >
>> > I think this vote tries to cover too much ground in a single vote. I
>> > would prefer to see a simple vote of "Do not merge PR#14759"
>> > *possibly*
>> > followed up by separate votes on what our own policies should be for
>> > provider implementations, and what we should or should not encourage
>> > 3rd
>> > parties to do.
>>
>> I disagree partially. IMO we should primarily have a policy vote and
>> the closing or merging of PR#14759 should come out of it naturally.
>>
>> --
>> Tomáš Mráz
>> No matter how far down the wrong road you've gone, turn back.
>> Turkish proverb
>> [You'll know whether the road is wrong if you carefully listen to your
>> conscience.]
>>
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-project/attachments/20210409/3807510a/attachment.html>
More information about the openssl-project
mailing list