[OTC VOTE PROPOSAL] Don't merge PR#14759 (blinding=yes and similar properties)
tomas at openssl.org
Fri Apr 9 14:33:51 UTC 2021
There is no need to have 2 votes. We'll just vote on the policy and the
PR close/rework/whatever comes out of the policy vote.
On Fri, 2021-04-09 at 14:24 +0300, Nicola Tuveri wrote:
> I agree with what Tomàš said, and that is the reason why I convoluted
> them in a single vote: we need to merge or reject the PR based on a
> policy, but if we do 2 separate votes we risk to create delays in the
> already quite loaded development cycles left!
> On Fri, Apr 9, 2021, 10:53 Tomas Mraz <tomas at openssl.org> wrote:
> > On Fri, 2021-04-09 at 08:44 +0100, Matt Caswell wrote:
> > >
> > > On 08/04/2021 18:02, Nicola Tuveri wrote:
> > > > Proposed vote text
> > > > ==================
> > > >
> > > > Do not merge PR#14759, prevent declaring properties
> > similar to
> > > > `blinding=yes` or `consttime=yes` in our implementations
> > and
> > > > discourage 3rd parties from adopting similar designs.
> > >
> > > I think this vote tries to cover too much ground in a single
> > vote. I
> > > would prefer to see a simple vote of "Do not merge PR#14759"
> > > *possibly*
> > > followed up by separate votes on what our own policies should be
> > for
> > > provider implementations, and what we should or should not
> > encourage
> > > 3rd
> > > parties to do.
> > I disagree partially. IMO we should primarily have a policy vote
> > and
> > the closing or merging of PR#14759 should come out of it naturally.
No matter how far down the wrong road you've gone, turn back.
[You'll know whether the road is wrong if you carefully listen to your
More information about the openssl-project