The branch master has been updated via f26e81f977a239116ab29fab62b4ed875d9099bc (commit) from 23af72984b104ab0407873cd01c885be9635cb81 (commit)
- Log ----------------------------------------------------------------- commit f26e81f977a239116ab29fab62b4ed875d9099bc Author: Matt Caswell <m...@openssl.org> Date: Thu Nov 21 13:44:27 2019 +0000 Update policies for OTC changes Update other policies as necessary to reflect the bylaws changes that introduced the OTC concept. Reviewed-by: Paul Dale <paul.d...@oracle.com> Reviewed-by: Matthias St. Pierre <matthias.st.pie...@ncp-e.com> Reviewed-by: Richard Levitte <levi...@openssl.org> (Merged from https://github.com/openssl/web/pull/146) ----------------------------------------------------------------------- Summary of changes: policies/committers.html | 64 +++++++++++++++++++++++------------------------- policies/secpolicy.html | 5 ++-- policies/sidebar.shtml | 4 +-- 3 files changed, 34 insertions(+), 39 deletions(-) diff --git a/policies/committers.html b/policies/committers.html index 46e2b74..96f1018 100644 --- a/policies/committers.html +++ b/policies/committers.html @@ -10,7 +10,7 @@ <div class="blog-index"> <article> <header> - <h1>Guidelines for OpenSSL Committers</h1> + <h1>Policy for OpenSSL Committers</h1> </header> <div class="entry-content"> @@ -24,8 +24,8 @@ <h2>How to become a committer?</h2> <p>Commit access is granted by the OpenSSL Management Committee - (OMC) (see the - <a href="/policies/omc-bylaws.html">OpenSSL bylaws</a>). + (OMC) typically on the recommendation of the OpenSSL Technical Committee (OTC) + (see the <a href="/policies/omc-bylaws.html">OpenSSL Bylaws</a>). <p>We welcome contributors who become domain experts in some part of the library (for example, low-level crypto) as well as @@ -45,42 +45,38 @@ <a href="https://github.com/openssl/openssl/issues">Github issue tracker</a>, and our <a href="/community/mailinglists.html">mailing lists</a> - find impactful ideas to work on. Seek feedback from multiple OMC - members to understand the project, and to support your - application. Let them know that you'd like to become a committer - - they'll nominate you when your code review record demonstrates - impact as well as understanding of the codebase and coding style - (usually after a few months of activity). The final decision to - grant commit access is taken by an OMC vote.</p> - - <h2>How to maintain commit status?</h2> - <p>To maintain commit status, you should stay active in the - project. As stated in the project bylaws, if you remain inactive - for several months, your commit access will be withdrawn - but - you are always welcome back, just ask an OMC member to - re-nominate you.</p> + find impactful ideas to work on.</p> + + <h2>How to maintain committer status?</h2> + <p>To maintain committer status, you must stay active in the + project. Refer to the <a href="/policies/omc-bylaws.html">OpenSSL Bylaws</a> + for details.</p> <p>In the unlikely and unfortunate event that your actions conflict with the project objectives or are otherwise - disruptive, commit access may also be revoked by vote of the - OMC.</p> + disruptive, committer status may also be revoked by the OMC.</p> - <h2>Code reviews</h2> + <h2>Approvals and code reviews</h2> <p>All submissions must be reviewed and approved by at least two - committers, one of whom must also be an OMC member. If the + committers, one of whom must also be an OTC member. If the author is also a committer then that counts as one of the reviews. In other words:</p> <ul> - <li>OMC members need one approval from any committer</li> - <li>Committers need one approval from a committer within the - OMC</li> + <li>OTC members need one approval from any committer</li> + <li>Committers need one approval from an OTC member</li> <li>Contributors without commit rights need two approvals, - including one from the OMC.</li> + including one from an OTC member.</li> </ul> - <p>This process may seem a little heavy, but OpenSSL is a large, - complicated codebase, and we think two reviews help prevent - security bugs, as well as disseminate knowledge to the growing - contributor base.</p> + <p>An OMC member may apply an OMC-hold to a submission. + An OTC member may apply an OTC-hold to a submission. + An OMC-hold may be cleared by being removed by the member + that put in place the hold or by a vote of the OMC. + An OTC-hold may be cleared by being removed by the member + that put in place the hold or by a vote of the OTC.</p> + + <p>Approved submissions (outside of the automated release process and NEWS and + CHANGES file updates) shall only be applied after a 24-hour delay from the + approval (except for minor build and test breakage fix approvals).</p> <p>Contributors without commit rights cannot formally approve patches but are nevertheless welcome to comment on submissions @@ -97,7 +93,7 @@ href="mailto:openssl-proj...@openssl.org">openssl-proj...@openssl.org</a> (public, moderated). On GitHub, you can target the OMC members with @openssl/omc, - and committers with @openssl/committers.</p> + OTC members with @openssl/otc, or committers with @openssl/committers.</p> <h2>Commit workflow</h2> <p>We do code reviews on GitHub. The @@ -116,12 +112,12 @@ a potential security issue, we ask that you report it to <a href="mailto:openssl-secur...@openssl.org"> openssl-secur...@openssl.org</a> and don't discuss it further in public. We review security - sensitive patches privately, off GitHub. We do not currently - have a way to open access to those reviews after the patches - have been released.</p> + issues privately, however acceptance of a submission for a security issue + does not bypass the review process that applies to all submissions.</p> <h2>A note on CLAs</h2> - <p>All authors, including committers, must have current <a href="/policies/cla.html">CLAs</a> on + <p>All authors, including committers, + must have current <a href="/policies/cla.html">CLAs</a> on file. A CLA is not required for trivial contributions (e.g. the fix of a spelling mistake). Refer to the <a href="cla.html">CLA</a> page for further details. diff --git a/policies/secpolicy.html b/policies/secpolicy.html index d54fcc6..67d91d1 100644 --- a/policies/secpolicy.html +++ b/policies/secpolicy.html @@ -27,10 +27,9 @@ <h2>Issue triage</h2> <p> - Notifications are received by a group of OpenSSL Management Committee - members. We engage resources within + Notifications are received by the OMC and OTC. We engage resources within OpenSSL to start the investigation and prioritisation. We may work in private - with individuals who are not on the OpenSSL Management Committee as + with individuals who are not on the OMC or OTC as well as other organisations and our <a href="/community/thanks.html">employers</a> where we believe this can help with the issue investigation, resolution, or diff --git a/policies/sidebar.shtml b/policies/sidebar.shtml index 389cc51..a7abcf5 100644 --- a/policies/sidebar.shtml +++ b/policies/sidebar.shtml @@ -22,10 +22,10 @@ <a href="secpolicy.html">Security Policy</a> </li> <li> - <a href="omc-bylaws.html">OMC (project) Bylaws</a> + <a href="omc-bylaws.html">OpenSSL Bylaws</a> </li> <li> - <a href="committers.html">Guidelines for Committers</a> + <a href="committers.html">Policy for Committers</a> </li> <li> <a href="codingstyle.html">Coding Style</a>