On Sat, Apr 26, 2014 at 11:39:13AM +0100, Ben Laurie wrote: > On 24 April 2014 19:54, Kurt Roeckx <k...@roeckx.be> wrote: > > On Thu, Apr 24, 2014 at 06:31:34PM +0100, Ben Laurie wrote: > >> Note that this is just how to help me, not a consensus view from the > >> whole team, though I have no doubt much of it will be helpful to the > >> team, too. > >> > >> 1. Triage RT (https://rt.openssl.org/). > >> > >> RT has been neglected for a long time. People could usefully go > >> through it and identify: > >> > >> a) Tickets that can be closed > >> > >> b) Tickets that should have action taken, and how urgent that action is. > >> > >> If a ticket describes a potential security issue, then please don't > >> just announce it to the list. Instead send it to > >> openssl-secur...@openssl.org. > >> > >> In order to avoid duplication of effort, perhaps someone should set up > >> a github repo (or something else) assigning ranges to volunteers? It > >> might also be useful to use the same repo to hold the triage results > >> (so things can be ticked off as they are actioned). > > > > I already created a github branch for this, > > I'm a little unclear what "this" is? Also, how this fits into Matt's > coordinated effort?
It's a branch with patches that I've reviewed, but they didn't all come in via RT. This branch also already started before Matt's suggestion. I think we currently have different paths of how bugs and patches get to here: - RT - github - distro's And Matt's suggest only seems to deal with RT, but then still creates the patch in github. It's not clear if we should now go and create an RT ticket for each patch we want to get applied. It also talks about patches on github, but it's not clear to me how you would find which branches to merge from github. It would make most sense to me that there are a few people who create branches that you can look at and know that someone has already reviewed them and that they are ready to be merged. For tickets that are already in RT, it makes sense that we have people who take ownership of the various tickets and get them in the correct state, but I see that as something different of how patches get to you. Kurt ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
