On 23/05/2019 16:01, Salz, Rich wrote:
> > I understand that OpenSSL is changing things so that, by mechanism (and
> maybe by
> > policy although it’s not published yet), two members of the same
> company cannot
> > approve the same PR. That’s great. (I never approved Akamai requests
> unless it
> > was trivial back when I was on the OMC.)
>
> No such decision has been made as far as I know although it has been
> discussed
> at various times.
>
> In private email, and
> https://github.com/openssl/openssl/pull/8886#issuecomment-494624313 the
> implication is that this was a policy.
AFAIK this is not the case.
>
> > Should this policy be extended to OpenSSL’s fellows?
>
> IMO, no.
>
> Why not? I understand build process is always handled by Matt and Richard
> (despite many attempts in the past to expand this), but I think if Oracle or
> Akamai can't "force a change" then it seems to me that the OMC shouldn't
> either.
The only reason to have the "no two reviewers from the same company" policy is
to avoid a potential conflict of interest, i.e. where the interests of said
company conflict with the interests of openssl, two people from the same company
could collude to push a change through. In the case of the fellows, they
represent the project directly so there can be no conflict.
Matt
