[openstack-dev] [Horizon] Nominations to Horizon Core
thierry at openstack.org
Thu Dec 12 09:46:21 UTC 2013
Lyle, David wrote:
> So again, nothing prevents a non-core security reviewer from reviewing blueprints and doing code reviews. Believe me any security minded input is always welcome and weighed carefully.
> Although the principle of having a minimum number of security reviewers in core is certainly a fair point of debate, in this particular case, the participation level does not warrant the outcry.
Right. While I agree that Paul was extremely helpful in the handling of
security vulnerabilities that were found in Horizon in the past, and his
security insight is definitely wanted in code reviews, I really don't
think he needs to be a "core reviewer" to make that happen.
Core reviewing is about quality *and* volume. If you only have time for
quality, then regular reviewing is what you should do (that's what I try
to do: infrequently chime in on stuff I have an opinion on, as opposed
to regularly review ANYTHING that comes up). Now if your -1s were
routinely ignored and you felt like this had a negative impact on the
security of the project, that would be a different story... But in the
present case, I think David makes the right decision.
Thierry Carrez (ttx)
More information about the OpenStack-dev