Open Stack

Lyle, David wrote:
> So again, nothing prevents a non-core security reviewer from reviewing blueprints and doing code reviews.  Believe me any security minded input is always welcome and weighed carefully.
> 
> Although the principle of having a minimum number of security reviewers in core is certainly a fair point of debate, in this particular case, the participation level does not warrant the outcry.  

Right. While I agree that Paul was extremely helpful in the handling of
security vulnerabilities that were found in Horizon in the past, and his
security insight is definitely wanted in code reviews, I really don't
think he needs to be a "core reviewer" to make that happen.

Core reviewing is about quality *and* volume. If you only have time for
quality, then regular reviewing is what you should do (that's what I try
to do: infrequently chime in on stuff I have an opinion on, as opposed
to regularly review ANYTHING that comes up). Now if your -1s were
routinely ignored and you felt like this had a negative impact on the
security of the project, that would be a different story... But in the
present case, I think David makes the right decision.

-- 
Thierry Carrez (ttx)