Lyle, David wrote: > So again, nothing prevents a non-core security reviewer from reviewing > blueprints and doing code reviews. Believe me any security minded input is > always welcome and weighed carefully. > > Although the principle of having a minimum number of security reviewers in > core is certainly a fair point of debate, in this particular case, the > participation level does not warrant the outcry.
Right. While I agree that Paul was extremely helpful in the handling of security vulnerabilities that were found in Horizon in the past, and his security insight is definitely wanted in code reviews, I really don't think he needs to be a "core reviewer" to make that happen. Core reviewing is about quality *and* volume. If you only have time for quality, then regular reviewing is what you should do (that's what I try to do: infrequently chime in on stuff I have an opinion on, as opposed to regularly review ANYTHING that comes up). Now if your -1s were routinely ignored and you felt like this had a negative impact on the security of the project, that would be a different story... But in the present case, I think David makes the right decision. -- Thierry Carrez (ttx) _______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
