Hi Gilles,
actually I meant that the creator of the PR tries to make a first estimation. Maybe even this could be helpful. :-)
Frank
On Wed, Sep 30, 2020 at 09:47:41AM +0000, Gilles Peskine via mbed-tls wrote:
Hi Frank,
Thanks for the suggestion. Sorry for not replying earlier. A time estimate can help with scheduling, but our problem isn't so much scheduling as a lack of bandwidth. Also we've found it very difficult to estimate the time a review will take: some innocuous-looking patches end up raising time-consuming questions about security or compatibility, while some large patches turn out to be easy because they don't affect risky areas much.
The way we currently work is to schedule large contributions as part of our sprint planning, but for most reviews we put them in a queue (https://github.com/orgs/ARMmbed/projects/3). We've found that for our team, having people pull from that queue works better than designating reviewers a priori.
-- Gilles Peskine Mbed TLS developer
On 21/09/2020 07:35, Frank Bergmann via mbed-tls wrote:
Hi Gilles,
when I ask in our team to review a PR I usually provide an estimation about it. Of course a time base estimation and not an agile one in values of complexity. ;-) One could also provide an estimation about priority. Maybe these tiny rules may help somewhat. At least it can provide a better overview if you have tons of PRs.
sincerely, Frank
On Sun, Sep 20, 2020 at 10:27:44PM +0000, Gilles Peskine via mbed-tls wrote:
Hello,
Historically, Mbed TLS has been maintained by Arm as an open-source project, accepting external contributions, but with with priorities and plans mostly driven only by Arm. Since earlier this year, Mbed TLS is an open governance project under the umbrella of TrustedFirmware, with the objective of making it a community led project, allowing community to contribute and collaborate on the design and development of the project. In practice, however, the project effectively still has some barriers of entry. We would like to lift these barriers.
The Mbed TLS team at Arm have already identified some concrete actions, filed on the Mbed TLS epic board https://github.com/ARMmbed/mbedtls/projects/2#column-10667107 under “Facilitating community contributions”. A few more should be up soon as the result of some internal brainstorming.
We've also identified some problem areas which we're tracking as separate topics.
- Probably the biggest topic: review was and is a bottleneck. We are
working to streamline the review process where possible, without lowering the quality bar, and to prioritize reviews better over new work. (Having personally often been on both sides of the coin, I can confirm that having a pull request sit around for years without getting reviews is frustrating, and so is seeing all these pull request and not having the time to review them all.) We would also like to enable, encourage and value reviews from people who are not project maintainers.
- We will migrate the CI to a publicly available platform hosted by
TrustedFirmware. However this platform will not be available until 2021.
- We are working on a new documentation platform, where we'll transfer
both the information available on the current website and information that is currently recorded in an Arm internal wiki.
To all of you who have contributed to Mbed TLS, who have tried, or who are considering it, what difficulties have you encountered? What else can we do to make contributing easier?
Best regards,
-- Gilles Peskine Mbed TLS developer
-- mbed-tls mailing list mbed-tls@lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls
-- mbed-tls mailing list mbed-tls@lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls
mbed-tls@lists.trustedfirmware.org
-
Frank Bergmann