Thanks for the suggestion. Sorry for not replying earlier. A time
estimate can help with scheduling, but our problem isn't so much
scheduling as a lack of bandwidth. Also we've found it very difficult to
estimate the time a review will take: some innocuous-looking patches end
up raising time-consuming questions about security or compatibility,
while some large patches turn out to be easy because they don't affect
risky areas much.
The way we currently work is to schedule large contributions as part of
our sprint planning, but for most reviews we put them in a queue
(https://github.com/orgs/ARMmbed/projects/3). We've found that for our
team, having people pull from that queue works better than designating
reviewers a priori.
--
Gilles Peskine
Mbed TLS developer
On 21/09/2020 07:35, Frank Bergmann via mbed-tls wrote:
> Hi Gilles,
>
> when I ask in our team to review a PR I usually provide an estimation about
> it. Of course a time base estimation and not an agile one in values of
> complexity. ;-)
> One could also provide an estimation about priority.
> Maybe these tiny rules may help somewhat. At least it can provide a better
> overview if you have tons of PRs.
>
> sincerely,
> Frank
>
> On Sun, Sep 20, 2020 at 10:27:44PM +0000, Gilles Peskine via mbed-tls wrote:
>> Hello,
>>
>> Historically, Mbed TLS has been maintained by Arm as an open-source
>> project, accepting external contributions, but with with priorities and
>> plans mostly driven only by Arm. Since earlier this year, Mbed TLS is an
>> open governance project under the umbrella of TrustedFirmware, with the
>> objective of making it a community led project, allowing community to
>> contribute and collaborate on the design and development of the project.
>> In practice, however, the project effectively still has some barriers of
>> entry. We would like to lift these barriers.
>>
>> The Mbed TLS team at Arm have already identified some concrete actions,
>> filed on the Mbed TLS epic board
>>
https://github.com/ARMmbed/mbedtls/projects/2#column-10667107
>> under “Facilitating community contributions”. A few more should be up
>> soon as the result of some internal brainstorming.
>>
>> We've also identified some problem areas which we're tracking as
>> separate topics.
>>
>> * Probably the biggest topic: review was and is a bottleneck. We are
>> working to streamline the review process where possible, without
>> lowering the quality bar, and to prioritize reviews better over new
>> work. (Having personally often been on both sides of the coin, I can
>> confirm that having a pull request sit around for years without getting
>> reviews is frustrating, and so is seeing all these pull request and not
>> having the time to review them all.) We would also like to enable,
>> encourage and value reviews from people who are not project maintainers.
>>
>> * We will migrate the CI to a publicly available platform hosted by
>> TrustedFirmware. However this platform will not be available until 2021.
>>
>> * We are working on a new documentation platform, where we'll transfer
>> both the information available on the current website and information
>> that is currently recorded in an Arm internal wiki.
>>
>> To all of you who have contributed to Mbed TLS, who have tried, or who
>> are considering it, what difficulties have you encountered? What else
>> can we do to make contributing easier?
>>
>> Best regards,
>>
>> --
>> Gilles Peskine
>> Mbed TLS developer
>>
>>
>> --
>> mbed-tls mailing list
>> mbed-tls@lists.trustedfirmware.org
>>
https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls
Gilles Peskine