Topics for Brno F2F

Sounds like a good topic

1. Pull request backlog is growing out of control and needs stronger management

2. Need for an OpenSSL roadmap to align development across core team and contributor boundaries

3. AI policy finalized - we experience a lot of PRs (and issues) generated by AI, what is the policy?

Here are some more points. Please let me know if it needs elaboration.

@Frederik Wedel-Heinen  I am interested in 2 and 3

@Frederik Wedel-Heinen In my committer's hat I'm interested in all these points

Rust is definitely interesting. I am concerned if we have enough knowledge to process PR’s. I think a strategy needs to be in place and possible risks should be addressed.

I would like to raise a new one: the Mythos, how will these kind of models affect the security of open source software, say OpenSSL as an example

Note on writing providers in Rust: if someone external already does, I'd like to see it!

I've played with writing a provider in Zig, and found a major difficulty... ERR upcall core_vset_error use a C va_list parameter , and I got into a type conflict trying to use the Zig construct for those. It would be interesting to see how that's dealt with in Rust.

@Richard Levitte (individual) a lot of unsafe {} is needed to deal with C interfaces, especially OpenSSL which is found of function pointers and pointer overloading, here you can see an example here: https://github.com/QUBIP/openssl-provider-forge-rs

@ssorce, thanks for the link! That gave me cause to add a section on support libraries in https://github.com/provider-corner?view_as=public

I'd like to see a discussion around the function of addrev, and especially where it takes its data from.

Inspired by git's gpg.ssh.allowedSignersFile, I think it would be possible to have a minimum bit of data necessary to perform what addrev does on file in the repository, and that file would be subject to review and approval like every other file.