Meeting Minutes: Board and BAC Monthly (2026-01-05)

Below are the minutes from the recent BAC and Board of Directors meeting. Community members are encouraged to review and engage by replying in the discussion thread. This helps ensure transparency and alignment across OpenSSL stakeholders.

Attendees

@Anton Arapov, @Hana Andersen, @James Bourne, @Jaroslav Reznik, @Jeff Johnson, @Lenka Luklová, @Randall Becker

Agenda

• BAC Face-to-Face meeting planning (Q2 2026)

• Interim OpenSSL 3.0.x releases and LTS considerations

• Events and community meetups (FOSDEM / Distributions / Tokyo)

• PQC interoperability follow-up

• AI usage, policy, and contributor guidance

• General updates

Key Points

BAC Face-to-Face Planning:

The group discussed possible timing for an in-person BAC meeting between late April and late May 2026. Travel constraints were noted. Anton will run a poll to identify a feasible date.

Interim Releases (3.0 LTS):

Questions were raised about the lack of interim 3.0.x releases despite accumulated fixes. While no immediate customer pressure was identified, Randall highlighted that many large financial institutions remain on 3.0 LTS. Anton will raise this internally to reassess expectations and priorities.

Events and Meetups:

• Jaroslav confirmed a Distributions community meetup is planned around FOSDEM, with a booked venue and agenda to be announced shortly. Registration will be used due to space constraints.

• A CentOS Connect distributions event was also confirmed, coordinated to avoid overlap.

• James noted ongoing preparation for a Tokyo meetup, tentatively planned for February.

PQC Interoperability:

Follow-up on prior discussions highlighted the need to gather concrete examples from communities where PQC implementations are incompatible. BAC members were encouraged to surface real-world cases for future guidance.

AI Policy and Contributor Process:

The AI policy discussion continues to gain traction. James outlined work on a small set of supporting documents, including AI policy, CLA implications, and contributor/committer procedures. There was agreement that guidance should be practical, not prohibitive, and possibly supported by checklists integrated into PR templates. Randall noted strong interest and adoption signals from regulated industries.

AI and Source Code Scraping:

Concerns were raised about unrestricted scraping of the OpenSSL Library codebase for AI training and potential licensing implications. This was noted as an area for further internal and executive-level consideration, with GitHub Advanced Security mentioned as a possible tool.

Future Meetings and Events

• February 2026: FOSDEM / Brussels Distributions community meetup (date TBC)

• February 2026 (tentative): Tokyo community meetup

• Q2 2026: BAC Face-to-Face meeting (poll forthcoming)

• February 2026 (UTC): Next BAC monthly meeting (February 9 UTC)

Action Items

• Anton → Create and circulate a poll for BAC Face-to-Face timing and location.

• Anton → Raise the question of interim OpenSSL 3.0.x releases internally.

• Jaroslav → Publish agenda, announcement, and registration details for the FOSDEM Distributions meetup.

• James → Draft and post AI-related policy and process documents for review.