OpenSSL Communities
Tue 21 Oct 2025 3:02AM

October 16, 2025 F-TAC meeting minutes

JE Jon Ericson Public Seen by 8

Attendees:

  • Nicola Tuveri - Academics

  • Dmitry Belyavsky - Committers

  • Igor Ustinov - Individuals

  • Barry Fussell - Large Businesses

  • Aditya Koranga - Small Businesses

  • Matt Caswell

  • Tomas Mraz

  • Richard Levitte

  • Jon Ericson


Old business

  • Start discussion about the BAC/TAC election process before the next election (Nicola)

    • Discussion started

    • Having one person holding multiple positions is a concern. (Nicola)

    • Why are there two TACs? One BAC per organization makes sense since each has a different business model. (Igor)

    • The Foundation and the Corporation had different interests when, for instance, PQC implementations were considered. (Nicola)

    • The big difference between the organizations is how work is prioritized. (Dmitry)

    • Now is the time to make changes to the TAC election process. (Matt)

    • If there were 4 academic representatives instead of 2, there would be a greater diversity of thought. Having one person covering 3 seats does a disservice to the academic community. (Nicola)

    • One difference already implemented is there is one vote per organization. (Nicola)

    • One person on the same seat for Foundation and Corporation represents a conflict since they have different approaches, but TAC and BAC is not a problem. (Igor)

    • Some people have an easier time changing hats. (Matt)

    • A big problem is that we don’t (yet) have enough people to cover all the seats. (Matt)

    • The community engaged in OpenSSL is too small. (Maybe 50 people?) The conference was about 400 people but some people couldn’t come. The whole community is several hundred people. (Dmitry)

    • Not everyone at the conference was closely connected to OpenSSL. (Tomas)

    • Representing a community on a committee doesn’t necessarily require a prior engagement with the OpenSSL community. Representatives facilitate communication between the Foundation and the individual communities. They just need to be able to understand (broadly) the technical issues. (Nicola)

    • TAC representatives should be technically oriented, but not necessarily developers using OpenSSL. (Tomas)

    • Using OpenSSL, creating issues and not necessarily already engaged with the OpenSSL community can be valuable to the project by bringing new viewpoints. (Dmitry)

    • We aren’t at the point of making changes to the election process yet (Matt)

  • Review https://github.com/openssl/openssl/pull/28278  (Matt)

    • Reviewed before the conference but needs another look now.

  • Respond to PQC Group Recommendations for TLS 1.3 (Aditya)

    • Wrapped up from TAC perspective.

  • Proposal to make generated files read-only. (Tomas)

    • Solved

    • See this PR: https://github.com/openssl/openssl/pull/28838 (Dmitry)

      • Would need to be master  branch only. (Tomas)

      • 3.6 has already been released. (Richard)

      • It would make sense to make an exception in this case. (Tomas)

      • Does the TAC support backporting the patch to branches where it makes sense? (Matt)

  • Reformatting proposal (Matt, temporarily)

    • WebKit style is very similar to the existing OpenSSL style, so that’s the one we’re settling on. (Matt)

    • We can tweak the pointer (*) notation. (Tomas and Richard)

    • R-Day is sometime in November. Reformat master and all the 3.x branches back to 3.1. (Matt)

    • Don’t do it on the public repo for EOL branches. (Tomas)

    • Is there space to critique the WebKit style? (It has alignment and spacing issues that make it hard to read the code.) (Richard)

    • The academics Nicola spoke to are happy to move to a standardized format and aren’t worried about exactly what the style is. Especially because it allows people to open PRs and automatically get feedback on format. Whatever makes sense for the fulltime maintainers. (Nicola)

    • The developers Aditya talked to are happy to have a standard style. (Aditya)

    • Distributions and other companies that have patches to OpenSSL need to have a deadline to transition. (Dmitry)

    • Looking into what can be done to automate the transition. (Barry)

    • Igor hates WebKit, but any format is an improvement. Linux kernel without tabs would be his preference. (Igor)

    • Linux kernel format is entirely custom. (Richard)

    • We are doing it, but someone is going to be unhappy with the chosen style no matter what. (Matt)

  • Propose a label to request community discussion/escalation process (Jon)

  • A proposed talk at Real World Crypto in Taiwan to explain the role of the BAC/TAC and new governance in order to engage the academics who attend RWC. Igor might also be able to go and maybe Aditya could be on the stage. (Nicola)

  • Move the next meeting around to avoid being during Jon and Matt’s North Carolina meeting. (Matt)

Action items

  • Consider backporting PR 28838 to 3.6 (TAC)