OpenSSL Communities
Tue 26 Aug 2025 7:27PM

August 21 meeting minutes

JE Jon Ericson Public Seen by 10

Attendees:

  • Nicola Tuveri - Academics

  • Dmitry Belyavsky - Committers

  • Igor Ustinov - Individuals

  • Barry Fussell - Large Businesses

  • Aditya Koranga - Small Businesses

  • Matt Caswell

  • Tomas Mraz

  • Richard Levitte

  • Jon Ericson

  • Conference face-to-face (Jon and Matt)

    • Set aside Monday afternoon for a joint Foundation BAC and TAC

    • Also please volunteer for BAC/TAC panel.

    • There could be a slot in the conference for anything a BAC or TAC would like to present (Nicola)

  • General Discussion group  (Jon)

    • Should we have voting in the general discussion (Nicola)

    • Voting carries a risk bigger and louder groups would dominate over other groups (Matt)

    • Anyone can open a poll in the individual communities (Tomas)

    • Figuring out how to start a poll isn’t easy on Loomio at the moment (Nicola)

    • The rules/guidelines for the general group could discourage polls in that group and instruct people on how to create a poll in an individual community (Nicola)

  • Maybe a conversation about the election process? (Either at the conference or general discussion) (Nicola)

    • Do we have the right communities? (Igor)

    • Are we missing downstream maintainers? (Dmitry)

    • When setting up the communities, open source maintainers were considered, but it wasn’t clear what the criteria for joining would be. (Matt)

    • There will be people across multiple communities and this was considered from the start. (Tomas)

    • The concern is people over-voting in several communities (Tomas)

  • Escalation strategy (Jon)

    • What sort of things need the label? Anything that needs to be discussed outside of the context of the issue or PR. (Matt)

    • I missed a step: there should be a link posted on the issue to any general discussion. (Jon)

    • If there are many issues labeled, we need a step to filter the issues to be considered. (Dmitry)

    • If there is general agreement in the discussion before it reaches the TAC, we can remove the label then. (Tomas)

  • Draft PR for support of EVP_SKEY inhttps://github.com/openssl/openssl/pull/28278 OSSL_STORE and general improvement of EVP_SKEY (https://github.com/openssl/openssl/pull/25908) (Dmitry)

  • Constant-time BIGNUM (Matt)

    • Sovereign Tech Fund is investing in implementing constant-time BIGNUM

    • Richard is working on a design document

    • Fixed-num API where the size is fixed and BIGNUM would be a wrapper around that. (Richard)

    • Would this be used for numbers that could fit in 64-bits or would this be reserved for larger numbers? (Nicola)

      • Not sure. (Richard)

    • Will the fixed-num allow for different implementations under the hood? (Nicola)

      • The current plan is to just do what BIGNUM does now but with a constant time. (Tomas)

    • When the design document is ready to review we’ll create a PR so that anyone (including the TAC) can review it. (Matt)

  • The other part of the Sovereign Tech Fund project is clearing out backlog issues. (Tomas)

    • Is the Foundation hiring to address this issue? (Nicola)

Action items

DB

Dmitry Belyavsky Tue 26 Aug 2025 8:04PM

Do we have the right communities? Are we missing downstream maintainers? (Dmitry)

No, I was talking about the maintainers of the applications who use OpenSSL

IU

Igor Ustinov Wed 27 Aug 2025 12:50PM

If there are many issues labeled, we need a step to filter the issues to be considered. (Dmitry)

Actually, it was my point

JE

Jon Ericson Tue 2 Sep 2025 2:58PM

Thank you @igus68 and @beldmit ! Please let me know if my latest update is an improvement. :-)