Meeting Minutes: Board and TAC Monthly (2026-04-13)

Below are the minutes from the recent Board and Technical Advisory Committee (TAC) monthly meeting. The discussion covered community dynamics, the upcoming Brno face-to-face, the OpenSSL Conference 2026, and a substantive open conversation on release versioning, ABI/API compatibility, committer review standards, and the process for converting community input into formal Board positions. TAC members are encouraged to review and engage in the thread below.

Attendees

@Aditya Koranga, @Anton Arapov, @Dmitry Belyavsky, @Kevin Micciche, @Lenka Luklová, @Simo Sorce, @Tim Hudson

Apologies: @Nikolas Gauder (scheduling conflict; will attend future meetings)

High-level topics covered

• Community dynamics: advisory structure, maturity assessment, gaps

• Brno Face-to-Face, May 25–29: details, participants, travel support, input needed

• OpenSSL Conference 2026 — Prague, October 13–15: registration & CFP open, advisory member benefits

• Release versioning and LTS cadence roadmap

• ABI and API compatibility across major versions and providers

• Committer review bar, quality standards, and documentation of rationale

• Distributions community poll on FIPS_mode() macro — converting community input into a formal TAC position

• Poll integrity: filtering corporation staff and inactive members from poll results

• TAC operating procedures: documenting process on the OpenSSL Communities website or GitHub

Detailed points and discussion

1–3) Presentation: Community Dynamics, Brno Face-to-Face, OpenSSL Conference 2026

Anton walked through the attached presentation. Key discussion points that arose:

• Small Businesses was flagged as the most urgent gap — both BAC and TAC seats are currently vacant. Everyone is encouraged to think of suitable candidates and motivate them to stand.

• Dmitry asked whether external developers could be included in the face-to-face — yes, and the participant list reflects this. Almost all attendees are developers.

• Members were asked to come prepared with their community's priorities and to identify what could be unblocked in person.

• Remote participation is possible: Dmitry confirmed in-person attendance; Aditya is in discussion with his employer and will confirm the following day; Kevin was unable to attend due to prior commitments.

• TAC members are invited to join the Programme Committee and will receive complimentary passes and discount codes for their networks.

4) Release versioning and LTS cadence

Anton shared a slide covering a newly agreed roadmap between the OpenSSL Foundation and Corporation on release numbering and LTS cadence. The details will be presented publicly at ICMC the following week and followed by blog posts — watch that space. Kevin noted that predictability of LTS timing is particularly valuable for compliance-constrained deployments, where organisations are often restricted to LTS-only versions by policy, and welcomed the move toward a more transparent and plannable release schedule.

5) ABI and API compatibility across major versions

Tim confirmed the project's intent to maintain both forward and backward provider ABI compatibility across major versions, but acknowledged this has never been formally documented or publicly stated — leaving it subject to informal change. He noted the TAC should hold the project accountable for this: decisions made internally have not been captured publicly, which enables inconsistency and means the community cannot engage with the rationale.

Simo raised concern about the impact of breaking the public API at every major release. Tim acknowledged the project lacks a mature approach to forward compatibility and migration tooling, and that the 4.0 decision to clean up technical debt was not publicly debated or documented. Simo and Tim agreed that starting the ABI/API discussion for 5.0 well ahead of time, now that a date is known, is important, both to align committers and to allow the community to engage before decisions are made.

6) Committer review bar and quality standards

Tim raised concern that the review bar is inconsistent and in some cases too low. Simo distinguished between adding more reviewers and raising reviewer quality — the latter being what actually improves code quality. He proposed a structured review checklist as a practical, effective mechanism. Tim invited Simo to develop this into a conference panel for October; Simo, Kevin, and Aditya agreed a well-moderated panel would surface more useful discussion than a solo presentation. Dmitry noted that establishing the procedures and organising the panel are separate tasks and should be tracked separately.

7) Distributions community poll on FIPS_mode() — converting community input into a formal TAC position

Dmitry raised the outcome of a Distributions community poll on reinstating the FIPS_mode() macro (7 votes for immediate reinstatement, 1 for a future compatibility layer) and asked how to convert this into a roadmap action.

Tim and Anton clarified the intended flow: Dmitry should bring it to his TAC colleagues and seek concurrence that this is worth formally asking the Corporation Board to take a public position on. The bar is low — colleagues don't need to agree with the position, only agree that the topic warrants a public response. Once the TAC asks the question publicly on the OpenSSL Communities website, the Board is accountable for responding publicly. Tim emphasised this mechanism has never yet been exercised, and Dmitry's case is the ideal opportunity to establish the pattern. Anton and Dmitry agreed to follow up after the meeting on the specific steps.

8) Poll integrity and TAC operating procedures

Dmitry raised a procedural concern: poll results expressed against total registered membership are misleading because the denominator includes corporation employees and inactive accounts. Anton acknowledged the inactive accounts issue and committed to discussing solutions with Dmitry after the call.

Tim suggested the TAC establish its own area, on the Communities website or in a GitHub repository, to document how it operates. He noted the Corporation has no formal requests from the advisory committee on record in over a year, and that Dmitry's case should be the first documented example. The transcript of this meeting is a reasonable starting point for written documentation of the intended process.

Next steps

• All TAC members → Confirm Brno attendance with Lenka Luklová; come prepared with community priorities and topics to unblock in person

• All → Promote OpenSSL Conference 2026; submit CFP before May 31; suggest speakers; flag agenda topics

• Dmitry → Work with Anton to run a TAC-level public poll on the Communities website on the FIPS_mode() issue; document the process as a reusable template

• Simo → Develop a conference panel proposal on committer review standards and code quality for October

• Anton / Tim → Support Dmitry in writing up the community-to-roadmap process; publish blog posts with real examples

• Anton → Work with Dmitry on filtering inactive accounts and corporation staff from community poll denominators

Next meeting

Monthly TAC meetings are scheduled for the second Monday of each month. The next meeting is planned for May 11, 2026.

Additional in-person collaboration is expected during the week of May 25–29 at OpenSSL Corporation headquarters in Brno, and during the OpenSSL Conference, October 13–15, Prague.