OpenSSL Corp BoD & TAC Monthly Meeting – 2025-09-08

Participants: Aditya Koranga, Anton Arapov, Dmitry Belyavskiy, Nicola Tuveri, Shane Lontis

Also Invited/Didn't Attend: Tim Hudson, Craig Lorentzen, Paul Yang

---

1. Meeting Opening and Agenda

• Anton Arapov opened the meeting, noting absences and late arrivals.
• Agenda derived from the TAC group thread.
  

---

2. Contributor & User Survey (Presented by Aditya Koranga)

Scope & Demographics:

• ~15–16 respondents; diverse experience (2 years to 20+ years).
  
• 36% with 20+ years, 36% with 5–10 years.
  

Reported Uses:

• Enterprise applications, MongoDB security, TLS/cert management, VPN integration, cryptographic functions, SSH keys, learning TLS/SSL concepts, API security.
  

Feedback Themes:

• Performance: Multi-core issues in OpenSSL 3.x; requests to leverage AVX2 and optimize PQC algorithms.
  
• Security: Lack of certificate revocation checks in CMS encryption.
  
• Documentation: Strong need for discoverable, user/admin-focused guides.
  
• Community Engagement: Desire for more transparency and interaction.
  
• Modularity & Codebase: Calls for clearer separation of primitives, TLS, key management, and out-of-process key agents.
  
• Official Binaries & Tooling: Demand for multiplatform binaries and GUI tools for certificate management.
  
• Legacy Provider: Seen as unnecessarily complex.
  

Positive Feedback:

• Transparency, strong community engagement, and clear release communication.
  

AI-Suggested Priorities:

• Immediate: Certificate revocation checks, multicore performance.
  
• Midterm: Documentation, official binaries, modularization, simplification of legacy provider.
  
• Long Term: Legacy algorithm support, improved TLS tooling, advanced state machines.
  

Strategic User Segmentation:

• Developers → performance & clarity.
  
• Security Teams → revocation & cryptographic strength.
  
• Enterprises → multiplatform binaries & compatibility.
  
• Legacy Maintainers → support for older algorithms.
  
• Community → transparency & collaboration.
  

Follow-ups:

• Nicola suggested clearer presentation (timeline-based usage graphs, respondent counts).
  
• Anton emphasized making findings public and actionable.
  
• Aditya proposed reaching out to respondents for deeper use-case clarifications.
  

---

3. Auto-Generated Files in Repository

• Debate between Dmitry and Shane:
  
  • Pros (commit): Prevent loss after make clean, simplify CI, avoid overwriting, assist navigation.
    
  • Cons (commit): Merge conflicts, redundancy, maintenance burden.
    
• Dmitry suggested polling committers; Shane stressed avoiding repeat of past "num file" merge issues.
  
• Consensus: conduct committer poll.
  

---

4. Committers’ Engagement & TAC Role

• Shane: low committer response rates: 2–3 replies not representative.
  
• Anton: polls may improve notifications/engagement.
  
• Shane: TAC may lack technical depth of former OTC, suggested committers’ meetings for interactive discussion.

---

5. Issue Tracking, Decision-Making & Release Planning

Problems Identified:

• PRs/issues with consensus often fall off radar.
  
• Lack of clear process for moving issues into release backlogs.
  
• Ambiguity on authority/responsibility between TAC, release teams, and committers.
  

Proposals:

• Documented workflow for lifecycle: issue → backlog → release.
  
• Process for reviewing “stacked” items (e.g., deferred to 4.0/5.0).
  
• Consider TAC-hold model.
  

Next Steps:

• Group to refine process at Brno in-person meetings (with BAC/TAC).
  

---

6. Scheduling Next Meeting

• Next TAC meeting scheduled for October 13, 2025.
  
• To decide during/after BAC/TAC in person gathering in Brno whether the meeting in October is needed.
  

---

Actionable Items

Responsible	Action
Anton & Aditya	Make survey results public; coordinate with BAC/Individuals group.
Aditya	Reach out to respondents for detailed clarifications.
Dmitry	Raise committer poll on auto-generated files.
TAC/BAC Members	Develop formal workflow for issue lifecycle, prioritization, and decision-making.
TAC Members	Decide next call timing.

---