OpenSSL Communities

Meeting Minutes: Board and BAC Monthly (2026-01-26)

LL Lenka Luklova Thu 29 Jan 2026 2:13PM Public Seen by 10

Below are the minutes from the recent BAC and Board of Directors meeting. All members receiving this notification are encouraged to review the minutes and actively participate in the discussion. That’s one of the opportunities to engage directly with BAC members by replying in the thread below. Your input helps us ensure the OpenSSL community remains transparent, collaborative, and responsive to your needs.

Attendees

@Hana Andersen, @Anton Arapov, @Randall Becker, @James Bourne, @Billy Brumley, @Paul Dale, @Tim Hudson, @Jeff Johnson, @Lenka Luklová, @Jaroslav Reznik

Agenda

  • NSF pre-proposal update

  • Student capstone project: issue and PR triage

  • Brussels distribution events

  • Provider organisation, ABI, and compatibility concerns

  • Performance discussions and community perception

  • Small Business updates and Tokyo meetup

  • Miscellaneous updates and scheduling

Key Points

  • NSF pre-proposal: Billy reported submission of an NSF pre-proposal for an Open Source project grant approximately two weeks prior. Partners include OpenSSL Corporation, Rochester Institute of Technology, and independent contractors. This is the pre-proposal phase; decisions are expected quickly, with full proposals due in April. The group thanked Jeff for providing a supporting letter.

  • Student capstone project: Billy outlined a spring capstone project in which 3–4 students will assist with triaging OpenSSL Library issues and pull requests, including data analysis, maintainer outreach, relevance checks, and closing or reactivating stale items. Kickoff is scheduled for Thursday. Students will share GitHub handles to allow filtering and tracking. The group requested guidance on what information may be shared publicly.

  • Brussels distribution events: Jaroslav provided an update on two Brussels-based distribution events: a CentOS Connect event on Thursday morning focused on rpm-based distributions, and a broader Distribution community meetup on Friday afternoon, which is open to everyone in the community(Mitwit Office Bruxelles Avenue Louise, Av. Louise 143/4, 1050 Bruxelles, Belgium 14:00-17:00)

  • . Registration is informal to avoid blocking participation, with approximately eight on-site and five remote participants so far. The events were promoted via Brussels Fringe listings. Let us know if you’re interested in virtual or in-person participation.

  • Provider organisation and compatibility: A discussion raised by Dmitry focused on how providers should be organised when multiple OpenSSL Library major versions coexist on a single system. Participants emphasised the need to clearly define the problem before selecting solutions. Use cases include distributions, vendors, long-term supported platforms, HSMs, and FIPS users running providers built against different OpenSSL Library versions (e.g., 3.x and 4.x). Options discussed included version-specific directories, a module path approach, pragmatic renaming or copying of provider libraries, exposing provider metadata indicating build base/version, and CI-based compatibility testing. Concerns included the combinatorial explosion of testing, ownership of compatibility validation, and insufficient documentation of existing ABI guarantees.

  • Provider ABI and versioning nuances: Tim, Pauli, and Randall clarified that maintaining provider ABI compatibility across releases has been a deliberate design goal, enabling newer OpenSSL Library releases to load older providers where practical. However, current metadata does not clearly indicate which OpenSSL Library version a provider was built against. Improving runtime metadata exposure and documentation was identified as necessary.

  • Performance and community perception: James raised questions about performance reporting and outreach, including which communities to engage for concrete requirements. Performance concerns vary across distributions, vendors, small businesses, and product maintainers. The group expressed frustration with isolated public benchmarks lacking rigorous methodology and agreed that reproducible, community-driven benchmarking would be more valuable. Suggested actions included collecting concrete requirements, sharing metrics where possible, and exploring academic or student-led benchmarking efforts. Many participants felt that issue triage and cleanup deliver higher overall value.

  • Small Business and Tokyo meetup: James provided an update on Tokyo meetup planning, including logistics, expense tracking, and slide review to ensure OpenSSL-focused and branded content. On AI policy, James reported that legal advice indicates potential risk in accepting AI-generated code. He will request definitive guidance from the Board and Legal and pause further work on an AI acceptance policy until clarity is provided.

  • Miscellaneous: The next BoD & BAC monthly meeting is scheduled for February 23rd, prior to onboarding newly elected board members. Participants emphasised the need for clearer documentation, stronger problem framing for community proposals, and better coordination between distributions, vendors, and the OpenSSL project.

Future Meetings and Events

  • This week: Brussels distribution events (CentOS Connect and Distribution community meetup).

  • February 23, 2026: Next BoD & BAC monthly meeting.

Action Items

  • Dmitry → Collaborate on a clear problem statement and proposal for provider compatibility and organization; capture platform-specific use cases.

  • James → Collect performance requirements from small business and product communities; request Board/Legal guidance on AI policy.

  • Billy → Explore student or academic projects focused on cryptographic benchmarking and optimised implementations.