The openssl 3 issue is with the openssl wrapper in the standard library. It was fixed in the development version but it's opt in as shown above and it's kind of a messy fix, thus it hasn't been backported to the stable line yet. You're right that this should be resolved but it hasn't been done for the time being.
The sdl2 issue might have to do with spam accidentally being left in code in sdl2 in a recent PR and the version tag not being updated properly. Not sure though because I remember this being fixed. A `nimble install sdl2@#HEAD` should fix it in any case (meaning install the latest commit of the package). Unfortunately there is not really a guarantee of consistency to issues getting fixed so encountering issues is possible. This can get attributed to laziness but it's not really that simple. You can at least count more on things like people giving information about issues on the forum.
