On Tue, Jun 3, 2014 at 7:10 AM, Theodore Ts'o <ty...@mit.edu> wrote: > There's a very simple solution to that problem, especially since we > now have the support and attention of many hardware companies. The > rule should be very simple. If a company doesn't contribute either > (a) exclusive, dedicated hardware, or (b) reliable, continuous access > to hardware, it doesn't get supported by the OpenSSL developers. > Period.
[ details schnipped ] Hi, Ted. This is lucid, cogent advice. I hope everyone reads this twice. The most constrained resource is developer time, and it should prioritized based on some calculus that includes an awareness of which versions on which platforms have what level of deployment, an internal roadmap that serves as a strategic guide, and resources made available by companies that need custom or embedded versions. The roadmap is key - it needs to include, as Rich Salz took the trouble to point out, a clear declaration of EOL for the entire matrix of versions x platforms. Without that, assigning priority to features in new versions is a promise without real commitment. In addition to a "public" roadmap, a disciplined approach to managing feature backlog is key for the developers and committers. While we're full of good ideas for innovation and improvement, let's not forget the committed efforts of those who continue to shepherd the project, especially Stephen Henson, who has kept it together in much the same way as Keith Richards did the Stones. - M ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
