[MONTHLY STATUS] June 2022

[Ing. Martin Koci, MBA]

Highlights in June are:

  * Recruitment activities for Business Operations Administrator role
and Platform Engineer
  * YouTracek migration from Zenhub
  * Process improvements and documentation
  o release process improvement on the track
  * Roadmap refinements
  * Velocity baseline set up
  * Defined estimation and predictability process
  * Defined/described Research, Delivery and Release flow
  o DoD, DoR, acceptance criteria
  * Team ceremonies definition and documentation in YT
  * Risk management session for releases

In addition to the daily business as usual (meetings, e-mails, etc..)

/koca

Monthly status: June

[Dr Paul Dale]

Significant activities throughout January included:

 * Fixes for Coverity issues
 * Various FIPS related tasks
 * QUIC project
 o Design and implement an event queue
 o Design packetisation (ongoing)
 o Reviewing other designs and PRs
 o Redrew the overview diagram using dot (ongoing)
 * Customer support: fixes and responses to questions
 * Wrote knowledge base article about modifying support customer details
 * Worked on security issues
 o investigating and creating fixes for new issues
 o investigating old issues
 * Partial on-boarding for administrative position

This is in addition to the usual nightly meetings, issue triage, pull 
request reviews and responding to questions.  I also had a bout of covid :(

Monthly Status: June

[Dr Paul Dale]

Significant activities throughout June were:

 * Fix new Coverity issues 26 real, 4 false positives
 * Address all outstanding (ancient) Coverity issues
 * Fix threads test ordering problem
 * Fix address sanitiser problems in apps relating to uninitialised BN
   pointers
 * Investigation memory leak in dlopen() that's a known problem with
   valgrind
 * Investigate and fix memory leak when threading in property code
 * Investigation and remediation of several threading problems
 * Add locks to obj_dat.c and obj_xref.c to make the OBJ subsection
   thread safe (post 3.0 after discussion)
 * Added decoded caching to avoid lots of allocations and repeated
   algorithm recreation
 * Implemented a property list find function
 * Add a key manager check to better reuse existing key managers in
   light of algorithm cache flushes
 * Convert SHA one short functions to be functions not macros, to
   accept NULL arguments in a way compatible to 1.1.1
 * Add a memory sanitiser build
 * Tweak the time of execution of CI jobs so they run more widely
 * Fix double to integer conversions in light of the VMS experience
 * Add integer size sanity checks in light of the VMS experience
 * Add tests to evp_test for EVP_Q_ functions
 * Change the way XTS and AEAD ciphers are filtered in apps to unify
   this behaviour
 * Earlier detection of bad digest in req command
 * Covert command line apps to use libctx and property query more
   extensively
 * Add a -digest option to spkac command
 * Fix auto DH problem where the chosen group didn't necessarily meet
   the current security level
 * Add RSA key size vs entropy checks in FIPS mode
 * Updates to the FIPS checksum script
 * Remove SM2 encoder and decoder from the FIPS provider ... hmmm.
 * Add digest, cipher and PKEY algorithm life cycle documentation
   (including pretty pictures)
 * Update platform policy to allow configuration additions to stable
   branches
 * Clean up all remaining TODO notes in the code
 * Update NEWS to current status
 * Fix documentation of up-calls from providers to libcrypto
 * Deprecation of ERR_GET_FUNC()
 * Create a list of things to do after 3.0 for future discussion

In addition were minor pull requests, reviewing, OMC and OTC business, 
et al.