As defined by the [OTC Voting Procedures], I am declaring the
vote closed, as the number of uncast votes cannot affect the outcome of
The vote is accepted.
topic: We should accept the Fully Pluggable TLSv1.3 KEM functionality as shown
in PR #13018 into the 3.0 release
of the weekly "developer
Proposed by Nicola Tuveri
accepted: yes (for: 9, against: 0, abstained: 0, not voted: 2)
Viktor [ ]
I am basing my vote on the feedback provided by @DDvO  and @t8m .
In particular I am convinced to vote in favor, as I can see this as a
bug fix, fixing an undocumented inconsistency, and that it is very
unlikely it would affect existing applications.
topic: Hold online weekly OTC meetings starting on Tuesday 2020-10-13
and until 3.0 beta1 is released, in lieu of the weekly "developer
Proposed by Nicola Tuveri
accepted: yes/no (for: X, against: Y, ab
I received no feedback, so I am keeping the vote text as proposed and
opening the vote shortly.
On Wed, 7 Oct 2020 at 16:53, Nicola Tuveri wrote:
> Since the two virtual face-to-face OTC meetings of last week, and again
> in the two OTC
On Thu, 8 Oct 2020 at 17:47, Matt Caswell wrote:
> topic: The following items are required prerequisites for the first beta
> 1) EVP is the recommended API, it must be feature-complete compared with
> the functionality available using lower-level APIs.
>- Anything that
On Thu, Oct 8, 2020, 17:27 Matt Caswell wrote:
> topic: We should accept the Fully Pluggable TLSv1.3 KEM functionality as
> shown in PR #13018 into the 3.0 release
> Proposed by Matt Caswell
> Public: yes
> opened: 2020-10-08
> closed: 2020-mm-dd
> accepted: yes/no (for: X, against: Y,
d emerge out of this change and the amount of work
required to reach exhaustive testing to be able to quantify these
risks and the work required to make all the existing codebase robust
to this change.
On Thu, 8 Oct 2020 at 00:10, Richard Levitte wrote:
> On Wed, 07 Oct 2020 21:25:57 +0
On Wed, 7 Oct 2020 at 20:45, Richard Levitte wrote:
> I'm as culpable as anyone re pushing the "convention" that an EVP_PKEY
> with a private key should have a public key. I was incorrect.
Sure, my example was not about pointing fingers!
It's just to give recent data points on how the
On Wed, 7 Oct 2020 at 20:17, Richard Levitte wrote:
> There's no reason for the EVP layer to check for the presence or the
> absence or the public key, for one very simple reason: it doesn't have
> access to the backend key structure and therefore has no possibility
> to make any such checks.
ement" at that level,
> it's more accidental than by design...
> I'm not sure what to make of the documentation from 2006. Considering
> the level of involvement there was from diverse people (2006 wasn't
> exactly the most eventful time), there's a possibility that it was a
I believe the current formulation is slightly concealing part of the problem.
The way I see it, the intention if the vote passes is to do more than stated:
1. change the long-documented assumption
2. fix "regressions" in 3.0 limited to things that worked in a certain
way in 1.1.1 (and maybe
I support the edit proposed by Tomas.
First comment that I have is that I'd prefer the first-level items to
be actually numbered, as done in the drafts: we might put a disclaimer
that the numbers are not indicative of priority and just meant to be
used to address (equally important) tasks by
Since the two virtual face-to-face OTC meetings of last week, and again
in the two OTC meetings this week, we repeatedly discussed replacing the
weekly "developer meetings" with official OTC meetings.
The "developer meetings" have so far seen frequent participation from a
to have their documentation pointing
to the replacement interfaces.
[Release Strategy]: https://www.openssl.org/policies/releasestrat.html
[OpenSSL Bylaws]: https://www.openssl.org/policies/omc-bylaws.html
[3.0 design document]: https://www.openssl.org/docs/OpenSSL
6. We need to rewrite the apps to use only the non-deprecated interfaces
(except for the list, speed and engine apps and the engine parameter
in various places).
7. All the legacy interfaces need to have their documentation pointing
to the replacement interfaces.
+1, as expressed during the f2f meeting.
On Mon, Sep 28, 2020, 15:02 Dr. Matthias St. Pierre <
> topic: Accept the OTC voting policy as defined:
>The proposer of a vote is ultimately responsible for updating the
s for the official documentation you
> mentioned, are you talking about this one?
> From: Nicola Tuveri
> Sent: Sunday, September 13, 2020 4:17 PM
> To: Dr. Matthias St. Pierre
> Cc: openssl-project@openssl
Matthias overcredits me: I just wanted to know his opinion about when we
should use labels and when milestones (and that is why I wrote to him
off-list, as a very confused and shy pupil asking a sensei for wisdom
All the alleged convincing was self-inflicted :P
And now that my
On Sat, Sep 5, 2020, 14:01 Tim Hudson wrote:
> On Sat, Sep 5, 2020 at 8:45 PM Nicola Tuveri wrote:
>> Or is your point that we are writing in C, all the arguments are
>> positional, none is ever really optional, there is no difference between
>> passing a `(void*)
On Sat, Sep 5, 2020, 12:13 Tim Hudson wrote:
> On Sat, Sep 5, 2020 at 6:38 PM Nicola Tuveri wrote:
>> In most (if not all) cases in our functions, both libctx and propquery
>> are optional arguments, as we have global defaults for them based on the
Thanks Tim for the writeup!
I tend to agree with Tim's conclusions in general, but I fear the analysis
here is missing an important premise that could influence the outcome of
In most (if not all) cases in our functions, both libctx and propquery are
optional arguments, as we have
Sorry yes, I meant to refer to the open PR with the s390 support, I picked
the wrong number!
On Thu, Jun 25, 2020, 17:54 Matt Caswell wrote:
> On 25/06/2020 15:33, Nicola Tuveri wrote:
> > In light of how the discussion evolved I would say that not only there
> > is co
In light of how the discussion evolved I would say that not only there
is consensus on supporting the definition of a detailed policy on
backports and the definitions of what are the requirements for regular
releases vs LTS releases (other than the longer support timeframe),
but also highlights a
I believe the OMC is called into action as some name changes might be seen
as breaking API or ABI compatibility and that has been considered so far as
part of the first item in the OMC prerogatives list.
The matter of OMC Vs OTC vote also depends on what kind of hold Tim is
applying with his - 1:
Yes, I also got that since I updated my git installation from the upstream
With recent versions of git this warning has been showing for months
already, but I don't know enough about it to propose a fix!
On Mon, Jun 8, 2020, 12:16 Matt Caswell wrote:
> After upgrading
I would be interested in seeing a PR to see what enabling these tests would
I believe we do indeed need to test more thoroughly to ensure we are not
breaking the engine API!
On Thu, May 7, 2020, 21:08 Dmitry Belyavsky wrote:
> Dear colleagues,
> Let me draw your attention
I think we changed enough things in the test infrastructure that there is a
chance of creating subtle failures by merging cherry-picked commits from
>From the burden perspective, from my point of view having a separate PR
that ran all the CI without failures is actually a
I can agree it is a good idea to always require backport as a separate PR,
with the following conditions:
- unless it's a 1.1.1 only issue, we MUST always wait to open the
backport-to-111 PR until after the master PR has been approved and merged
(to avoid splitting the discussions among different
I would like to propose as a date for the OTC meeting somewhere close to
the projected release date for 3.0alpha1.
Ideally it would be nice if OMC and OTC could coordinate the dates to be
close enough to ease the discussion of agenda items that might require
coordination between OMC and OTC.
On Fri, 14 Feb 2020 at 14:00, Matt Caswell wrote:
> To be clear the build that is timing out uses *msan* not *asan*.
As I understand it msan detects unitialised reads. whereas asan detects
> memory corruption, buffer overflows, use-after-free bugs, and memory leaks.
> The previous
If ASAN is too slow to run in the CI should we restore the previous
homemade checks for memory leaks as an alternative to be run in regular CI
runs and leave ASAN builds to run-checker on the master branch only?
Here is another idea that would be interesting if we restore the previous
I have always implicitly assumed Matt view, but I am happy to conform to
what the consensus is.
I believe this discussion is very useful and could contribute a new entry
in the commiter guidelines.
On Fri, May 24, 2019, 07:21 Matt Caswell wrote:
> On 24/05/2019 15:10, Richard
Mail list logo