OpenSSL

Cryptography and SSL/TLS Toolkit

Policies

In this section we try to document as many of our policies and procedures as possible. We do this for two reasons:

  • First, we want to to make sure everyone knows how the project is run. For example, when we announce a forthcoming fix for a high-severity bug, the Security Policy explains what that means.
  • Second, it helps us be consistent. For example, the Release Strategy defines the plan of record of when, and how long, various releases will be supported.

By being as transparent as possible, we hope to reduce the chance that people are surprised by what we do, and we hope to help maintain predictable behavior within the project. This includes how we spend some money, as detailed in the travel reimbursement policy.

If you want to contribute code or fixes to the project, please read the Coding Style page. For legal obligations of contributors, see the page on Contributor Agreements. If you want to become a committer, make sure to also read our Guidelines for Committers.

The OpenSSL project is managed by the OpenSSL Management Committee (OMC), as defined by the project bylaws. It is represented in most legal and formal capacities by the OpenSSL Software Foundation, a Delaware (US) non-profit corporation which has its own bylaws as a legal document. Signing one of our CLA’s grants certain rights to OSF.

In addition, the OMC establishes and maintains the general policies, and a general glossary of terms and what we mean with them.

The technical aspects of the OpenSSL project are managed by the OpenSSL Technical Committee (OTC) which establishes and maintains the technical policies based on the project bylaws and the requirements specified by the OMC.

We are pleased to mention that we follow the best practices of the Core Infrastructure Initiative.