OpenSSL has made some policy changes regarding use of e-mail lists, cryptographic policies, patch releases, and github use.
The OpenSSL OMC met last month for a two-day face-to-face meeting in London, and like previous F2F meetings, most of the team was present and we addressed a great many issues. This blog posts talks about some of them, and most of the others will get their own blog posts, or notices, later. Red Hat graciously hosted us for the two days, and both Red Hat and Cryptsoft covered the costs of their employees who attended.
One of the overall threads of the meeting was about increasing the transparency of the project. By default, everything should be done in public. We decided to try some major changes to email and such.
Source: https://www.openssl.org/blog/blog/2018/01/18/f2f-london/
(Score: 2) by coolgopher on Sunday January 21 2018, @09:10PM
Well, isn't *obviously* broken. Testing against timing attacks is hard, and that's exactly the type of vulnerability I'd consider likely to creep in during a refactoring cleanup pass.