Reducing the security bits for MD5 and SHA1 in TLS - OTC or OMC vote?

Tomas Mraz tmraz at
Wed May 27 14:33:56 UTC 2020

On Wed, 2020-05-27 at 14:16 +0000, Dr. Matthias St. Pierre wrote:
> > IMO it seems appropriate to have an OMC vote on this topic (or
> > should it
> > be OTC?). Possible wording:
> Personally, I would prefer if technical questions would by default be
> discussed (and voted on)
> by the OTC, unless an OMC member explicitly puts in his veto and
> claims that higher level
> strategical interests of the OpenSSL project are affected.
> But according to the current wording of the bylaws, I would say it is
> a 'feature requirement' and
> requires an OMC vote:

I do not understand this to be a 'feature requirement' - IMO if this
was a 'feature requirement' it would mean that OMC decides that
something must be implemented in such and such way that the OpenSSL 3.0
does this and that as a feature. But we do not do that for every
feature that is being added to master. So I do not even think this
requires any formal vote, unless someone from OTC or OMC calls for it

Of course it is kind-of API break but again I do not think every API
break in OpenSSL 3.0 was voted upon by OMC.

I mean I am definitely not against having a vote if someone feels it
should be done but if nobody requires it, I do not think it would be a
violation of anything if this is merged without a vote.

> > The OMC:
> > 
> > * makes all decisions regarding management and strategic direction
> > of the project; including:
> >     - business requirements;
> >     - feature requirements;
> >     - platform requirements;
> >     - roadmap requirements and priority;
> >     - end-of-life decisions;
> >     - release timing and requirement decisions;
> Matthias
Tomáš Mráz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb
[You'll know whether the road is wrong if you carefully listen to your

More information about the openssl-project mailing list