>> OpenSSL is a critical part of security in too many places for us to take on any unnecessary technical debt. >>This is a somewhat empty argument as long as no one bothers to properly determine if a piece of code is a debt or an asset. I claim that we are being careful and doing the proper determination. Consensus seems to agree.