OpenSSL Library Bylaws

This document defines the bylaws under which the OpenSSL Library Project operates. It defines the different project roles, how they contribute to the project, and how project decisions are made.

Roles and Responsibilities

Users

Users include any individual or organization that downloads, installs, compiles, or uses the OpenSSL Library via the libraries or the applications produced by the project. This includes OpenSSL-library-based derivatives such as patched versions of the OpenSSL Library provided through OS distributions, often known as “downstream” versions.

Users may request help and assistance from the project through any appropriate forum as designated by either the OpenSSL Foundation or the OpenSSL Corporation. Users may also report bugs, issues, or feature requests; or make pull requests through any designated channel.

Users may nominate themselves or other users for the committer role to the boards of the Foundation or the Corporation.

Committers

Committers have the ability to push new commits to the main OpenSSL Library Project repository. Collectively, they have the responsibility for maintaining the contents of that repository. They must ensure that any committed contributions are consistent with all appropriate OpenSSL Library policies and procedures as defined by the Foundation or the Corporation.

Committers also have a responsibility to review code submissions in accordance with OpenSSL Library Project policies and procedures.

Commit access is granted by either the Foundation or the Corporation based on an individual nomination for the Committer role and number and quality of code reviews and other code contributions by the nominee.

A condition of commit access is that the committer has signed an Individual Contributor License Agreement (ICLA). If contributions may also be from the employer of an individual with commit access then a Corporate Contributor License Agreement (CCLA) must also be signed and include the name of the committer.

In order to retain commit access a committer must have authored or reviewed at least ten commits that were merged within the previous two calendar quarters. This will be checked at the beginning of each calendar quarter. This rule does not apply if the committer first received their commit access during the previous calendar quarter.

The committer status may be also removed at any time by a decision from the Foundation and the Corporation.

The Foundation and the Corporation

The OpenSSL Software Foundation (the Foundation) and OpenSSL Software Services (the Corporation) represent the official voice of the project.

The Foundation primarily focuses on non-commercial communities.

The Corporation primarily focuses on commercial communities.

The Foundation and the Corporation are run by a board of directors for each company. Directors are elected by the members of each company. Membership of each company is determined by votes of the existing members of each company.

The Foundation and the Corporation co-equally:

The boards of the Foundation and the Corporation share all responsibilities and authorities co-equally. Co-equally means that the Foundation and the Corporation can operate independently and make decisions autonomously.

The Foundation and the Corporation are advised about technical decisions by Technical Advisory Committees and about business decisions by Business Advisory Committees.

Bylaws Update History

The following changes have been made since the bylaws were first issued 13-February-2017.