Large issue cleanup in OpenSSL

Jun 25, 2024

OpenSSL is cleaning up its issue backlog

Whats going on?

Recently, some may have noticed issues (particularly old ones) in the openssl repository have received an update, having the ‘inactive’ label applied to them with a comment indicating that they will be closed at the end of the 3.4 development cycle. OpenSSL currently has almost 2000 outstanding issues in its issue list, many of which have been sitting idle for multiple years. In an effort to better plan and schedule work for the OpenSSL development team, it has become increasingly clear that, to do so efficiently, the issue list must be reduced, so as to better identify those issues which are impacting the larger user base more visibly for planning purposes.

What issues are impacted?

Currently issues that are being marked as inactive meet one or more of the following criteria:

• They have gone for more than 12 months without any significant update.
• They are considered vestigial - i.e. they have been fixed but the issue has remained open.
• It is unclear what the purpose or goal of the issue is.

What if I’m still working on, or need an issue?

That’s fine, it’s why we’re just marking the issues now, and closing them at the end of the 3.4 development cycle (about 4 months from now). If you feel like an issue has been marked erroneously, please just add a comment indicating why you feel it should remain open. Expect a discussion following such a comment as to why you need it, to arrive at a consensus about what to do with the issue. Note, its not likely that we will leave the issue in its current state, as the goal is to only have issues that are actively being worked toward closure, either by the core developer team, or the community.

What are my options for my inactive issue?

That depends largely on the nature of the issue, but generally speaking, the following options are available:

• You can make an argument for why the issue still exists and should be addressed by the core development team. We will consider this request, but note that it may not be possible to reasonably address an issue within the current road map, so this request may be denied.

• You can submit a PR to fix the issue. Make a comment indicating your willingness and intention to do so, and we will gladly mark the issue as being addressed by the community, assigning it to you for resolution, and removing the inactive label.

• You can start communicating in the issue again. Many of our inactive issues appear to have been very active at one time, but due to varying circumstances, got lost/forgotten/replaced by higher priority tasks. It’s perfectly valid to try and pick up where you left off, just make a comment indicating that you would like to continue working on this, follow up with whatever information was requested in the last comment, and attempt to revive the issue.

• You can concur that the issue is inactive, and allow it to be closed automatically. Note, closed issues are still completely searchable on GitHub, so if you find yourself in a position in which you would like to work on something, but just don’t know when you will get to it, that’s fine. It’s a perfectly valid option to let the issue close, and reopen it (or preferably open a new one) when you do find yourself with time to address it in the future.