3 <!--#include virtual="/inc/head.shtml" -->
6 <!--#include virtual="/inc/banner.shtml" -->
10 <div class="blog-index">
13 <h2>OpenSSL Bylaws</h2>
15 First issued 13th February 2017<br/>
19 <div class="entry-content">
21 <p>This document defines the bylaws under which the OpenSSL Project
22 operates. It defines the different project roles, how they contribute
23 to the project, and how project decisions are made.</p>
25 <h2>Roles and Responsibilities</h2>
29 <p>Users include any individual or organisation that downloads,
30 installs, compiles, or uses the OpenSSL command line applications or
31 the OpenSSL libraries or the OpenSSL documentation. This includes
32 OpenSSL-based derivatives such as patched versions of OpenSSL provided
33 through OS distributions, often known as "downstream" versions.</p>
35 <p>Users may request help and assistance from the project through any
36 appropriate forum as designated by the OpenSSL Management Committee
37 (OMC). Users may also report bugs, issues, or feature requests; or
38 make pull requests through any OMC designated channel.</p>
40 <h3><a name="committers">Committers</a></h3>
42 <p>Committers have the ability to make new commits to the main OpenSSL
43 Project repository. Collectively, they have the responsibility for
44 maintaining the contents of that repository. They must ensure that any
45 committed contributions are consistent with all appropriate OpenSSL
46 policies and procedures as defined by the OMC.</p>
48 <p>Committers also have a responsibility to review code submissions in
49 accordance with OpenSSL project policies and procedures.</p>
51 <p>Commit access is granted as a result of a vote by the OMC. It may
52 be withdrawn at any time by a vote of the OMC.</p>
54 <p>A condition of commit access is that the committer has signed an
55 Individual Contributor Licence Agreement (ICLA). If contributions may
56 also be from the employer of an individual with commit access then a
57 Corporate Contributor Licence Agreement (CCLA) must also be signed and
58 include the name of the committer.</p>
60 <p>In order to retain commit access a committer must have authored or
61 reviewed at least one commit within the previous two calendar
62 quarters. This will be checked at the beginning of each calendar
63 quarter. This rule does not apply if the committer first received
64 their commit access during the previous calendar quarter.</p>
66 <h3><a name="OMC">OpenSSL Management Committee (OMC)</a></h3>
68 <p>The OMC represents the official voice of the project. All official
69 OMC decisions are taken on the basis of a vote.</p>
73 <li>makes all decisions regarding management and strategic direction
75 <li>sets and maintains all policies and procedures;</li>
76 <li>nominates, elects and removes committers and OMC members as
78 <li>ensures security issues are dealt with in an appropriate
80 <li>schedules releases and determines future release plans and the
81 development roadmap and priorities;</li>
82 <li>maintains all other repositories according to the policies and
83 procedures they define.</li>
86 <p>Membership of the OMC is by invitation only from the existing OMC
87 following a passing vote. OMC members may or may not be committers as
88 well. If an OMC member is also a committer then all rules that apply
89 to committers still apply.</p>
91 <p>The OMC makes decisions on behalf of the project. In order to have
92 a valid voice on the OMC, members must be actively contributing to the
93 project. Note that there are many ways to contribute to the project
94 but the ones that count in order to participate in the OMC
95 decision-making process are the ones listed below.</p>
97 <p>OMC members may become inactive. In order to remain active a member
98 must, in any calendar quarter, contribute by:</p>
100 <li>a) Having authored, or been recorded as a reviewer of, at least
101 one commit made to any OpenSSL repository (including non-code based
103 <li>b) vote in at least two-thirds of the total votes closed in the
104 first two months of the quarter and the last month of the preceding
108 <p>The above rules will be applied at the beginning of each calender
109 quarter. It does not apply if the OMC member was first appointed, or
110 became active again during the previous calendar quarter. The voting
111 requirement only includes those votes after the time the member joined
112 or was made active again.</p>
114 <p>If an OMC member remains inactive for one calendar quarter then
115 they will no longer be considered an OMC member, but will be listed as
116 an OMC Alumni. OMC Alumni have no access to OMC internal resources
117 (including email lists) but may request a vote at any time to
118 reinstate their membership in the OMC.</p>
120 <p>Any OMC member can propose a vote to declare another member
121 inactive or remove them from OMC membership entirely.</p>
123 <p>An OMC member can declare themselves inactive, leave the OMC, or
124 leave the project entirely. This does not require a vote.</p>
126 <p>An inactive OMC member can propose a vote that the OMC declare them
127 active again. Inactive OMC members cannot vote but can propose issues
128 to vote on and participate in discussions. They retain access to OMC
129 internal resources.</p>
131 <h3>OpenSSL Software Foundation (OSF)</h3>
133 <p>The OpenSSL Software Foundation represents the OpenSSL project in
134 legal and most official formal capacities in relation to external
135 entities and individuals. This includes, but is not limited to,
136 managing contributor license agreements, managing donations,
137 registering and holding trademarks, registering and holding domain
138 names, obtaining external legal advice, and so on.</p>
140 <p>Any OMC member may serve as a director of OSF if they wish. To do
141 so they should send a request to any existing OSF director.</p>
143 <h3>OpenSSL Software Services (OSS)</h3>
145 <p>OpenSSL Software Services represents the OpenSSL project for most
146 commercial and quasi-commercial contexts, such as providing formal
147 support contracts and brokering consulting contracts for OpenSSL
150 <p>Any OMC member may serve as a director of OSS if they wish, subject
151 to certain contractual requirements. To do so they should send a
152 request to any existing OSS director.</p>
154 <h2>OMC Voting Procedures</h2>
156 <p>A vote to change these bylaws will pass if it obtains an in favour
157 vote by more than two thirds of the active OMC members and less than
158 one quarter votes against by the active OMC members. A vote that does
159 not change these bylaws will pass if it has had a vote registered from
160 a majority of active OMC members and has had more votes registered in
161 favour than votes registered against.</p>
163 <p>Only active OMC members may vote. A registered vote is a vote in
164 favour, a vote against, or an abstention.</p>
166 <p>Any OMC member (active or inactive) can propose a vote. OMC Alumni
167 may only propose a vote to reinstate themselves to the OMC. Each vote
168 must include a closing date which must be between seven and fourteen
169 calendar days after the start of the vote. Votes to change these
170 bylaws must be fourteen calendar days in duration.</p>
172 <p>In exceptional cases, the closing date for non-bylaw changing votes
173 could be less than seven calendar days; for example, a critical issue
174 that needs rapid action. A critical issue is hard to define precisely
175 but would include cases where a security fix is needed and the details
176 will soon be made public. At least one other active OMC member besides
177 the proposer needs to agree to the shorter timescale.</p>
179 <p>A vote closes on its specified date. In addition, any active OMC
180 member can declare a vote closed once the number of uncast votes could
181 not affect the outcome. Any active OMC member may change their vote up
182 until the vote is closed. No vote already cast can be changed after
183 the vote is closed. Votes may continue to be cast and recorded after a
184 vote is closed up until fourteen days after the start of the vote.
185 These votes will count for the purposes of determining OMC member
186 activity, but will otherwise not affect the outcome of the vote.</p>
188 <p>All votes and their outcomes should be recorded and available to
191 <h2>Leave of absence</h2>
193 <p>An active OMC member or committer may request a leave of absence
194 from the project. A leave of absence from the OMC or committer shall
195 suspend inactivity determination for the specified role. All access to
196 OMC or committer resources shall be suspended (disabled) and the OMC
197 member shall be excluded from voting and the committer shall be excluded
198 from reviewing or approving source changes. On return from a leave of
199 absence, the OMC member or committer will be deemed to have become active
200 as of the date of return.</p>
202 <p>All of the following criteria must be met in order to qualify as a
203 leave of absence:</p>
205 <li>a) the member must request via email to the OMC a leave of
206 absence at least one week in advance of the requested
207 period of leave;</li>
208 <li>b) only one leave of absence is permitted per calendar year;</li>
209 <li>c) the leave of absence must specify the date of return from
210 the leave of absence; </li>
211 <li>d) the length of the leave of absence shall be a minimum of one calendar
212 month and shall not exceed three calendar months (one quarter); and </li>
213 <li>e) the leave of absence applies to all the roles within the
214 project (i.e. both OMC and committer if both roles apply).</li>
219 You are here: <a href="/">Home</a>
220 : <a href="/policies">Policies</a>
221 : <a href="">Bylaws</a>
222 <br/><a href="/sitemap.txt">Sitemap</a>
226 <!--#include virtual="sidebar.shtml" -->
230 <!--#include virtual="/inc/footer.shtml" -->