One of the potential projects consuming code from liboqs, and pq-code-package is OpenSSL.
In order for any code to be considered by OpenSSL, all contributors (current, future, and historical) are required to have signed the OpenSSL CCA. This is very similar to the Apache CLA. This will apply both at the individual contributor and organization contributor level.
Note that this in no way means it's certain OpenSSL will actually use our code. They are still evaluating the approach they wish to make. This is merely a prereq for consideration.
This discussion has been ongoing at the PQCA level both in terms of general approach ,as well as tooling to support.
As a TSC we need to consider if we are ok with this approach, whether we have any particular concerns, and provide feedback to the PQCA.
planetf1
commented
1 day ago
One of the potential projects consuming code from liboqs, and pq-code-package is OpenSSL.
In order for any code to be considered by OpenSSL, all contributors (current, future, and historical) are required to have signed the OpenSSL CCA. This is very similar to the Apache CLA. This will apply both at the individual contributor and organization contributor level.
Note that this in no way means it's certain OpenSSL will actually use our code. They are still evaluating the approach they wish to make. This is merely a prereq for consideration.
This discussion has been ongoing at the PQCA level both in terms of general approach ,as well as tooling to support.
As a TSC we need to consider if we are ok with this approach, whether we have any particular concerns, and provide feedback to the PQCA.
Suggest discussion at the 20241106 TSC meeting