I just wanted to give a brief update. At the TSC meeting today, we discussed the crypto-lib proposal for a little bit and got some good feedback.
The main suggestion (from Chris Ferris) was that it would be simpler (and better for expanding the project in the future) if, instead of having “stewards” and maintainers, we just classified everyone as maintainers and separated them into
lists. This would mean we have a list of “theoretical maintainers” which would currently be our stewards, and “base signature/Zmix maintainers” which would be our current maintainers. This would simplify our review process, since we could just require people
on the “theoretical maintainer” list to sign off on changes that are algorithmic in nature, and this could be done natively in, say, Gerrit. It would also mean our project structure would be much more like established projects, which is almost certainly a
I don’t think this is a radical change (or even much of a change) from what we had in mind and shouldn’t change the way things are currently working. The semantics are just a little bit different, and it will help in the future if we want
to further define roles (i.e. security code review expert, or post-quantum cryptography expert) to get appropriate reviews.
Does anyone have any thoughts on or objections to this change? If not, then I’ll modify the project proposal to reflect this.