While we're still waiting to hear from the core team about changes, I might as well add to the noise and throw this out there.
Perhaps openssl should become an Apache project? Keep the foundation for financial reasons, but use their infrastructure and such. Or perhaps consider adopting a large portion of their "rules." /r$ -- Principal Security Engineer Akamai Technologies, Cambridge, MA IM: rs...@jabber.me<mailto:rs...@jabber.me>; Twitter: RichSalz