Comment Re:It's time we own up to this one (Score 1) 149
Use git as the primary repository for OpenSSL and then implement a system that all incoming patches via gerrit after public review.
Now everyone and anyone can review every patch, those that complain there are not enough helpers on the project, this is why you did not update the process to let the help arrive, things are pushed through mailing list and RT tracker (some obsolete ticket system).
Setup a points system under gerrit that requires at least 2 official committers and 2 independent parties on the internet to review every patch.
Make it a rule that every new feature must have a unit test associated with it to exercise it, or at least the built in applications updated to enable/disable/utilise it.
Fix that archaic PhD boffin coding convention the project uses, take a look at the Linux kernel source and use this style as a starting point, the OpenSSL coding style doe not lean towards conventions that reduce mistakes.
Relegate all style gymnastics that are there to allow a compile that is over 10 year old to build the project, move this to another project as a compatibility layer.
Take a look at seeing of LLVM can instrument the C code during compile to provide code coverage tests, then write tests that utilize all the existing applications, then work on new applications that can exercise the major areas not touched.