[secure]

Heh, that’s a good list and what you describe does happen often.

Being a developer myself, I try hard to not make that impression when reporting bugs. I always check first if the issue was reported and don’t post unless I have some value to add. If there is no fix yet, I fix it.

However, in this case, there are (working) fixes and I don’t see any other method to contribute to fixing this issue apart from raising awareness and thereby maybe getting an OpenSSL developer to merge the patch.

[davidw]

Right - the polite thing to do on their part would be to either 1) say why the patch and others like it are not acceptable 2) comment on what needs fixing/improving (docs? test cases?) in order to accept the patches, or 3) declare that they are no longer able to maintain the code, and if someone wants to take it over, go ahead.