I get your point, but let's face it, the OpenBSD developers have done more to fix OpenSSL in the last two weeks that the OpenSSL developers done the last two years.
Some of the bug fixes have been pull from OpenSSLs bugtracker, they've just sat there for one or two years. This should make you think about what motivates the OpenSSL developers, my guess would be new crypto algorithms and the math, rather than maintaining a modern and secure crypto library.
Honestly the better solution might be to have the OpenSSL developers commit new code to the OpenBSD fork. For my understanding no one doubts that the OpenSSL developer understand the math and crypto in SSL and TLS, but they aren't the sharpest C programmers. There's no point in ostracising the OpenSSL developers, but maybe they should just focus on the parts that they do really well and let others, like the OpenBSD developer, productize their work.
Some of the bug fixes have been pull from OpenSSLs bugtracker, they've just sat there for one or two years. This should make you think about what motivates the OpenSSL developers, my guess would be new crypto algorithms and the math, rather than maintaining a modern and secure crypto library.
Honestly the better solution might be to have the OpenSSL developers commit new code to the OpenBSD fork. For my understanding no one doubts that the OpenSSL developer understand the math and crypto in SSL and TLS, but they aren't the sharpest C programmers. There's no point in ostracising the OpenSSL developers, but maybe they should just focus on the parts that they do really well and let others, like the OpenBSD developer, productize their work.