SoftHSM2 Maintainer Needed
Dear members of the community,
First of all, let me apologise for the long radio silence in the SoftHSM v2 project.
In this message, we would like to set out the current state of SoftHSM v2 development. Let me start with a bit of history to provide context. SoftHSM v2 was first developed as a successor to SoftHSM, which was originally a component of the OpenDNSSEC project. The rationale for starting SoftHSM v2 was simple: the original SoftHSM had no security features and stored key materials in clear text in a database. SoftHSM was only ever intended as a placeholder PKCS #11 implementation for use with OpenDNSSEC under the assumption that most user of OpenDNSSEC would eventually use a "real" HSM with its own PKCS #11 module and that SoftHSM would only be used for testing and development. When it became clear that many deployments used SoftHSM in production, a decision was made to develop a much more secure successor which we called SoftHSM v2.
Development of SoftHSM v2 was initially done by a development team consisting of staff members of IIS (the registry for .se) and SURFnet (the National Research and Education Network in The Netherlands), both also contributors to OpenDNSSEC. Over time, the team members changed job positions a number of times, and eventually all team members ended up in roles that were incompatible with sustained development work on SoftHSM v2. While team members did occasionally spend time on the code base in their spare time, they do not have sufficient spare cycles to perform maintenance let alone develop new features.
As maintainers of the OpenDNSSEC project, NLnet Labs also worked on SoftHSM v2, verifying and merging pull requests from the community and fixing some of the bugs reported in the issue tracker. At this time, this is also best effort, and no significant development time is available to spend on the project.
Given the above, the current state is that development on SoftHSM v2 is dormant and not likely to pick up significantly in the near future. We are conferring as a team on how to proceed in the future, but this will likely take us until at least the summer of 2024.
I wish I could provide a more definitive outlook for the future.
On behalf of the SoftHSM v2 developers,
Roland van Rijswijk-Deij