Also, I don't see how you can read any ill intent out of the email alone. It shouldn't be unreasonable for the OpenSSL devs to share vulnerabilities with LibreSSL. I don't think he would use it for any malicious purposes. Though I guess it makes you want to err on the side of caution when he comes up with such classics as declaring Apache 2.0 proprietary for no other reason that it has more lines of text than the previous version.
I'd think tomjen3 meant "Yeah Theo made a fork of (...)" instead of "Yeah Theo they". Looks like he originally wrote "Yeah they made a fork (...)", then he rephrased and forgot to delete the "they".
Also, I don't see how you can read any ill intent out of the email alone. It shouldn't be unreasonable for the OpenSSL devs to share vulnerabilities with LibreSSL. I don't think he would use it for any malicious purposes. Though I guess it makes you want to err on the side of caution when he comes up with such classics as declaring Apache 2.0 proprietary for no other reason that it has more lines of text than the previous version.