Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > linux.debian.bugs.dist > #1253821

Bug#1109697: ITP: liboqs -- library for quantum-safe cryptographic algorithms

From Andreas Metzler <ametzler@bebt.de>
Newsgroups linux.debian.bugs.dist, linux.debian.devel
Subject Bug#1109697: ITP: liboqs -- library for quantum-safe cryptographic algorithms
Date 2025-07-24 19:20 +0200
Message-ID <Lc7LP-2mTs-5@gated-at.bofh.it> (permalink)
References (3 earlier) <LbfV8-1LWq-5@gated-at.bofh.it> <LbPFg-29iF-7@gated-at.bofh.it> <LbPFg-29iF-5@gated-at.bofh.it> <LbfV8-1LWq-5@gated-at.bofh.it> <LbPFg-29iF-5@gated-at.bofh.it>
Organization linux.* mail to news gateway

Cross-posted to 2 groups.

Show all headers | View raw

On 2025-07-23 Simon Josefsson <simon@josefsson.org> wrote:
> Andreas Metzler <ametzler@bebt.de> writes:
>>> The documented reason for removal from unstable was a FTBFS
>>> https://bugs.debian.org/1100144
>> [...]

>> Hello,
>> Yes. liboqs ended up being unmaintained, lagging multiple upstream
>> versions behind. I pondered adopting/rescueing it but refrained from
>> doing so when I got the impression this might probably never be a
>> candidate for Debian stable, i.e. it should always have lived in
>> experimental instead of sid.

> Is it forbidden for packages to exist in unstable and/or experimental
> only in Debian?

Hello Simon,

*I* think having packages only available in experimental is perfectly
fine. unstable is ditchy because iirc it has happened that our stopgap
measure to prevent testing migration (rc-bug) failed to work. Imho that
might work for leaf-packagages but not for libraries because it adds
another possibility for making errors. ("Gosh I did not realize my
package did not migrate to testing anymore because it picked up a dep on
a non-migratable package.")

> While liboqs is not intended for normal production use because of
> certain properties, it is useful for its designated purposes of
> experiments and testing.  I think we somehow conflate these two,
> thinking that everything in a Debian stable release MUST be intended for
> secure production use.  I think it is fine to ship things with known
> serious issues for certain use-cases, but perfectly good properties for
> other use-cases, as long as the limitations and use-cases are clearly
> documented.  So to me having liboqs in a Debian stable release seems
> acceptable.
[...]
Two things:
* Afaiui upstream would prefer we did not do that.
* I doubt that a multi-year old version of liboqs (which is what you'd
  have in stable in a not too distant future) would be useful for
  experiments and testing. liboqs is pretty fast moving. You would want
  bleeding edge for experimenting.

cu Andreas

-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

Back to linux.debian.bugs.dist | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

Bug#1109697: ITP: liboqs -- library for quantum-safe cryptographic algorithms Hector Oron Martinez <zumbi@debian.org> - 2025-07-22 09:50 +0200
  Bug#1109697: ITP: liboqs -- library for quantum-safe cryptographic algorithms Andrius Merkys <andrius.merkys@gmail.com> - 2025-07-22 10:20 +0200
  Bug#1109697: ITP: liboqs -- library for quantum-safe cryptographic algorithms Hector Oron <zumbi@debian.org> - 2025-07-22 11:30 +0200
  Bug#1109697: ITP: liboqs -- library for quantum-safe cryptographic algorithms Simon Josefsson <simon@josefsson.org> - 2025-07-22 11:30 +0200
  Bug#1109697: ITP: liboqs -- library for quantum-safe cryptographic algorithms Andreas Metzler <ametzler@bebt.de> - 2025-07-23 06:50 +0200
    Bug#1109697: ITP: liboqs -- library for quantum-safe cryptographic algorithms Hector Oron <zumbi@debian.org> - 2025-07-23 13:10 +0200
      Bug#1109697: ITP: liboqs -- library for quantum-safe cryptographic algorithms Andreas Metzler <ametzler@bebt.de> - 2025-07-23 18:40 +0200
  Bug#1109697: ITP: liboqs -- library for quantum-safe cryptographic algorithms Simon Josefsson <simon@josefsson.org> - 2025-07-23 13:00 +0200
    Bug#1109697: ITP: liboqs -- library for quantum-safe cryptographic algorithms Hector Oron <zumbi@debian.org> - 2025-07-23 13:20 +0200
      Bug#1109697: ITP: liboqs -- library for quantum-safe cryptographic algorithms Simon Josefsson <simon@josefsson.org> - 2025-07-23 13:40 +0200
  Bug#1109697: ITP: liboqs -- library for quantum-safe cryptographic algorithms Simon Josefsson <simon@josefsson.org> - 2025-07-24 00:00 +0200
    Bug#1109697: ITP: liboqs -- library for quantum-safe cryptographic algorithms Andreas Metzler <ametzler@bebt.de> - 2025-07-24 19:20 +0200
      Bug#1109697: ITP: liboqs -- library for quantum-safe cryptographic algorithms Simon Josefsson <simon@josefsson.org> - 2025-07-25 10:20 +0200
        Re: Bug#1109697: ITP: liboqs -- library for quantum-safe  cryptographic algorithms Andreas Metzler <ametzler@bebt.de> - 2025-07-25 19:20 +0200
          Re: Bug#1109697: ITP: liboqs -- library for quantum-safe  cryptographic algorithms Simon Josefsson <simon@josefsson.org> - 2025-07-26 10:00 +0200
  Bug#1109697: ITP: liboqs -- library for quantum-safe cryptographic algorithms Michael Stone <mstone@debian.org> - 2025-07-24 01:20 +0200
  Bug#1109697: ITP: liboqs -- library for quantum-safe cryptographic algorithms Michael Stone <mstone@debian.org> - 2025-07-24 02:50 +0200
  Bug#1109697: ITP: liboqs -- library for quantum-safe cryptographic algorithms Michael Stone <mstone@debian.org> - 2025-07-24 03:40 +0200

csiph-web