Andreas Metzler <ametz...@bebt.de> writes: >> The documented reason for removal from unstable was a FTBFS >> https://bugs.debian.org/1100144 > [...] > > Hello, > Yes. liboqs ended up being unmaintained, lagging multiple upstream > versions behind. I pondered adopting/rescueing it but refrained from > doing so when I got the impression this might probably never be a > candidate for Debian stable, i.e. it should always have lived in > experimental instead of sid.
Is it forbidden for packages to exist in unstable and/or experimental only in Debian? While liboqs is not intended for normal production use because of certain properties, it is useful for its designated purposes of experiments and testing. I think we somehow conflate these two, thinking that everything in a Debian stable release MUST be intended for secure production use. I think it is fine to ship things with known serious issues for certain use-cases, but perfectly good properties for other use-cases, as long as the limitations and use-cases are clearly documented. So to me having liboqs in a Debian stable release seems acceptable. It seems good that GnuTLS stopped using liboqs though, because GnuTLS _is_ intended for secure online usage whereas liboqs is not. /Simon
signature.asc
Description: PGP signature
