Andreas Metzler <ametz...@bebt.de> writes: > On 2025-07-25 Simon Josefsson <si...@josefsson.org> wrote: >> Andreas Metzler <ametz...@bebt.de> writes: > [...] > >> > * I doubt that a multi-year old version of liboqs (which is what you'd >> > have in stable in a not too distant future) would be useful for >> > experiments and testing. liboqs is pretty fast moving. You would want >> > bleeding edge for experimenting. > >> My primary use-case for liboqs in stable is to setup interop testing >> between different PQ libraries and help development of PQ libraries. >> Having some OLD and stable release of liboqs widely available is what I >> would prefer. I want to test that some other PQ crypto libraries are >> able to interop with some old known-to-produce-correct-results liboqs. >> So there is no need for this liboqs to be able to protect sensitive >> data. It just have to produce something. Which seems to match what the >> liboqs maintainers says it is good for. > > Hello, > > If there is a stable release of liboqs this indeed makes sense.
In what way are the liboqs releases less stable than many other things
we accept into stable? The limitation seems to be:
WE DO NOT CURRENTLY RECOMMEND RELYING ON THIS LIBRARY IN A
PRODUCTION ENVIRONMENT OR TO PROTECT ANY SENSITIVE DATA. This
library is meant to help with research and prototyping. While we
make a best-effort approach to avoid security bugs, this library has
not received the level of auditing and analysis that would be
necessary to rely on it for high security use.
There are other things in stable with similar properties, which many
find useful because their field of interest is research and prototyping.
/Simon
signature.asc
Description: PGP signature
