Re: Bug#1109697: ITP: liboqs -- library for quantum-safe cryptographic algorithms
On 2025-07-23 Simon Josefsson <simon@josefsson.org> wrote:
> Andreas Metzler <ametzler@bebt.de> writes:
>>> The documented reason for removal from unstable was a FTBFS
>>> https://bugs.debian.org/1100144
>> [...]
>> Hello,
>> Yes. liboqs ended up being unmaintained, lagging multiple upstream
>> versions behind. I pondered adopting/rescueing it but refrained from
>> doing so when I got the impression this might probably never be a
>> candidate for Debian stable, i.e. it should always have lived in
>> experimental instead of sid.
> Is it forbidden for packages to exist in unstable and/or experimental
> only in Debian?
Hello Simon,
*I* think having packages only available in experimental is perfectly
fine. unstable is ditchy because iirc it has happened that our stopgap
measure to prevent testing migration (rc-bug) failed to work. Imho that
might work for leaf-packagages but not for libraries because it adds
another possibility for making errors. ("Gosh I did not realize my
package did not migrate to testing anymore because it picked up a dep on
a non-migratable package.")
> While liboqs is not intended for normal production use because of
> certain properties, it is useful for its designated purposes of
> experiments and testing.  I think we somehow conflate these two,
> thinking that everything in a Debian stable release MUST be intended for
> secure production use.  I think it is fine to ship things with known
> serious issues for certain use-cases, but perfectly good properties for
> other use-cases, as long as the limitations and use-cases are clearly
> documented.  So to me having liboqs in a Debian stable release seems
> acceptable.
[...]
Two things:
* Afaiui upstream would prefer we did not do that.
* I doubt that a multi-year old version of liboqs (which is what you'd
  have in stable in a not too distant future) would be useful for
  experiments and testing. liboqs is pretty fast moving. You would want
  bleeding edge for experimenting.
cu Andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
Reply to: