You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Practically all upstream code bases have no notion of version control: Metadata more often than not doesn't get updated even if KATs change: Latest example HQC.
This is in direct conflict to users' interest to retain control of stability of (or at least knowing the version of) code being run.
OQS tries to remedy this by always updating algorithm version information as and when necessary. This is done manually and thus error-prone.
This discussion is to suggest adding a feature to copy_from_upstream to at least inform its users of a possible need to change version information -- or to even do that automatically.
An alternative would be to create a (online accessible) mapping between liboqs commit (incl. release) IDs and contained algorithms' commit IDs: That way, users could at least track the actual code being run by way of checking liboqs version information. As algorithm updates cease to be done (e.g., via standardization or end of research project) this mapping will become more and more stable.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Open Quantum Safe
-
Practically all upstream code bases have no notion of version control: Metadata more often than not doesn't get updated even if KATs change: Latest example HQC.
This is in direct conflict to users' interest to retain control of stability of (or at least knowing the version of) code being run.
OQS tries to remedy this by always updating algorithm version information as and when necessary. This is done manually and thus error-prone.
This discussion is to suggest adding a feature to
copy_from_upstreamto at least inform its users of a possible need to change version information -- or to even do that automatically.An alternative would be to create a (online accessible) mapping between
liboqscommit (incl. release) IDs and contained algorithms' commit IDs: That way, users could at least track the actual code being run by way of checkingliboqsversion information. As algorithm updates cease to be done (e.g., via standardization or end of research project) this mapping will become more and more stable.Beta Was this translation helpful? Give feedback.
All reactions