Replies: 5 comments 16 replies
-
I am the maintainer of liboqs and oqs provider in Fedora, I confirm this is the official Fedora initiative. But we intentionally build only NIST-approved algorithms |
Beta Was this translation helpful? Give feedback.
-
Not really. OQS never really cared about binary distributions for lack of (human and CI) resources (and experiences, say with non-Linux/non-x64 platforms). Even a general platform support strategy is currently only "in the making" (see #1605), so anyone doing distros (cudos to @beldmit ) may face "surprises". Only
Please, by all means, go ahead! It would also be nice if you could collect (CI) environments we could rely on if we decide to support specific platforms. It would help M1 as well as not really well-supported arcane IBM platforms (sorry, couldn't resist :). |
Beta Was this translation helpful? Give feedback.
-
thanks.. makes sense to only distribute the NIST candidates in built form for now. |
Beta Was this translation helpful? Give feedback.
-
Hi, (apologies if an earlier version of this message got through your notifications or inbox :) ) I'm looking at updating liboqs and the openssl provider in Ubuntu and Debian. There are at least two aspects: a) update packages, regardless of whether they are shipped in a distribution release, b) offer them to users. Ubuntu releases an LTS version every 2 years and an interim ones every 6 months. There are planning stages months before each development cycle and feature freezes a couple month before the release. My current plan is to prepare an update of liboqs for 25.04 which is an interim version and hope that you are satisfied with liboqs' status by 26.04 LTS so that users can benefit from it. I discussed that with other Ubuntu/Canonical developers and we feel like there is no perfect and clear-cut solution. We want to include oqs early enough, but not too early. Except we don't have crystal balls either. The best we can do is prepare everything, do the integration, and either not do the final integration steps for now, or do it but hide it behind a feature flag. One thing we all agreed upon is that only hybrid cryptography makes sense and we'll make sure to make this clear in Ubuntu. Moreover, nobody felt that it is possible to commit to support for post-quantum cryptography software today: our motivation is to help make things move forward. My rationale for targetting the next interim release (25.04) is how much work will still have to happen afterwards in the distribution, and if we aim for wider availability in 26.04, all of it will have to be done within a year or so. If not 26.04, the following Ubuntu release that will be used as widely will 28.04 and I think everyone will agree it's getting too far in the future (especially since it means real world deployments at least several months later). There is no intention to actively promote these packages and as I said above, I'd like to offer them in the distribution so that people can start evaluating them and provide feedback. An additional benefit will be the CI that runs on amd64/arm64/armhf/ppc64el/s390x (not riscv sadly due to its slowness). What do you think about this? Does it seem to sound to begin preparations today but gate everything so that actually enabling requires an active operation from users? |
Beta Was this translation helpful? Give feedback.
-
@planetf1 In the 2024-12-05 OQS TSC meeting, we discussed this issue. The list of resources you started to collect is great. Would you be willing to turn this into a table, with contact information (Github handles or otherwise) for each distribution? Also there's the question of whether we would want to put this in the Wiki tab of Github or somewhere else. |
Beta Was this translation helpful? Give feedback.
-
Is there a list of binary distributions (particularly aided by the core team, or at least well-supported) of liboqs? Obviously there are more built by individuals for their own needs.
I can build liboqs from source (and have the most flexibility), but when explaining to others how to use liboqs, pointing to a easily accessible built version - such as installed from their standard linux distro, or a common package manager (like homebrew on macos) can make things easier & less error prone
Looking around I found a few references:
No doubt there are many more
Is this documented anywhere? Would it be useful to add those with some backing/confidence that are being maintained (happy to volunteer helping out in doc etc, search in more detail & catalog)
Logically the topic could continue with the other subprojects like python binding.
Many thanks!
Beta Was this translation helpful? Give feedback.
All reactions