Reliability

[baentsch]

oqsprovider (and suitably limited liboqs configs) may be (are?) being used in settings considered "productive" despite a documented (standard) warning against this. Discussions as to how to reduce the risk of this have been started elsewhere (e.g., https://github.com/open-quantum-safe/tsc/issues/1 and https://github.com/PQCA/TAC/issues/44) but don't seem to garner much interest or concrete resolution proposals (or are even labelled only "enhancement").

Thus, this issue is to define a set of concrete features that this project should possess to be considered "reliable for everyday use" and sufficiently reducing the risks to its users deploying it -- and the risk to the code owners' reputation of having done the code.

Let me start by stating the obvious:

• [ ] There must be at least 3 maintainers and 9 active contributors as per the documentation in GOVERNANCE.md
• [ ] Tasks/responsibilities by maintainers and contributors required by project administration (LinuxFoundation) beyond GOVERNANCE.md must be documented.
• [ ] Achieve closure on https://github.com/orgs/open-quantum-safe/discussions/1689 (adding agreed-upon issues to work on).
• [ ] #451 must be completed with an assessment and concrete issues to resolve (to be added to this list below)

Further line items welcome (even if only adding already open issues).

[baentsch]

Here's a nice "operational" test checklist of an OQS alternative that may be worth while following.