Thus, this issue is to define a set of concrete features that this project should possess to be considered "reliable for everyday use" and sufficiently reducing the risks to its users deploying it -- and the risk to the code owners' reputation of having done the code.
Let me start by stating the obvious:
[ ] There must be at least 3 maintainers and 9 active contributors as per the documentation in GOVERNANCE.md
[ ] Tasks/responsibilities by maintainers and contributors required by project administration (LinuxFoundation) beyond GOVERNANCE.md must be documented.
oqsprovider
(and suitably limitedliboqs
configs) may be (are?) being used in settings considered "productive" despite a documented (standard) warning against this. Discussions as to how to reduce the risk of this have been started elsewhere (e.g., https://github.com/open-quantum-safe/tsc/issues/1 and https://github.com/PQCA/TAC/issues/44) but don't seem to garner much interest or concrete resolution proposals (or are even labelled only "enhancement").Thus, this issue is to define a set of concrete features that this project should possess to be considered "reliable for everyday use" and sufficiently reducing the risks to its users deploying it -- and the risk to the code owners' reputation of having done the code.
Let me start by stating the obvious:
Further line items welcome (even if only adding already open issues).