FYI: open-quantum-safe/rust team has crates.io push access

[thomwiggers]

I see that there is some new bot set up to provision access control and maintainer status through the configuration file that is owned by this repository. Please note that:

1. the open-quantum-safe/rust team (which I am guessing is not part of this new system) has permissions to push to crates.io,
   • [x] its membership should probably also get managed by the TSC / this new system in some way,
2. removing the open-quantum-safe/rust team would result in ownership of https://crates.io/crates/oqs getting lost (except that it is still registered to my account directly).

One way to work around 2. would be to set up a release process in which CI creates the releases, but that requires some engineering effort.

(unfortunately, Crates.io does not implement trusted publishers like pypi does, which would allow assigning the release permissions directly to the repository itself, so some user will need to own the release API keys).

[baentsch]

Thanks for the heads-up, @thomwiggers !

[thomwiggers]

Oh I see that the Rust team is already managed: https://github.com/open-quantum-safe/tsc/blob/fcc7133298b9ccfda12f240381400d4a4ac4bc54/config.yaml#L12-L14 (I had missed the teams at the top of the file).

So that means that point 1 is already addressed.

[ryjones]

@thomwiggers I can work with you on setting up crates publishing.

[baentsch]

@ryjones @thomwiggers can this issue be closed by now?

[thomwiggers]

Yeah it seems that these things are actually covered.