Comments (5)
libsodium is linked using pkg-config, so there it should be easy to replace it as wished when packaging for a distro. With liboqs, no chance. The liboqs-sys crate does ship its own vendored version of oqs and AFAICT doesn't offer to override the version used. So as I see it, there is nothing we can do from the rosenpass side. Feel free to re-open the issue if you disagree!
from rosenpass.
I do disagree! Maybe this issue should be raised with the liboqs crate instead.
from rosenpass.
Please go for it :) I'm eager to see what they think. I'm with you that it makes sense to allow the packagers to choose how deps are satisfied, however for a young project (with potential API & ABI breakage) it might make sense that the bindings they ship come with exactly one specific version of the respective C code. That surely avoids all different weird kind of bugs.
from rosenpass.
I'm more interested in avoiding the bug where there's a CVE we patched in the liboqs port but not in your project because you bundle your own static copy.
from rosenpass.
See this bug report: open-quantum-safe/liboqs-rust#190
from rosenpass.
Related Issues (20)
- # Add a broker parameter to the IP style interface
- Testing: Integration test validating that the PSK can be successfully set with our broker
- `rp` script should not run as root
- Rp script should run as SUDO_USER
- Socket-handler broker should use asynchronous duplex processing
- Move prefix-length encoding into a helper
- PSK Brokers should use minimal dependencies
- Derivable lenses with type support
- Communication between unix-socket broker and priviledged broker should be able to use FIFOs
- Rosenpass and socket broker should support TCP transport
- Remove dependency on libsodium HOT 2
- Cargo run failed.
- Document that we use chacha20poly1305 with 96 bit nonces
- Create deb package HOT 2
- Create snap package
- Document API of wireguard broker
- Add and keep up-to-date a tag pointing to the most recent stable release? HOT 1
- Figure out methodology to ensure that code in the constant time subcrate is actually constant time HOT 1
- Typo in `rosenpass validate`
- Config file does not support referring to home directory using `~` HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from rosenpass.