Comments (5)
wucke13
commented on May 28, 2024
libsodium is linked using pkg-config, so there it should be easy to replace it as wished when packaging for a distro. With liboqs, no chance. The liboqs-sys crate does ship its own vendored version of oqs and AFAICT doesn't offer to override the version used. So as I see it, there is nothing we can do from the rosenpass side. Feel free to re-open the issue if you disagree!
from rosenpass.
clausecker
commented on May 28, 2024
I do disagree! Maybe this issue should be raised with the liboqs crate instead.
from rosenpass.
wucke13
commented on May 28, 2024
Please go for it :) I'm eager to see what they think. I'm with you that it makes sense to allow the packagers to choose how deps are satisfied, however for a young project (with potential API & ABI breakage) it might make sense that the bindings they ship come with exactly one specific version of the respective C code. That surely avoids all different weird kind of bugs.
from rosenpass.
clausecker
commented on May 28, 2024
I'm more interested in avoiding the bug where there's a CVE we patched in the liboqs port but not in your project because you bundle your own static copy.
from rosenpass.
clausecker
commented on May 28, 2024
See this bug report: open-quantum-safe/liboqs-rust#190
from rosenpass.
Related Issues (20)
- # Add a broker parameter to the IP style interface
- Testing: Integration test validating that the PSK can be successfully set with our broker
- `rp` script should not run as root
- Rp script should run as SUDO_USER
- Socket-handler broker should use asynchronous duplex processing
- Move prefix-length encoding into a helper
- PSK Brokers should use minimal dependencies
- Derivable lenses with type support
- Communication between unix-socket broker and priviledged broker should be able to use FIFOs
- Rosenpass and socket broker should support TCP transport
- Remove dependency on libsodium HOT 2
- Cargo run failed.
- Document that we use chacha20poly1305 with 96 bit nonces
- Create deb package HOT 2
- Create snap package
- Document API of wireguard broker
- Add and keep up-to-date a tag pointing to the most recent stable release? HOT 1
- Figure out methodology to ensure that code in the constant time subcrate is actually constant time HOT 1
- Typo in `rosenpass validate`
- Config file does not support referring to home directory using `~` HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from rosenpass.