[Pkg-privacy-maintainers] RFS: codecrypt, the post-quantum cryptography tool

Ximin Luo infinity0 at debian.org
Sat Mar 5 17:43:10 UTC 2016


Miroslav Kratochvil:
> Is there any suggested next step for the sponsor-searching process?

This is the sponsor searching process, I will review your package then sponsor it when it's ready. :)

Here's some general comments about the non-Debian parts:

(a) -g, --gen-key generate specified keypair, `help' lists algorithms

It's slightly unclear that this means to run "-g help", or that this requires
an argument, perhaps instead say "-g, --gen-key [ALGO]|help" or something.

(b) Could you write something in the README about why you've chosen these algos
and also your choices of defaults? For example:

18:30:13 <Yawning> why cubehash
18:31:38 <Yawning> I mean, it's probably ok, but seems odd relative to blake(2)/SHA-3

(c) Could you also write something that actually explains the relevance of each
paper in doc/papers? At the moment it seems like it's just a random list, and
some of the filenames are not very informative, e.g. example.pdf, overview.pdf

(d) There is a warning at src/mce_qd.cpp#L33 about insecure algorithms. It says
they are kept "for compatibility" but AFAICS this tool is not widely used. Why
not just get rid of them completely?

Will review the Debian packaging next.

X

-- 
GPG: ed25519/56034877E1F87C35
GPG: rsa4096/1318EFAC5FBBDBCE
git://github.com/infinity0/pubkeys.git



More information about the Pkg-privacy-maintainers mailing list