shinji-san
What about a v1
Is your feature request related to a problem? Please describe. Looking at the releases we already have a long list of releases even going through different .NET versions, but the project having a <1.0 version makes it look like something new and untested. The project has automated tests, has a great changelog, already handled breaking changes, ... Why not bump it up to a v1?
Describe the solution you'd like Just bump it up to v1
Describe alternatives you've considered The alternative https://www.nuget.org/packages/SecretSharing/ hasn't been updated since 2018 and only targets net461 (so no .NET core/6/7).
Additional context Nothing else
Hi @stevehansen,
Thank you so much for your request. At the moment I'm trying to find a way to start a security audit of this library. Such an audit contains
- code review and
- penetration testing.
However, it's hard to find combatants for that project.
Furthermore, I think there are some issues that need to be fixed before a version 1 can be released. I have to verify these issues the next months. (e.g. side-channel attacks)
So that's the reason why I'm currently not comfortable with a library version 1.
Not sure of your motivation (personal or professional originally, maybe both) behind this library @shinji-san but you're doing a great job, thanks for that. Up to you for what you consider required for a v1. If you're doing a security audit, best to go with something that is recognized, either by the community, or the industry/business where we are located (ANSSI in France for myself, BSI in Germany as you probably know on your side, not sure for Belgium @stevehansen). I'm using this library into Leosac Key Manager and I will probably go for an ANSSI qualification in the next couple of years if I reach my objectives. Not now, first releases are probably not strong enough. But when the time comes your library will be included on the scope.
