0.8.0 branch

[praveksharma]

Please see the relevant pre-release (currently in draft): https://github.com/open-quantum-safe/oqs-provider/releases/tag/untagged-e8b2d0985929c684a8d5

This PR makes the following changes:

• Bumps the version string,
• stores a copy of generate.yml as generate.yml-0.12.0,
• Updates SECURITY.md,
• Updates RELEASE.md,
• Points CI to liboqs 0.12.0, and
• Points CI to OpenSSL 3.4.0.

Checks done:

• Stable under generate.py and do_code_format.sh,
• CI is green,
• 'LIBOQS_BRANCH=0.12.0 OPENSSL_BRANCH=openssl-3.4.0 ./scripts/fullbuild.sh -F && ./scripts/runtests.sh -V` runs OK,
• release-tests.sh with liboqs 0.12.0 and openssl 3.4.0 runs OK,
• nginx, curl, and httpd docker images build OK, and
• OpenSSL external test integration passes when run locally with gh act --job external-tests-providers. (Logs attached: logs.txt. Note that the external-tests-providers jobs fails because the tests for pkcs11-provider fail but oqs-provider passes.).

This PR will not land; once approved, a new 0.8.0-release PR will be made.

[praveksharma]

Thank you for the suggestions @baentsch! I've included the changes here and on the draft pre-release: https://github.com/open-quantum-safe/oqs-provider/releases/tag/untagged-0fb2ad16a1ba976ea75a

[praveksharma]

@baentsch @SWilson4 @ghen2 @fwh-dc Thank you for you suggestions, I've updated README.md to include them and updated the draft pre-release as well: https://github.com/open-quantum-safe/oqs-provider/releases/tag/untagged-d43fdf73a30644bc1820

[baentsch]

Thx!

[baentsch]

Following guidance in https://github.com/open-quantum-safe/oqs-provider/wiki/Release-process this removed "rc1" tags and waits for approval to land. Final release will be cut on the landed (squashed) commit.

[praveksharma]

Following guidance in https://github.com/open-quantum-safe/oqs-provider/wiki/Release-process this removed "rc1" tags and waits for approval to land. Final release will be cut on the landed (squashed) commit.

Thank you for finishing up the final release steps @baentsch! The pre-release is still in draft, is that intentional? Please let me know if that is becuase the GitHub web UI won't let you publish it and I shall do the same.

I'm linking a discussion related to the 0.7.0 release to see if we'd like to wait for a little bit before proceeding with the final release after appropriate approvals since I have not been able to automate the release process yet: #534 (comment)

[baentsch]

Thanks for the reminder to move rc1 out of Draft, @praveksharma . Just done. And sure, 0.8.0 will sit un-merged for a day before I squash, commit, and release (as agreed in the call yesterday) - just in case :)

[baentsch]

Looking at open-quantum-safe/boringssl#130 I wonder whether we should also at least announce removal of Dilithium with the next release (along the lines of Kyber)?

fwiw, I very much like the approach taken by @pi-314159 for oqs-boringssl: Just yank the stuff that's outdated... Or maybe it's just envy :-) @open-quantum-safe/oqs-committers do you know of anyone still relying on Kyber and Dilithium still being supported? May it be an idea to mark them "disabled" already now in the generate.yml? This would functionally align oqsprovider and oqsboringssl and still allow anyone to enable those algs again if they absolutely must.

[dstebila]

Looking at open-quantum-safe/boringssl#130 I wonder whether we should also at least announce removal of Dilithium with the next release (along the lines of Kyber)?

The liboqs 0.12.0 release notes didn't mention the planned removal of Dilithium, so the sequencing we've been following lately would have us announce the removal of Dilithium in 0.13.0 and then remove it by 0.14.0. That being said, oqs-provider could announce earlier, if you wanted.