-
Notifications
You must be signed in to change notification settings - Fork 432
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Policy on new PRNGs #464
Comments
I understand the motivation for this, but why exactly is your proposal? "Build up some kind of good track record" is vague and hardly enforceable. |
Yes, it is a bit vague, but I think it is really not that hard to get an idea about in practice. For normal PRNGs it means not only the author should speak well of it, but also others in the field. For CSPRNGs there should be at least one comprehensive paper but preferably multiple papers reviewing its security, besides the paper from the author. And there should be at least one reputable organization or company adapting it. |
Sounds sensible, if still a little vague. Perhaps we should add a "new features" section to Contributing. You're right; having a standard response to suggestions to add very new RNGs makes sense. However, we should have some kind of tracker for (a) interesting RNGs which are too young to warrant investigation, (b) RNGs under investigation (i.e. an open issue), (c) RNGs adopted into Rand, and (d) RNGs rejected after investigation. Possibly this could be an issue or an 'md' document in the repo. |
All the PRNGs will live in separate crates anyways, right? If so, the question becomes if those crates live in the rand repository or elsewhere, right? If folks want several young PRNG crates in one repository then I'll suggest the name rand-young, which might provide a nice place for discussion, collaboration, etc. |
Something to keep in mind, but that could also become quite a time sink. I don't think we should start such a crate any time soon. |
I added a policies section to the wiki: https://github.com/rust-lang-nursery/rand/wiki/Policies |
What does "formally published" mean? Does this require publication in a peer-reviewed journal or is a blog post enough? Similarly, what makes third-party review significant? |
In my opinion, "formal publication" means publication of an article by the author introducing and discussing the subject, and comparing to existing alternatives. This could be a journal article or simply a blog post, but should include significant discussion. For example the Randen repo has only minimal introduction and discussion and does not meet our requirement; I'm hoping we see a proper article on this generator later. Significant third-party review is a bit harder to formally define in my opinion 😄 |
The Randen paper is now online :) https://arxiv.org/abs/1810.02227 |
Thanks! I cross-posted to #299. |
In the past couple of weeks it was suggested to include some very new PRNGs in Rand, like a fast key-erasure AES variant, Xoshiro, and Randen.
New PRNG designs are created frequently, possibly monthly. Some come with a paper, others are a github repro and/or a blog post. The author will write something praising the highlights, having designed it to the best of his abilities. People get excited about it, and may want to add it to Rand directly.
It will take longer before others, equally or more knowledgeable than the author, can have a good look at it. Many PRNGs, both normal but especially CSPRNGs, don't make it through the 'second round'.
That is why, as a policy, I would propose to not accept any PRNGs in Rand that haven't yet build up some kind of good track record.
The text was updated successfully, but these errors were encountered: