Skip to content

Process proposal to evaluate and decide on new candidate algorithms for the list #42

New issue
New issue
Open
Open
Process proposal to evaluate and decide on new candidate algorithms for the list#42
Labels
documentationImprovements or additions to documentationenhancementNew feature or request
@toscalix

Description

@toscalix
toscalix
opened on Dec 3, 2025

Rationale

Below you will fine a proposal for a process to propose and keep track of the discussion for including new algorithms (candidate algorithms) in the list.

The proposal includes:

  • An entry ion the contributing.md file explaining that there is a process to follow if a contributor wants to see a new algorithm included on the list
  • The ticket where we keep track of the proposal stage of the process.

The process is, in a nutshell:

  • A proposal is made in a specific ticket for the consideration of the SPDX Cryptography Group
  • If the Group considers that the candidate should be part of the List:
    • A ticket is created to confirm and mature all the information required to effectively include the algorithm on the list: properties, values...
    • Once all the information is mature, a PR is create and reviewed
  • If the groups considers that the algorithm should not be on the list, the process stops there.

The goals of this three steps process is to reduce the burden on those proposing the candidate algorithm, as well as to minimise the complexity of the PR review process.

This is a proposal to include an entry in the Contributing.md file as a process description for anyone to propose new candidate algorithms for the list

Entry in the contributing.md

<text to include in the Contributing.md file explaining that we have a process for requesting the inclusion of a new algorithm, which is described in a ticket (link to the ticket)>

This is the information on the ticket, which includes the process

Title of the ticket

New algorithms candidates to be included on the SPDX List? Please add the here for discussion

Rationale

This ticket is here to coordinate the evaluation, of new algorithms candidate to make it into the list. The goal is to be able to have a discussion about them during our regular meetings, as well as here.

Out of the discussion, there are two potential outcomes:

  1. The algorithms should be on the list
  2. The algorithm should not be included on the list

Process to request the evaluation of a new candidate algorithm

  1. Create an entry on the request section below of this ticket description including:
    • The proposed algorithm name and the link to the comment where you will provide all information to support your request. Finally, add the date of your request
  2. Provide all the information you consider necessary for the SPDX Cryptography Group to evaluate the convenience of including this candidate algorithm, as a new comment on this ticket/issue
    • Please be concise
    • Include references (links or attachments)
    • Provide information about the use case where this algorithm is relevant
    • Provide information about the impact or benefit of including this algorithm on the list
  3. The new candidate will be considered and discussed offline and included in the agenda of the following SPDX Cryptography Group weekly meeting. The proposer will be invited to participate in that meeting.
  4. After the discussion, any of these two outcomes are possible

1. The algorithm should be included on the list

The proposer will:

  1. Check the box on the Request section of this issue description
  2. Create a new ticket:
    • The issue title should be: [New candidate]
    • Provide in the description of the ticket
      • A proposal for the values of the different properties the algorithm should include
      • The information you added to the comment of this ticket that you still consider relevant
  3. Add an entry to the DoD section including
    • The name of the algorithm
    • A link to the new ticket.

2. The algorithm should not be included on the list

Somebody from the SPDX Cryptography Group will add a comment and reflect that the algorithms will not be included. You do not have to do anything. Ah, and thank you The fact that the algorithm is not included does not mean we do not value your contribution.

Request

Candidate algorithms to be included in the SPDX Cryptographic Algorithms List:

  • [ ] <candidate algorithm name>: <link to the comment> . Date
  • [ ] <candidate algorithm name>: <link to the comment> . Date
  • [ ] <candidate algorithm name>: <link to the comment> . Date

DoD

  • <candidate algorithm name>: <link to the new issue> . Date
  • <candidate algorithm name>: <link to the new issue> . Date
  • <candidate algorithm name>: <link to the new issue> . Date

Request

  • Discuss the proposal at the SPDX Cryptography Group meeting
  • Reach a consensus on the proposal
  • Create a PR introducing the changes on the contributing.md file
  • Create the process ticket
  • Announce the new procedure to the SPDX community

DoD

  • Link to the PR
  • Link to the process description ticket:

Metadata

Metadata

Assignees

No one assigned

    Labels

    documentationImprovements or additions to documentationenhancementNew feature or request

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions