FIND-20260331-011 · 2026-03-31 · Innovation Veille

QuipNetwork/hashsigs-rs — Post-quantum hash-based signatures in Rust (AGPL flagged)

trending-repo LOW
hashsigs-rs implements hash-based post-quantum digital signatures in Rust. 7,862 stars (+292 today). AGPL-3.0 license — flagged for legal review. Last commit 2025-11-03 (STALE — no commits in 5 months). 10 open issues, 30 forks. No declared topics. The AGPL license and staleness make this a DO_NOT_USE for ODS integration.

Source

https://github.com/QuipNetwork/hashsigs-rs

ODS Impact

Post-quantum cryptography is not yet on the ODS roadmap. If ODS SecureMail or OID requires PQC in the future, this crate's AGPL license disqualifies it for commercial use without open-sourcing ODS itself. Alternative: NIST-standardized PQC crates under MIT/Apache-2.0.

Security Review

License: AGPL-3.0 (FLAG — requires legal review, commercial use restricted) | Maintenance: STALE | Risk: MEDIUM | Recommendation: DO_NOT_USE

Tags

rust cryptography post-quantum agpl license-concern
Generated by ODS Innovation Veille · 2026-03-31T07:09:59+00:00