There’s a large number of software labeled “alpha” or “beta”. That has to be taken with a grain of salt. This does not necessarily imply “security issues”.
Due to the inflationary use of these words, I introduced tags such as “developers-only” and “testers-only” tags because alpha, beta seems to be not well understood terminology by many readers.
Also version numbers lower than 1.0 imply “issues”, “unfinished”, “alpha” or “beta”. But there are many. [1] That does not necessarily imply “insecurity” either.
It has to be clarified what “testing” and “experimental” is supposed to mean. Does it mean that the protocol might make incompatible changes in the future to optimize performance or does it mean that authors are worried that plaintext might be send instead of encryption or that the encryption can be decrypted? This should not be assumed. It needs to be asked or stated directly.
For example, Tor used to state in its log message after start:
This is experimental software. Do not rely on it for strong anonymity.
It required opening a ticket to clarify this and change this wording.
Similar discussion for Whonix: Whonix experimental for how long
Minor contradictions, confusing, outdated or non-deal wording might also be found in the wiki. Once reported, things can be updaetd, clarified.
In conclusion, these words are not to be over interpreted after extended periods of time. Simply nobody working on rewording from nowadays perspective.
[1]
dpkg -l | grep --fixed-strings " 0."
Please provide references.
I’ve tried to find references using perplexity:
-
soatok cryptographer
-
soatok cryptographer vs djb