Query: On QCBOR’s Design Goals, Vendor Neutrality, and Linux Packaging.

[arakshit011]

I’m evaluating QCBOR and would like to better understand how it differs from other open‑source CBOR implementations such as libcbor and tinycbor.
Specifically, I had a few questions:

Scope and intent:
Is QCBOR primarily a straightforward implementation of the CBOR RFCs, or does it also include Qualcomm‑specifics, assumptions, or mechanisms intended for internal use only?

Portability and vendor neutrality:
Does QCBOR aim to be fully vendor‑neutral, or are there any aspects of the library that effectively “lock in” Qualcomm‑specific conventions, platforms, or usage patterns?

Design trade‑offs:
From the README and documentation, it appears that QCBOR places strong emphasis on:

1. Security hardening, especially on the decoding path.
2. Avoiding or tightly controlling memory allocation.

Is this the primary differentiator compared to libraries like libcbor and tinycbor, or are there other major architectural or philosophical differences that users should be aware of?

Linux distribution packaging:
Are there any plans to package QCBOR for major Linux distributions such as Debian, Fedora, or others?

[laurencelundblade]

I’m evaluating QCBOR and would like to better understand how it differs from other open‑source CBOR implementations such as libcbor and tinycbor. Specifically, I had a few questions:

Scope and intent: Is QCBOR primarily a straightforward implementation of the CBOR RFCs, or does it also include Qualcomm‑specifics, assumptions, or mechanisms intended for internal use only?

It's a straight forward implementation of the RFCs. Pretty much all that Qualcomm-oriented is the Q in the name. It's been over five years since there was interaction with Qualcomm.

Portability and vendor neutrality: Does QCBOR aim to be fully vendor‑neutral, or are there any aspects of the library that effectively “lock in” Qualcomm‑specific conventions, platforms, or usage patterns?

Vendor neutral

Design trade‑offs: From the README and documentation, it appears that QCBOR places strong emphasis on:

1. Security hardening, especially on the decoding path.
2. Avoiding or tightly controlling memory allocation.

Is this the primary differentiator compared to libraries like libcbor and tinycbor, or are there other major architectural or philosophical differences that users should be aware of?

QCBOR is more comprehensive than most of the others -- it covers more of the RFC and provides higher-level and easier to use APIs.

Linux distribution packaging: Are there any plans to package QCBOR for major Linux distributions such as Debian, Fedora, or others?

Not at the moment.