Open tarcieri opened 2 years ago
newpavlov
commented
2 years ago In that particular case you could use a temporary workaround of adding min-versions-correct zeroize/zeroize-derive as an explicit dependency of ssh-key. I've used a similar workaround in the rsa crate.
tarcieri
commented
2 years ago Here's another example of where it would be handy: https://github.com/RustCrypto/sponges/pull/13
Well, either that, or being able to pin the nightly version.
newpavlov
commented
2 years ago Yeah, passing compiler version could be useful with default being Nightly (or version in which -Z minimal-versions will be stabilized).
tarcieri
commented
1 year ago Another problem related to features passed to minimal-versions:
https://github.com/RustCrypto/nacl-compat/pull/38
This PR needs the ability to specify mandatory features as well as excluded features. Namely we need to pass the u64_backend feature, and exclude the u32_backend feature.
It'd be good to get the root problem here, the way curve25519-dalek does backend selection, fixed upstream:
https://github.com/dalek-cryptography/curve25519-dalek/issues/414
The
minimal-versionsshared workflow presently doesn't provide a way to pass the--exclude-featuresparameter tocargo hack.This is problematic when using a 3rd party dependency which isn't
minimal-versions-clean itself. In particular I'm experiencing this withed25519-dalek:https://github.com/RustCrypto/formats/runs/5739309796?check_suite_focus=true
It would be nice to opt out of
minimal-versionsin these cases by excluding the features from the workflow. While a "proper" fix is making the upstream dependencyminimal-versionsclean, it would be nice in the interim to still have the check work without having to list out the relevant dependencies indev-dependencies.