sha-1 vs sha1

[willstott101]

According to this comment the https://crates.io/crates/sha-1 has been deprecated.

I see no indication that it's deprecated on docs.rs, nor crates.io. How is this deprecation meant to be communicated? What's the benefit of the new crate?

Furthermore the README at https://github.com/RustCrypto/hashes/blob/08d677fc9b978320eb3d5c261339f3d72f5f07f6/sha1/README.md appears to point at the sha-1 crate, not sha1, making it look like the last version of sha-1 is the latest version of sha1 :confused:

[willstott101]

by "README points at", I mean the shield and link urls to docs & crates.io etc

[newpavlov]

We plan to release sha1 v0.10.0 and an empty sha-1 v0.10.0 with deprecation notice. Ownership of the sha1 crate was transferred to us after sha-1 v0.9.0 was released, so for now both versions are "active".

I will fix the readme links right away.

[newpavlov]

We probably should also add a deprecation note to the sha-1 crate description and readme on the next release.

[tarcieri]

We can also add a @RustSec unmaintained crate advisory for sha-1 which notes the new name.

We should probably do the same for ripemd160/ripemd320` too.

[newpavlov]

I have published sha-1 v0.10.5 with deprecation warnings.

[CryZe]

0.10.5 was a breaking change: https://github.com/snapview/tungstenite-rs/issues/321

[neoeinstein]

Yep. This just broke a bunch of unrelated builds downstream. Can we get 0.10.5 yanked?

[newpavlov]

Oh... I forgot to do the lib renaming. I will yank v0.10.5 and will do re-release right away.