MSRV

[ZuseZ4]

First of all thanks for your great work, it is nice to see that the amount of safe Rust code out there is increasing, to proof C/C++ Programmers that you don't have to fall bck to unsafe in order to write usable Rust software. However, I think it would be important to have an MSRV policy, otherwise I can hardly propose using this in production at my work. It would be a shame to get everyone hyped, just to later find out that this crate has to raise their minimum Rust version faster than we can update our toolchain. Do you have any thoughts on a policy here?

[Speykious]

Sure, I can do that. It'll likely be the current latest stable version, or slightly lower if we happen to not have used some of the latest features.

That said, since you're talking about proposing to use this in production, remember that cve-rs is licensed under the GLWTSPL.

As an aside, we were already planning to introduce a Maximum Supported Rust Version once the soundness hole is fixed.

[Speykious]

I tested using cargo msrv, and it turns out we're not using any features higher than Rust 1.66.1. However, we don't want to commit to being too behind on Rust's new features either, so I decided in this commit to set the MSRV to 1.69.1. That'll give us a bit of leeway.

[ZuseZ4]

That's a nice solution, thank you for the very quick support!