BROKEN BUILD: ring-algorithm 0.2.3 yanked from crates.io

[jnicholls]

The author of ring-algorithm yanked all versions older than 0.4.0 from crates.io earlier today, after changing the project's license from MIT OR Apache-2.0 to AGPL-3.0-or-later. AGPL is not very permissive at all; even though there are no modifications to its source being made, this is still too risky for most to take on. Thus, I would not recommend upgrading to the 0.4.0 version, and instead take the following approach:

1. First to fix the build, point explicitly back to the 0.2.3 version, i.e.

   ring-algorithm = { version = "0.2.3", git = "https://gitlab.com/Toru3/ring-algorithm", rev = "f4d0dfbadac9fc00e2ddeb867ab4cf47b26de89a" }

2. Then, either make your own fork of the project since that commit, keep the license as MIT/Apache 2.0, and maintain it separately; or, wean off of it as a dependency altogether if reasonably possible.

The project is current unbuildable without some cargo patching, so hopefully this will get attention posthaste. Thanks.

[omershlo]

Hi @jnicholls ! Thanks for the heads up ! My preferred option is to manage without ring-algorithm / find an alternative / implement on our own. @survived , @elichai What do you think ?

[survived]

We use this crate just to implement egcd and mod_inv algorithms for num-bigint backend. We can just copypast these two functions for now

[survived]

We've just released v0.8.0-rc2 with removed dependency on ring-algorithm crate