Open CPerezz opened 1 month ago
I noticed that the Git dependencies are currently pinned to a branch name. For better stability and reproducibility, would it be possible to switch to using a specific commit rev instead of a branch? This way, the dependency won't unintentionally change if new commits are pushed to the branch.
Agree. As commented in chat, the curves patches exist because when we started using the Grumpkin curve implementation there was no v0.5.0 of arkworks and Grumpkin was not included in v0.4.0, so we needed a way to use the last arkworks version while on a stable interface (ie. v0.4.0) but including also the Grumpkin curve, hence the patched fork.
We can do a 1-week coordinated effort this September (once current various implementations that are being done are completed to avoid more gitconflicts) where we coordinately upgrade all the dependencies and also Sonobe to arkworks v0.5.0 (to avoid different repos using different versions), cleaning part of the dependencies patches on the way, and we can use the same effort to try to minimize the other dependencies as you mention. Once we do that we can also change to specify the specific commit rev instead of branch in the cases that we still import a custom fork (ideally we would reduce the number of custom fork imports). Apart from the coordinated effort across multiple repos, it would be also across current branches being implemented to minimize git conflicts.
Currently as I worked on #142 I realized how complex the dependency graph of this workspace is. And it's not that the workspace is crazily complex. But rather that we have:
Lots of forks across different users and repos:
Some dependencies that also fall under other users:
While I don't have any issues with repos being under the users, it makes it a nightmare to actually update dependencies across the entire workspace. As always some deps have again all the arkworks stack in a older version and it's the never-ending story.
We rely on non-existing versions of crates to make all this juggling to work
If you notice, in all the
Cargo.toml
files we depend onark-grumpkin
, we depend on it with version0.4.0
. But if you actually look at https://crates.io/crates/ark-grumpkin/versions, you'll realize that onlyark-grumpkin v0.5.0-alpha.0
exists published. Therefore, we only use an "imaginary version" such that we can then patch it at top-level workspaceCargo.toml
with a custom version that @arnaucube owns.A lot of the arkworks cherry-picks that we currently patch have already been released.
For most of the arkworks backend,
0.5.0-alpha.0
is already out. This means most, to not say all of the things we have patched should disappear or minimize as much as possible.Action items:
v0.5.0-alpha.0
.v0.5.0-alpha.0
.