fix: Override other implementations on custom feature

rust-random / getrandom

A small cross-platform library for retrieving random data from (operating) system source

Apache License 2.0

275 stars 180 forks source link

fix: Override other implementations on custom feature #501

Closed VisualEhrmanntraut closed 1 week ago

VisualEhrmanntraut commented 1 week ago

Fixes #500

newpavlov commented 1 week ago

We intentionally do not allow to overwrite "default" entropy sources with custom ones. This may change with #498, but your current approach certainly is a no-go.

VisualEhrmanntraut commented 1 week ago

@newpavlov How about I instead make a feature named prefer-custom or use-custom which will make it prefer the custom implementation to the built-in ones?

newpavlov commented 1 week ago

Renaming the feature does not solve the root security issue with overriding default entropy sources. As I wrote in the issue, at the moment, your best option is to simply patch the getrandom crate with your custom version or introducing a proper custom target for your experiments.