Dependency issue, untrusted = "^0.5"

[Charles-Schleich]

I was attempting to try out rust-tuf in an application, In my Cargo.toml under dependencies, i tried both tuf = "0.3.0-alpha3" and tuf = "0.2.0" both with the same issue.

error: failed to select a version for the requirement `untrusted = "^0.5"`
  candidate versions found which didn't match: 0.7.0, 0.6.2
  location searched: crates.io index
required by package `tuf v0.3.0-alpha3`
    ... which is depended on by `demo_tuf v0.1.0 (/home/charles/code/rust/demo_tuf)`

any idea where i should go from here ?

[erickt]

Hello! We've fixed this in git. We're in the middle of a pretty large radical refactor, where we've migrated to futures, and made rust-tuf more compliant with the TUF-1.0 spec.

@heartsucker: I suppose we could cut a 0.3.0-alpha. I'm not sure if we want to release 0.3.0 yet, but things seem comparatively stable. We could cut a 0.3.0-alpha4 if you aren't worried about breaking compatibility with 0.3.0-alpha3.

[heartsucker]

It says alpha, so there's not guarantees of compatibility. :sweat_smile:

If you want, I can cut another alpha from the head of master and push it.

[heartsucker]

Looks like we have a problem. Cargo won't let me publish.

$ cargo publish
    Updating crates.io index
   Packaging tuf v0.3.0-alpha4 (/home/heartsucker/code/heartsucker/rust-tuf)
error: failed to prepare local package for uploading

Caused by:
  failed to add to archive: `tests/interop/fuchsia-go-tuf-5527fe/consistent-snapshot-true/0/repository/be6d8b504eb5b9d6ca62560cac184f3133610f82142a7d49da6b7e0b84e927d570b0316d5de51b13782366bca29e201d5ed179e8433b93e5c903f0ebe06ded55.snapshot.json`

Caused by:
  provided value is too long when setting path for tuf-0.3.0-alpha4/tests/interop/fuchsia-go-tuf-5527fe/consistent-snapshot-true/0/repository/