Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

BROKEN BUILD: ring-algorithm 0.2.3 yanked from crates.io #124

Closed
jnicholls opened this issue Aug 4, 2021 · 3 comments · Fixed by #125
Closed

BROKEN BUILD: ring-algorithm 0.2.3 yanked from crates.io #124

jnicholls opened this issue Aug 4, 2021 · 3 comments · Fixed by #125

Comments

@jnicholls
Copy link

jnicholls commented Aug 4, 2021

The author of ring-algorithm yanked all versions older than 0.4.0 from crates.io earlier today, after changing the project's license from MIT OR Apache-2.0 to AGPL-3.0-or-later. AGPL is not very permissive at all; even though there are no modifications to its source being made, this is still too risky for most to take on. Thus, I would not recommend upgrading to the 0.4.0 version, and instead take the following approach:

  1. First to fix the build, point explicitly back to the 0.2.3 version, i.e.
ring-algorithm = { version = "0.2.3", git = "https://gitlab.com/Toru3/ring-algorithm", rev = "f4d0dfbadac9fc00e2ddeb867ab4cf47b26de89a" }
  1. Then, either make your own fork of the project since that commit, keep the license as MIT/Apache 2.0, and maintain it separately; or, wean off of it as a dependency altogether if reasonably possible.

The project is current unbuildable without some cargo patching, so hopefully this will get attention posthaste. Thanks.

@omershlo
Copy link
Contributor

omershlo commented Aug 4, 2021

Hi @jnicholls !
Thanks for the heads up !
My preferred option is to manage without ring-algorithm / find an alternative / implement on our own.
@survived , @elichai What do you think ?

@survived
Copy link
Contributor

survived commented Aug 5, 2021

We use this crate just to implement egcd and mod_inv algorithms for num-bigint backend. We can just copypast these two functions for now

@survived
Copy link
Contributor

survived commented Aug 5, 2021

We've just released v0.8.0-rc2 with removed dependency on ring-algorithm crate

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants