You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The author of ring-algorithm yanked all versions older than 0.4.0 from crates.io earlier today, after changing the project's license from MIT OR Apache-2.0 to AGPL-3.0-or-later. AGPL is not very permissive at all; even though there are no modifications to its source being made, this is still too risky for most to take on. Thus, I would not recommend upgrading to the 0.4.0 version, and instead take the following approach:
First to fix the build, point explicitly back to the 0.2.3 version, i.e.
Then, either make your own fork of the project since that commit, keep the license as MIT/Apache 2.0, and maintain it separately; or, wean off of it as a dependency altogether if reasonably possible.
The project is current unbuildable without some cargo patching, so hopefully this will get attention posthaste. Thanks.
The text was updated successfully, but these errors were encountered:
Hi @jnicholls !
Thanks for the heads up !
My preferred option is to manage without ring-algorithm / find an alternative / implement on our own. @survived , @elichai What do you think ?
The author of ring-algorithm yanked all versions older than 0.4.0 from crates.io earlier today, after changing the project's license from
MIT OR Apache-2.0
toAGPL-3.0-or-later
. AGPL is not very permissive at all; even though there are no modifications to its source being made, this is still too risky for most to take on. Thus, I would not recommend upgrading to the 0.4.0 version, and instead take the following approach:The project is current unbuildable without some cargo patching, so hopefully this will get attention posthaste. Thanks.
The text was updated successfully, but these errors were encountered: