Update rand_core to 0.6 #338
Conversation
|
it'll be very useful for a crate like https://github.com/novifinancial/opaque-ke to be used in a browser |
|
for info, it seems that the failed check is unrelated to this PR. EDIT: I tested locally with and without the patch, and this test fails exactly in the same way. |
|
Any plans on merging this for a 4.0.x release? The old version of rand in the API is holding up some other dependency updates. |
|
I'd also love to see a release with the rand upgrade! 👍 |
|
I'm happy to queue this for the 4.x release but I'd like to gather more breaking changes up all at once before putting out a non-alpha 4.x, since the more major series numbers we release, the more things like backporting #333 become a pain. However, we could release a 4.0.0-alpha.1 soon, even with no plan to put out the non-alpha anytime soon, if that's helpful to folks. |
|
It's useful to me so we can start getting PRs up for places like ed25519 so we can make sure things all keep working downstream. Thank you so much! |
https://github.com/rust-random/rand/blob/master/rand_core/CHANGELOG.md This new version makes using rand_core on wasm seamless (thanks to the update of getrandom to v0.2) The crate compiles well with this PR, but since some `rand_core` traits are publicly exposed in this crate's API, this is strictly speaking a breaking change.
PaulGrandperrin
force-pushed
the
patch-1
branch
from
ed176c9 to
d0dacb2
Compare
|
To clarify, the reason that the fix for #333 that I merged in #334 wasn't included in a point release until recently had nothing to do with the effort it requires to backport bugfixes; rather, it was because @isislovecruft silently removed all other owners of the crates they co-maintained and demoted every other member of the dalek-cryptography Github org from having admin privileges, so it was impossible for me or anyone other than them to publish the fixed version. In the past, the |
Is that true!? I find that really shocking. If true, what's the motivation behind that? It seems like a very risky setup from a security point of view. |
After receiving multiple reports of violations of the Rust Community Code of Conduct, and sadly after months of deliberation with community members, @hdevalence was demoted from admin to member. He was also removed from maintenance duties on crates.io. Contrary to his claims, all other maintainers have kept all privileges on both github and crates.io. The decision to remove him was mine: after repeatedly displaying unacceptable behaviours towards several people who spoke to me privately, and after being warned for said violations repeatedly, I refuse to continue to allow @hdevalence to hold any position of power in a community and project that I initially created. He is/was free to contribute code as a member, and to request/suggest new releases, as other maintainers and community members have already been doing. If anyone has anything else to report, or would like to know more, I am happy to discuss these matters privately, and I can be reached at [email protected] or DMs on Twitter @isislovecruft. Additionally, we are always happy to consider new maintainers, especially for members of the Rust and crypto communities who have already contributed. |
@isislovecruft Yes, it would be helpful to have an -alpha release without waiting for more breaking changes. |
|
Thanks @PaulGrandperrin! This is merged and released in |
https://github.com/rust-random/rand/blob/master/rand_core/CHANGELOG.md
This new version makes using rand_core on wasm seamless (thanks to the update of getrandom to v0.2)
The crate compiles well with this PR, but since some
rand_coretraits are publicly exposed in this crate's API, this is strictly speaking a breaking change.