Mark rand_os as unmaintained

[jayvdb]

Closes #2211

[dhardy]

Can advisories target specific versions?

There's a chance we re-launch rand_os for rand_core v0.10.

[paolobarbolini]

Can advisories target specific versions?

There's a chance we re-launch rand_os for rand_core v0.10.

In that case it wouldn't make sense to have an unmaintained advisory.

[jayvdb]

Advisories can be rescinded.

[jayvdb]

IMO it is all the more important to get this advisory out, so current users of rand_os upgrade before a new rand_os appears.

Or will the new rand_os have the same API as the old one, this providing a viable upgrade path for users of the old rand_os?

[dhardy]

unmaintained advisory

Take a look at the download stats; the high usage doesn't even apply to the latest version (0.2.x). So whether or not we release a new version is entirely irrelevant to the high download rate of 0.1.x.

Or will the new rand_os have the same API as the old one, this providing a viable upgrade path for users of the old rand_os?

It would require the latest rand_core so be incompatible.

[jayvdb]

Right, an advisory will assist in reducing usage of 0.1.x as well as 0.2.x.