Skip to content

Can't use slh-dsa and ml-dsa due to pre releases #930

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dignifiedquire opened this issue Apr 5, 2025 · 8 comments
Closed

Can't use slh-dsa and ml-dsa due to pre releases #930

dignifiedquire opened this issue Apr 5, 2025 · 8 comments

Comments

@dignifiedquire
Copy link
Member

I am trying to use slh-dsa and ml-dsa but the current versions all depend on various pre-releases, which means I can't import it into rpgp, due to othe crates depending on the current release.

Would it make sense for me to PR versions that actually use the current releases, or what's the current plan on moving forward with the next release round?
@dignifiedquire dignifiedquire mentioned this issue Apr 5, 2025
Merged
12 tasks
@tarcieri
Copy link
Member

tarcieri commented Apr 6, 2025

I think trying to downgrade the dependencies may cause issues for other current users and will generally just create more work overall. I also don’t understand why you can’t make due with the prerelease versions (you say “can’t use” but never explain why)

Ideally we’d have releases out of all the crates out in the next few months but upstream work seems to have stalled.

@dignifiedquire
Copy link
Member Author

you say “can’t use” but never explain why

Sorry, so the issue is that I have many rustrcrypto dependencies in rpgp and I don't think there is prereleases for all of these available, so the pinned signature prereleases make cargo very unhappy and do not allow me to have them in my dep tree in parallel

Most of these deps here https://github.com/rpgp/rpgp/blob/main/Cargo.toml are somehow linked into the rustcrypto ecosystem

@tarcieri
Copy link
Member

tarcieri commented Apr 7, 2025

Aaah yeah, signature is a problem. We’ve been debating a major version bump, which might be worth it due to some other issues that could be fixed

@gkgoat1
Copy link

gkgoat1 commented Apr 7, 2025

Aaah yeah, signature is a problem. We’ve been debating a major version bump, which might be worth it due to some other issues that could be fixed

These prereleases also mess with other, unrelated, RustCrypto crates I plan to use. See #929 ; in that issue, I find a compilation error when using slh-dsa and x-wing together.

Personally, having a no-prerelease version of slh-dsa would be nice; maybe v0.0.n99 mirroring v0.1.n but with legacy traits used?

@tarcieri
Copy link
Member

tarcieri commented Apr 7, 2025

If someone wants to put together a PR to downgrade slh-dsa’s dependencies I can cut a prerelease with it, but I would want to immediately revert it after that

@dignifiedquire
Copy link
Member Author

I am making a branch for slh-dsa and ml-dsa

@dignifiedquire dignifiedquire mentioned this issue Apr 8, 2025
Merged
@dignifiedquire
Copy link
Member Author

took a stab at it here: #931

@dignifiedquire dignifiedquire mentioned this issue Apr 9, 2025
Closed
@tarcieri
Copy link
Member

This should be addressed by ml-dsa v0.0.4 and slh-dsa v0.0.3

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tarcieri @dignifiedquire @gkgoat1