Future maintenance

[bnewbold]

Hello @jacklund!

This repository has not been updated for some time. From README:

This started as a project to learn Rust, and sort of mophed into a fully-functional Macaroon implementation.

so it's entirely understandable that this crate isn't receiving maintenance. However, I'm interested in helping maintain a reasonably polished and idiomatic macaroons library for Rust, and I've found this project to be the furthest along. Would you be willing or interested in co-maintaining or turning over the project?

Under the context that there seem to be very few or no crates depending on this one right now, and it's still at version 0.1.1 (so breaking updates might be feasible), my priorities would be:

• update for contemporary Rust (warnings, etc); probably require either 1.26+ or Rust 2018
• vastly expanded test suite, including test vectors from other implementations
• review API for best practices (eg, naming)
• clippy + rustfmt clean
• informal code quality and security review
• feature completeness with upstream libmacaroons
• meeting any requirements and rust best practices to get to a "1.0" API
• meeting any requirements for inclusion in Debian and other OS-level package managers
• documentation and examples

Non-priorities (but maybe interesting to others) would be:

• helpers for verifying caveats (beyond the existing "specific" and "general")
• no-std support
• built-in "bakery" API to manage root keys (a la a popular golang library)
• WASM
• exposing a C ABI

An alternative I've been thinking about is to just wrap the upstream C library, creating a "libmacaroon-sys" crate. However, I think the spec is simple enough, and the downsides of wrapping (potential security issues with bindings; friction of depending on external libraries) means a pure implementation is preferable.

[bnewbold]

cc: @tarcieri whose macaroons-rs is "archived" on github, but might have thoughts/advice.

(If I don't hear back this will be the last time i'll cc: you about rust+macaroons)

[tarcieri]

I am happy to give over the macaroons crate name, however I have no plains to develop/maintain a Macaroons library in Rust (my overall interest in the format has waned, and I am collaborating on a "Macaroons Replacement" format)

[jacklund]

Honestly, I have absolutely no time to dedicate to this (kids + work + other commitments), so I'm happy to hand this over to you. Let me know when/how you want to hand over the project.

I am glad someone's taking it on, though. Please let me know if you have any questions/concerns about the code as well.

[bnewbold]

Great! I will get my fork in good shape over the next couple weeks and will request redirects/transfer/permissions when ready.

I will soon be launching a production service using this library, so will have some sustainable motivation to for maintenance going forward.

[thomastaylor312]

@bnewbold I forgot to check the issues before opening #5. Are you still planning on taking over maintenance? We would love to help contribute and use the crate

[dunxen]

I'd also be willing to contribute to this project, help move it forward and add some polish. 😄

[thomastaylor312]

@duncandean We did a bunch of work to add some polish in our fork here: https://github.com/deislabs/libmacaroon-rs

However, we are still not sure if we are going to continue forward with our planned usage of the library or not. I will update things here once I know more. But feel free to take a look at that code. I'd be completely willing to merge that in to another fork even if we don't end up continuing our use

[bnewbold]

Sorry to have flaked on this, and not to have replied earlier @thomastaylor312.

We continue to use our fork of this crate as part of the https://fatcat.wiki project. It would be wonderful to have a stable/maintained upstream. I don't have the bandwidth to do most of the things mentioned at the start of this issue, but would be happy to review and/or contribute if somebody else has the time to lead.

[dunxen]

Thanks @thomastaylor312, @bnewbold will check the forks out some time in the morning.

I have the time to take up leading a project, but unfortunately little experience in that regard. I suppose this might be an appropriate challenge.🙂

I am quite keen though. Would be great to have a de facto macaroons crate.

[dunxen]

I've created a new org and repo: https://github.com/macaroon-rs.

• Aligns the crate name (once ownership moved over) with the repo name.
• Created a little Ferris logo holding (French) macaroons. (They're colourful so I think we could overlook the whole macaron vs. macaroon technicality.)
• Suggest an MIT license if everyone is happy (@jacklund).
• Uses the https://github.com/deislabs/libmacaroon-rs fork as a starting point (@thomastaylor312 ). Full commit history just pushed to the new repo as a clean upstream (to make it clear). I know there are breaking API changes but there has been quite a bit done to improve it. The community can work on stabilising the best idiomatic API.
• I can add everyone as full members in this thread if that's okay?
• I can reach out to community members for contributors and those experienced in open source Rust lib crate maintenance.

[thomastaylor312]

@duncandean @bnewbold So It looks like we aren't going to continue forward with our use of macaroons, so we will not be helping maintain it. However, feel free to take our code as a starting point!

[bbigras]

Any progress on this?

[bnewbold]

No changes from me. The macaroon-rs/macaroon repo looks fine to me (logo is cute!). I have not reviewed/audited any code since this thread started but I don't think anything needs to block on that. I'm willing to be tagged/assigned code review. Would be excited to switch our (ongoing, pseudo-mature) use of this crate to an updated stable release.

[dunxen]

Hi everyone, I haven’t made any drastic changes from where @thomastaylor312 left off. More setting up code coverage and maintenance automation at macaroon-es/macaroon. Also just contributed the logo. You can see the changes I’ve made. Mostly updates and some fixes to tests for these updates.

I’m currently out of town with limited cellular reception, but I’ve invited @bnewbold and @jacklund as members to that org for now.

[jacklund]

I went ahead and deprecated my project in favor of https://github.com/macaroon-rs/macaroon, since y'all have done a lot of work to get it updated and into good shape. I also yanked all the versions of my project from crates.io, hopefully this would allow the other project to be published there using the macaroons name.

I'll try to help out with the other project as well, as time permits.

[dunxen]

I think we can mark this issue as closed in favour of macaroon-rs/macaroon#40 🙂