Skip to content

Remove dependency on ctr::cipher::zeroize #1771

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Dec 10, 2024
Merged

Remove dependency on ctr::cipher::zeroize #1771

merged 1 commit into from
Dec 10, 2024

Conversation

pronebird
Copy link
Collaborator

@pronebird pronebird commented Dec 10, 2024
edited
Loading

Use our own zeroize instead of the one re-exported from ctr::cipher::zeroize

This change is Reviewable

@pronebird pronebird requested a review from octol December 10, 2024 15:55
octol
octol approved these changes Dec 10, 2024
View reviewed changes
Copy link
Contributor

@octol octol left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can this maybe lead to possibly multiple versions of zeroize crate being used? And in some corner cases cause issuing resolving mutual dependencies?

@pronebird
Copy link
Collaborator Author

@octol I thought that Rust didn't allow multiple versions of the same dependency in a workspace. Same goes for features, that accumulate. Isn't that so?

@pronebird pronebird merged commit 7fe6c2e into develop Dec 10, 2024
8 of 12 checks passed
@pronebird pronebird deleted the am/fix-zeroize branch December 10, 2024 16:09
@octol
Copy link
Contributor

octol commented Dec 10, 2024

@octol I thought that Rust didn't allow multiple versions of the same dependency in a workspace. Same goes for features, that accumulate. Isn't that so?

As an example we have multiple versions of reqwest in the dependency tree (according to cargo tree)

@pronebird
Copy link
Collaborator Author

pronebird commented Dec 10, 2024
edited
Loading

@octol

@octol I thought that Rust didn't allow multiple versions of the same dependency in a workspace. Same goes for features, that accumulate. Isn't that so?

As an example we have multiple versions of reqwest in the dependency tree (according to cargo tree)

Yeah that's true. I'd need to learn a bit more to understand the exact behaviour. But conflict shouldn't be a problem in this case since Zeroizing is used locally and not passed between crates.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@octol octol octol approved these changes

@jstuczyn jstuczyn jstuczyn approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@pronebird @octol @jstuczyn