blake2-rfc no longer maintained - change to blake2 #1885
Comments
|
I fundamentally disagree that because a library doesn't get updated means that we should no longer use it. |
|
That is true. It also leads to increased compile times due to the use of outdated transitive dependencies (even though there is a PR for it) and does not explain why a simple PR updating the readme is over 5 years old and didn't even get a comment. Besides that there is also a benefit of using a library that has 5x as many users/downloads, especially for security relevant dependencies and the knowledge that if there is an issue it is more likely to get fixed. In the end it is up to you, I hope you have considered both and actively decided to stay on blake2-rfc. |
The blake2-rfc dependency hasn't been updated in 3 years, has outdated dependencies and open PRs for those. To me this looks like it is no longer maintained. How about switching to https://crates.io/crates/blake2 (RustCrypto)?
EDIT:
The same goes for the libsecp256k1 dependency (no updates since 1 year and open dependency update PRs): https://github.com/paritytech/libsecp256k1/pulls → https://github.com/RustCrypto/elliptic-curves/tree/master/k256
The text was updated successfully, but these errors were encountered: