Consider bumping MSRV #1750
Comments
|
Historically, it appears that BDK's MSRV has been aligned with the version of |
Yes, and Debian stable would continue to be a great MSRV target, IMO. That is, if upstream crates wouldn't effectively take the decision out of our hands. |
|
+1 on this. This will decrease the maintenance burden on MSRV. |
Unfortunately
rustlsrecently decided to bump their MSRV to 1.71 (see rustls/rustls#2239). While they now at least intermittently reverted the MSRV and pushed out version 0.23.19 that fixes RUSTSEC-2024-0399 without at bumping MSRV at the same time, they are commited to re-bump their MSRV to 1.71 with the follow-up (i.e., 0.23.20) release.Given how security-critical TLS libraries are, I don't think an MSRV of 1.63 for the dependent crates can be maintained through pinning, as users might miss out on critical security patches. That puts any dependent crates in a tough spot, and essentially forces them to bump their MSRV to at least 1.71, too.
In LDK we're probably going to introduce a separate MSRV just for the
lightning-transaction-synccrate (currently depending onrustls), which will have further consequences, such as bumping MSRV on LDK Node and other dependent projects down the dependency chain. We might also re-evaluate whethernative-tlscan be made to work on Android/Kotlin bindings.I'm opening this discussion topic as BDK probably also needs to act on this in one form or another, i.e., either bumping MSRV in general, or introducing a separate MSRV for anything depending on
rustls.It probably would also make sense to figure out a common MSRV target for the affected crates to at least somewhat maintain a standard that users can lean on here. It might just be 1.71, but then again
rustls's newly defined MSRV policy would 'allow' (not that they seem to care too much in general) them to bump up to 1.73 currently.The text was updated successfully, but these errors were encountered: