From e30a06a6b239c5a60a6befcbe593e991f76ea617 Mon Sep 17 00:00:00 2001 From: Tony Arcieri Date: Sun, 19 Jan 2020 11:01:43 -0800 Subject: [PATCH] RUSTSEC-2016-0005: add note about rust-crypto vs RustCrypto The `rust-crypto` crate and RustCrypto org have confusingly similar names, which has caused confusion about this advisory in practice: https://www.reddit.com/r/rust/comments/e29sxc/ann_rustcryptoaead_v020_heapless_symmetric_aead/f8ujyxm/ This commit adds a small note to disambiguate them and note that RustCrypto-the-GitHub-org is still maintained. --- crates/rust-crypto/RUSTSEC-2016-0005.toml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/crates/rust-crypto/RUSTSEC-2016-0005.toml b/crates/rust-crypto/RUSTSEC-2016-0005.toml index 72b0eb281..5fa395e1f 100644 --- a/crates/rust-crypto/RUSTSEC-2016-0005.toml +++ b/crates/rust-crypto/RUSTSEC-2016-0005.toml @@ -11,6 +11,10 @@ description = """ The `rust-crypto` crate has not seen a release or GitHub commit since 2016, and its author is unresponsive. +*NOTE: The (old) `rust-crypto` crate (with hyphen) should not be confused with +similarly named (new) [RustCrypto GitHub Org] (without hyphen). The GitHub Org +is actively maintained.* + We recommend you switch to one of the following crates instead, depending on which algorithms you need: