Why should test-util not be enabled in production?

[aaronmondal]

The docs for aws-smithy-runtime say very explicitly to not enable the test-util feature in production.

https://github.com/awslabs/smithy-rs/blob/a42c818b4af8d20b94c53486f952f255ff0e4dff/rust-runtime/aws-smithy-runtime/src/lib.rs#L12

Does this just mean that users shouldn't USE features from that flag in production, or that there should be different feature configurations for this crate in test vs release builds as in rust-lang/cargo#2911 (comment)?

Also, why shouldn't it be used in production? I could imagine something like the upcoming live-capture functionality being potentialy useful during runtime. Does the test-util feature have any security implications?

[jdisanti]

The test-util feature is intended to be consumed as a dev-dependency and used exclusively in unit tests. The tools it provides are not written with scalability, security, or robustness in mind, so they shouldn't be used in production.

That said, if there's a specific tool in there you want in production for whatever reason, and you've looked through its code and vetted that it will be OK for what you're using it for, and you've written tests to guarantee it continues to be OK, then there's nothing preventing you from using it. We are considering making some breaking changes to the test utils even after GA (mostly to make them more ergonomic), so expect that as well.

[aaronmondal]

Thanks for the clarification and quick response!