Brian Smith

There is a webpki 0.22.1 release that implements the signature count mitigation.

> Would it be possible to backport the fix for people with MSRV issues? 0.22.2 was released with all the fixes so far, without the MSRV bump. 0.22.4 is the...

> The new version of rustls breaks my MSRV and it updates webpki from 0.21 to 0.22. So the problem is also related to semver breaking changes. That's a separate...

> 1.61 is fine, rustls has 1.64, I need 1.63 (Debian stable) *ring*'s and webpki's MSRV is 1.61. If you are running into MSRV problems, they are probably elsewhere. Thanks...

Please take the rustup discussion to the rustup issue tracker.

I updated the issue title since v3 and v4 have already shipped, so asking for a new v3 doesn't make sense.

Some comments on the fix: * The comment says "On AMD processor families < 0x17." I don't have enough direct information on the matter but I think BoringSSL excludes some...

> At the moment I can't really say I have strong requirements for a version. To actually be useful without a libc it definitely needs to rely on more modern...

> I'm interested in this. It's important to reference specific git commits as that's really more secure than signatures, although maybe signatures offer greater convenience. You don't need to do...

Perhaps the mechanism I suggest in issue #210 would be useful here, since the user would use their normal `cargo bench` command instead of `cargo dinghy bench`.