doc: Document our current rough-draft policy on Rust dependencies.

* FIXES #25310: https://bugs.torproject.org/25310
2018-03-14 20:59:16 +00:00 · 2018-03-14 20:59:16 +00:00 · f9ccb2543d
parent b069979142
commit f9ccb2543d
1 changed files with 16 additions and 0 deletions
--- a/doc/HACKING/CodingStandardsRust.md
+++ b/doc/HACKING/CodingStandardsRust.md
@ -61,6 +61,22 @@ In general, we use modules from only the Rust standard library
 whenever possible. We will review including external crates on a
 case-by-case basis.

+If a crate only contains traits meant for compatibility between Rust
+crates, such as [the digest crate](https://crates.io/crates/digest) or
+[the failure crate](https://crates.io/crates/failure), it is very likely
+permissible to add it as a dependency.  However, a brief review should
+be conducted as to the usefulness of implementing external traits
+(i.e. how widespread is the usage, how many other crates either
+implement the traits or have trait bounds based upon them), as well as
+the stability of the traits (i.e. if the trait is going to change, we'll
+potentially have to re-do all our implementations of it).
+
+For large external libraries, especially which implement features which
+would be labour-intensive to reproduce/maintain ourselves, such as
+cryptographic or mathematical/statistics libraries, only crates which
+have stabilised to 1.0.0 should be considered, however, again, we may
+make exceptions on a case-by-case basis.
+
 Currently, Tor requires that you use the latest stable Rust version. At
 some point in the future, we will freeze on a given stable Rust version,
 to ensure backward compatibility with stable distributions that ship it.