I run into this every now and then. I pin to OpenSSL 0.7 in my Cargo.toml because I always seem to have some dependency stuck on 0.7.14. It doesn’t look like I’m alone with this problem when I look at crates.io. From a quick glance it seems like ~90% of the OpenSSL downloads are for 0.7.14.
So I have two questions:
First, what gives? Is there one common project that is holding this all back or some larger problem?
Second, is there anything we should keep in mind as library developers to keep this from happening to our crates? It looks like the OpenSSL crate has been very busy since 0.7.14, but the community isn’t picking it up. Breaking API changes happen in pre-1.0 libraries, it’s the way of it, but was there anything that could have made to help the community move forward to the new version?