From 4f218231c7e6f17498960b5cbe6ec5d402219d4d Mon Sep 17 00:00:00 2001 From: "Neal H. Walfield" Date: Fri, 28 Oct 2022 20:59:32 +0200 Subject: openpgp: Document the existence of the sequoia-policy-config crate. - Sometimes it is useful to configure a `StandardPolicy` via a configuration file. - To avoid pulling in a number of additional dependencies, this is implemented in a separate crate, `sequoia-policy-config`. - Document its existence in the `StandardPolicy` documentation to improve its discoverability. - Fixes #941. --- openpgp/src/policy.rs | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/openpgp/src/policy.rs b/openpgp/src/policy.rs index c500247e..7ba1272c 100644 --- a/openpgp/src/policy.rs +++ b/openpgp/src/policy.rs @@ -450,6 +450,19 @@ impl Default for HashAlgoSecurity { /// algorithms is no longer considered safe. Attempts to use an /// algorithm after its cutoff time should fail. /// +/// A `StandardPolicy` can be configured using Rust. Sometimes it is +/// useful to configure it via a configuration file. This can be done +/// using the [`sequoia-policy-config`] crate. +/// +/// [`sequoia-policy-config`]: https://docs.rs/sequoia-policy-config/latest/sequoia_policy_config/ +/// +/// It is recommended to support using a configuration file when the +/// program should respect the system's crypto policy. This is +/// required on Fedora, for instance. See the [Fedora Crypto +/// Policies] project for more information. +/// +/// [Fedora]: https://gitlab.com/redhat-crypto/fedora-crypto-policies +/// /// When validating a signature, we normally want to know whether the /// algorithms used are safe *now*. That is, we don't use the /// signature's alleged creation time when considering whether an -- cgit v1.2.3