On 12/30/25 7:27 PM, Ali Polatel wrote: > signing yet again. This time, though, I decided to act on it. I wrote > a clean Rust implementation of signify and called it signify-rs[3]. > It uses the same license (ISC) as the reference implementation. Code > is free of unsafes and arithmetic side effects. No proc macros are used > in the code or any dependencies making it static-linking friendly. It's > fairly portable and passes tests on FreeBSD, NetBSD, Linux and Windows. > [...]> > Sharing is caring, so here is the git[5] and CI[6]. CI saves > static-linked signify binaries as build artifacts which gives > an option to quickly test. Enjoy.
> [5]: https://git.sr.ht/~alip/signify > [6]: https://builds.sr.ht/~alip/signify This looks... slightly worrying to me. Is it called "signify" or signify-rs"? I assume the latter is a workaround for the fact that there's already a semi-popular "clean rust" implementation that started life in 2016, which owns the former name: https://crates.io/crates/signify https://github.com/badboy/signify-rs So we have a venerable "signify-rs" repo that provides "signify", and a new "signify" repo that provides "signify-rs". Which one to use? It seems evident given you published as "signify-rs that you're aware of the conflict, at least. -- Eli Schwartz
OpenPGP_signature.asc
Description: OpenPGP digital signature
